Software Archive

http://user.xmission.com/~hidden/aatqos/

Using tcpdump, Snort, sec, and policing to programatically rate limit connections for the improvement of call (or other delay-sensitive application) traffic.

Be the first to comment

Tacacs + AD + CentOS = FREE | packetroute

Posted October 21, 2013 By Landis V

http://packetroute.wordpress.com/2012/12/12/tacacs-ad-centos-free/

Pretty complete guide to getting Marc Huber’s tac_plus set up on a CentOS box. Need to give this a shot in an LXC container at some point.

Be the first to comment

Pogo unit as headless barcode scanner

Posted October 13, 2013 By Landis V

Now that I have a couple of Pogo devices up and running with at least a basic Linux OS, I’m starting to think about getting one of them running as a headless USB barcode scanner.  I installed usbutils on the Pogo (‘sudo apt-get install usbutils’) and am able to view its details with a ‘lsusb’, especially followed by a ‘lsusb -v -s <busnum>:<devnum>’.   I’d like to set up a (probably Perl, though I really do need to at least tinker with Ruby at some point) script to “listen” to the scanner and receive any input from it (i.e., barcode data it has scanned).  The script would then determine what to do with that data based upon a database lookup.  Scanning of grocery items, for example, might add them to an inventory for updating, while scanning of the serial number barcodes on my Black & Decker Matrix 20V Lithium batteries could trigger an entry that a particular battery serial number was charged on a particular date (so I can make sure they are charged periodically as per the user guide).

Some references from my initial research this evening:

Be the first to comment

Revisiting the POGO-E02 for ownCloud and storage

Posted October 4, 2013 By Landis V

In a recent post, I reconfigured one of my POGO-E02 devices to run Linux (also in a much older post, but I intend to go back and revisit that device with the updated process at some point).  I have reccently replaced my laptop (OfficeMax had a pretty impressive flash sale on a Gateway with an AMD quad core, and huge kudos to the OfficeMax in Kearney, NE for taking care of the customer incredibly well when the one I initially picked up had a dead left mouse button and a dead F10 key out of the box… literally zero hassle getting it replaced, great job to that team).  Unfortunately the old laptop is still sitting on the desk next to the new one, soaking up space I don’t have.  I need to make sure I have everything I’ve done on it in the past year and a half or so saved off and duplicate backup copies, as there are a couple of videos I’ve stored on there that are simply irreplaceable.

Time to get back into storage.  I like my Dropbox (you should definitely sign up here if you don’t already have an account) and I recently got some additional temporary space when I bought my Samsung Galaxy S3, but my space is otherwise full and I won’t pay for more.  I think ownCloud, an older version of which I reference briefly in the second linked post above, will prove quite suitable for this, especially in conjunction with my personal CA.

I brought my Linux-ified Pogo back online and hooked up a Seagate external drive I’ve had sitting around and been meaning to hook up for quite a while.  I hooked it up to the Pogo unit and it was recognized as sdb.  From there, I performed the following (as root) to create two, 1TB partions on the drive:

apt-get install parted
#confirm installation when prompted
parted -a optimal /dev/sdb
rm 2
rm 1
mkpart
#Answer prompts with label=OwnCloud, type=ext4, start=0%, end=50%
mkpart
#Answer prompts with label=Storage, type=ext4, start=50%, end=100%
quit
mkfs.ext4 /dev/sdb1
#I only created the OwnCloud partition at this time in the interest of saving time.
#Perform a similar command for sdb2
mkdir /mnt/owncloud
#Should edit /etc/fstab and add a line similar to the following for perpetuity:
#/dev/sdb1 /mnt/owncloud ext4 rw,relatime,data=ordered 0 0
#I did, and then rebooted to make sure everything came up/remounted as expected

From there, I proceeded with the installation of ownCloud on Debian as per the instructions on the site.  I followed the link for Debian Linux, verified my version (cat /etc/debian_version) – I am on 7.1 so followed the 7.0 instructions with a few verifications.

echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_7.0/ /' >> /etc/apt/sources.list.d/owncloud.list
apt-get update
#Received the following error here:
#W: GPG error: http://download.opensuse.org Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 977C43A8BA684223
#Added the following steps, per http://en.kioskea.net/faq/809-debian-apt-get-no-pubkey-gpg-error
gpg --keyserver pgpkeys.mit.edu --recv-key 977C43A8BA684223
gpg -a --export 977C43A8BA684223 | apt-key add -
#Reran update to verify
apt-get update
#Success! I then noticed they had an equivalent answer in the next step :/ Oh well.
apt-get install owncloud
#Accept dependencies

Once installation completed, I opened a browser to the owncloud URL on the Pogo at http://<pogo_ip>/owncloud.  Because I intend to make my access seamless whether I’m at home or connecting from the Internet at large, I have a few tricks I need to do yet.  But first I finished up the basic configuration.  I created my administrator account and password, hit the Advanced button and set my data directory to the /mnt/owncloud/data directory using the mountpoint I had created previously.  The database was set at SQLite, so I left it for the time being.  After submitting, I thought to check and found that there was an existing “data” directory in /var/www/owncloud with ownership www-data:www-data and ug+rwx, so I created a /mnt/owncloud/data directory with the same ownership and permissions.  After refreshing the initial page and setting the final config again, things seemed to load properly this time around.

I set up a WebDAV connection from the Dolphin file browser and started transferring some of the files from the Linux laptop per the user manual.  I experienced problems transferring a few of these files and remembered something about large file support, so I went back and took a look into that.  The default max size looks to be 800MB and I didn’t have anything beyond that, so I tried a reboot; it took a long time to complete, but it seemed to work.  I backed up the remaining files I had planned on, shut down the old laptop, and was able to get it out of the way.

I downloaded the Windows client on the new laptop and installed it.  When installation was complete, I took a moment to pause and reconfigure a few things.  As I plan to partially expose the ownCloud instance to the Internet and have it accessible from my smartphone, one of my first goals/low hanging fruit items for protecting it from a large chunk of port scans, hacks, and exploits is to change the web service to run on a non-default port number.  I could simply do this externally, but then I would have to change my client settings whenever I was on my wifi connection.  So instead I referenced changing the port number in Apache.  I’ve done this a few times in the past, but I decided I would like to also maintain the ability to serve some pages on the standard HTTP port if I so decided later.  I edited /etc/apache2/ports.conf and added an entry for my non-SSL port directly below the “Listen 80” directive, and for my SSL ports within the <IfModule mod_ssl.c> and <IfModule mod_gnutls.c> sections below the “Listen 443” directives in each of those sections.  Rather than edit the “default” site file, I created a new site file at /etc/apache2/sites-available/owncloud, similar to the following.  The port numbers and DNS names referenced are purposefully invalid as I’m not trying to create a honeypot; modify them appropriately for your configuration.

        #unfortunately this isn't pasting correctly, so parts are missing.
        #Too late in the day for me to fix right now.
        ServerName owncloud.example.com
        DocumentRoot /var/www/owncloud
        ServerAdmin me@example.com

                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

        #ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        #<Directory "/usr/lib/cgi-bin">
                #AllowOverride None
                #Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                #Order allow,deny
                #Allow from all
        #

        ErrorLog ${APACHE_LOG_DIR}/ownclouderror.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

In the future I will also be creating an owncloud-ssl file in the same directory. This will definitely happen before I configure any phone synchronization over the public Internet.  After restarting the apache service, I was able to access the ownCloud instance via http://owncloud_ip:newport#.  I have a bit of DNS work to do on my router to make the naming work universally, from the Internet or my LAN.  May document it up if there is any interest.  I would have to say this install was pretty slick and that I’m likely to pay for the client for my Android.

1 Comment. Join the Conversation

Metasploit reading

Posted September 27, 2013 By Landis V

Metasploit Unleashed

Metasploit: The Penetration Tester’s Guide by David Kennedy

Be the first to comment

Couple of things to note today

Posted September 25, 2013 By Landis V

Kali Linux – successor to BackTrack – http://www.kali.org/

Should probably spend some time playing around with Ruby a little bit.

DbVisualizer – looks very handy for quick analysis of databases – http://www.dbvis.com/

Be the first to comment

Adding search functionality

Posted September 19, 2013 By landisv1

I finally got around to adding search functionality to this blog, for whatever it’s worth.  I think my categorization makes it fairly simple, but there are probably a few benefits from having it on the site – so hopefully you find it helpful.  I ended up using the method documented here and changing my permalink settings… which I hope I don’t end up regretting.  Definitely still have some clean-up to do, but it’s a start and got me the information I needed at least.

Be the first to comment