Linux Foundation Breach

Posted on September 14, 2011 by jra

I was actually browsing through the Freedombox site to look at the project and when I clicked on one of the links to the Linux Foundation I received the breach notification that now reads (Condensed Version):

“Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.”

They make the statement of “..security best practices”. If they were using security best practices should they have been breached to begin with? My hope is if and when they discover what happened is that in the interest of Open Source is that they would offer full-disclosure on the details of the incident so the Linux community can learn from the mistakes that appears to have affected kernel.org and now the Linux Foundation.

What I find interesting is that as a result of the kernel.org breach, Linux Torvalds has moved the Linux Kernel project to GitHub. So I’m wondering what assurance Linus feels that GitHub will give him that kernel.org could not? It really comes to is that they have not been breached yet.

Top 5 Books for the UNIX Security Geek

Posted on September 5, 2011 by jra

Here is Justin’s top 5 UNIX security books.

Title	Author	ISBN
Practical UNIX and Internet Security	Garfinkel and Spafford	1-56592-148-8
UNIX System Security	David Curry	0-201-60640-2
The UNIX Programming Environment	Kernighan and Pike	0-13-937681-X
UNIX & Linux System Administration Handbook	Nemeth et al	0-13-151051-7
Building Internet Firewalls	O’Reilly and Assoc	1-56592-124-0

Fedora Instrastructure Compromised

Posted on January 26, 2011January 26, 2011 by jra

The Fedora Infrastructure was recently compromised. Hopefully they secured the systems using the CIS Redhat Linux hardening guide.

Installing Nmap from SVN on Ubuntu 10.10

Posted on November 18, 2010 by jra

If you are an Ubuntu user and simply cannot wait to get the latest nmap features, follow the procedure below. Throw this into a file and call it, ‘build_nmap’ and copy it to the /etc/cron.daily directory and you will have a daily build of the latest and greatest version of nmap.

P.S. The same procedure will also work for you Backtrack geeks.

1. Open a shell terminal.

2. svn co –username guest –password “” svn://svn.insecure.org/nmap/.

3. cd nmap

4. ./configure

5. make

6. sudo make install

US-CERT Has More Holes Than Swiss Cheese

Posted on September 15, 2010 by admin

This just in….US-CERT found to have plethora of security holes in their network. End of the world predicted in a matter of days.

My PGP Public Key

Posted on August 25, 2010 by admin

For those of you actually know what encryption is and how to use it, here’s my public key to send secure transmissions.

—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.10 (GNU/Linux)

mQINBEx0a1MBEADLUM0L68NzlwJ+TWDKLhAcxPpf07qjW9uEkRVilCiUFreGzBUr
XyKjIFo4KncFesVME9vfS67ODH4iWyjch1hjNKkgJf43f8hwN+mFntIyv0gv6V/n
4MV13i9oHv3JhmpkoZRMxeIbV9yt9mwtQLcw84TohX+r3NMYDut8MrKSgnmSi7ET
DU5wqKG/6jsUlJgKJ82x4666pVgzSbSMYxmcHdkGKCzMJvBpO1hqc8tieON8BDs7
RIkUWmacNwW1Pb2ovrZBYKbVdSccHM/pc8Jd2kEhan8HZT8G6fnIjTb4ESzrE+GX
XpTgorHBWgUYjGKvGx7rqd1sQvyBw+oO4cjpve7eRi2LdJ64u5TifZ5Yo5fYyw2J
e+hk/clBqZhcHR9mnE5ch6oBjA/RjFq+K/qFWHQLJ8wblORnlE6iFq1edvAHEDDM
PxXXiUCAqBab3iVRKHrF9hKaIRO7ObNmvDzurUbTlv8Ii9yXXxENNnJlNbKOVw92
0DTB+IkvhxlXHnjPjU20fAM3cFDi7JQNnC4fxrAJ7iiqRBqFKDqLDkBITuGK6Tqw
WrYAsbAcIvtG/RLzEDThTFCu3CDNTvQZDYuj0GkuFTEvSsZ5+Z/x7noIFfAaIwV2
fvq8/EKYWmmwcp9vaHf1xOc5TYp6hrN0fHAoOQ4wJG3RyQUY8dA/Yye6hQARAQAB
tDZKdXN0aW4gUi4gQW5kcnVzayAoR2VlayBhdCBMYXJnZSkgPGphbmRydXNrQGdt
YWlsLmNvbT6JAjgEEwECACIFAkx0a1MCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheAAAoJEPP6QLl31M4959AP/0PcLBTJHsQKZr7Xf74OOeQC/Pbg6WQbCvYenQON
rpfQFeHsK3NV7883ekD4yp+o5H2xuL94xtBAw2izfszl8wg/UmR5XYLlf9noUY+q
NSOi7OKidRorJUdtJFBEpyxjItQWKo+xI5+WnrGap3Qb7ZFIbCuCVYRky2rzH29j
a4FQYT1hWZrxaUGEjDwNytD9Vk35ojNaTp0DrSazIgXYJt6gIE3cYmTtJgBRovxZ
tDexa/RCOLog7rsrCZMjYet1FgjKEa8Ls3GII/MD2yaXWMT+DpMcFgWcxveOkRwt
2IZJb4J/9YrcQKfiexkVWe/GH++jKeLMb6yIhVc7SlOrNuj+UuqHZaDfm40ZFOvs
+++Z49kd+z01h63oa/6Rr8d+uX7ASuENckUvXeZeakMBWSGvJHry/9VCXeh327F/
wGf3MulNAz9ASNUE3LkbOwQKLmLEWs0EjMr77M0enKDZcIi0a+yyhIQBX2Qcmxaf
JDt1X6TNHoQZrFJ/zDxBFSS6T9kmw8qRQJ4G09ehs5fujIUL1V31cLKETnwd8rFm
hE1kHk+Lf8zPTi/h4NZqyyIwrWi2OTGpOOBU1VYnAXrvz0FSPtxJP8I0DyJDjlhD
d3mZ1abFHDlTgwfBUjMN61ItlZ9bQdxsoMwS8brlGLKuTIWC0ji+SeOkO4d21APH
Y+hGuQINBEx0a1MBEADOOUHN+gg6alFJ7/vIf0tAT8rzgDoT5+q0HwwvZAJAH9TO
JXLSpIfCTqLKt3RlkDVnEqr14c1Da1FRPhsWuhbTRQoDHVR3hz7H6m/aFK9Oz7+d
wxZ7wU74baRiLHqPb9samrLOWcywUa216MkfoR2nMsjS5XjBLAQY0LCo/sB9zj6x
EcrKsfDyCS8m/7Cb0+wOcbhTLw1NMXfXyaQ5lrUCkClE5nTcP6Lbeha6FRJzGwBT
LZWNN4FfP5NbBuGeeMCBoRxEKqSilvkQSWkgrQ1+HFVFYgv5uozCk7zY5hQhz1ks
y5icAe87zMeK2dcHMSBneomHYOWIKfVc8pL3oyuJncpVFoyzFcuHWnOZnHD92f2Q
w3iAbJGmERNE/a4VMwig5A/6Swh/VRVehylqtgLaCOoMrO1lsT2KFtxPkE+XE+uf
9SNutqv+QrIBI5VXIxt2d3/GfPh9T2ItJ7LBljN7ZBnD5vaciLya15VTvFwMpLEo
YN8mdWPKLBW1iKyNwY7a3TBrHLgOxrdeYCjf9e+gePVLO6xs2DOR7Xy6gFvmbb1V
0h1b72zqgv/AS4RMtxcU9/G9f5CPhz9o2Hc/un1J0b/ypLdA0Fgj4RC8WYs6qw8K
hOe5YXEdd0jnDnDBulhNEvt6Eb9mib9JBR3Sgq47e9zq3e7NK0jmYGpuSp1KJwAR
AQABiQIfBBgBAgAJBQJMdGtTAhsMAAoJEPP6QLl31M49ZKkQAJnVAOOeHAey5qBo
xzfgSOSr9905gTITPvkpz10cFBBDNKSovu//7mQaCjHsByVr9YB2uzsWX8b4T//D
9y7INxFaFOi3dBeshTytpRJtUVanJve8XzEYlbQgND+DoCzAZJutCwuw+srd0DUt
QOG/YNlLhR8e661f5jQSMeJdiCM1aEiVWqiNWFbyBMm1BqEYpL75DcI2SvVdxKI4
a1wQ+sgHzaTx/kUcKztff2xCCW9UOJBHbNSZhq+MS/Ck3esD8cLp8tBO3FrQeoUk
naEl4uqGm742W/5NaefWg2MbeMdVYRM2a34NGZatkMXB/TxSbd+NoPRZRyFuSh3H
ZHUDwwB4cQ7+oY/Ed86surLccsAylSbJKa5mB6ObccLGt8WvLW8LLPXuqyKfbYoO
AqJwoWYtrvmYkIjienyDR6djSE1ofuHGax166iz2BhPBCyAcq2mnKjPlN3r/ue8M
NTjKupyk4PVNfu5MYbAa3fkO+uDmRIGxqHnJutq495TUE/nzkEVIiwwDsVK5STLW
TyVcsJ0S+BCQF4spJm+HW5iowxROaMJGdLSZG1C0DfD42kkT8NyglRhvaXdXpWMm
n8U6tf0FZFJHQ11VYdKm24pIMnDx+UUBXqwTCfidqpx8b/8Zws6T90BHStjDFRgE
inkOmAmYDXpVZJwQksZo/RJIRjmQ
=FBLv
—–END PGP PUBLIC KEY BLOCK—–

SSH Hardening

Posted on July 29, 2010 by admin

Here is some code that will add some security to your /etc/sshd_config file:

Enable X11Forwarding
Force Version 2 of the protocol
Disable all the usual RHosts garbage
Disable root logons
Disable the use of empty passwords

Copy the code below to a text file and make it executable then run it using the sudo command. Remember to restart your SSH service after the changes have been made.

#!/bin/sh
SSH_DIR=/etc/ssh
# unalias cp rm mv
cd $SSH_DIR
cp ssh_config ssh_config.tmp
cat $SSH_DIR/ssh_config.tmp | grep -v Protocol | sed ‘$a\\nProtocol 2’
> $SSH_DIR/ssh_config
rm ssh_config.tmp
cp sshd_config sshd_config.tmp
awk ‘/^#? *Protocol/ { print “Protocol 2”; next };
/^#? *X11Forwarding/ \
{ print “X11Forwarding yes”; next };
/^#? *IgnoreRhosts/ \
{ print “IgnoreRhosts yes”; next };
/^#? *RhostsAuthentication/ \
{ print ” RhostsAuthentication no”; next };
/^#? *RhostsRSAAuthentication/ \
{ print “RhostsRSAAuthentication no”; next };
/^#? *HostbasedAuthentication/ \
{ print “HostbasedAuthentication no”; next };
/^#? *PermitRootLogin/ \
{ print “PermitRootLogin no”; next };
/^#? *PermitEmptyPasswords/ \
{ print “PermitEmptyPasswords no”; next };
/^#? *Banner/ \
{ print “Banner /etc/issue.net”; next };
{print}’ sshd_config.tmp > sshd_config
rm sshd_config.tmp

Setting up a Non-Root User on Backtrack 4

Posted on July 8, 2010 by admin

Traditionally one of the most dangerous practices surrounding UNIX is using the root account as your normal user account. This is the default under Backtrack and here’s how to fix it so you only use Root when you need to:

1. Open a Konsole session.

2. Type: adduser username.

3. You will be asked a series of questions along with setting your password.

4. Once the account is created, type: cp -rf /root/.kde* /home/username.

6. Type: chown -R username:username /home/username to overwrite any of root’s perms that may have copied over.

5. Edit the /etc/group file with your editor of choice and add username to the admin and audio groups.

6. Logout and back in with the new account and you should be good to go.

Step #4 will copy all of the application menu’s that have links to the Backtrack programs so you don’t loose them. Enjoy.

Ubuntu Security Resources

Posted on July 8, 2010 by admin

Ubuntu Security Resources

Ubuntu Unleashed

Ubuntu Geek

This should be enough to get started. I’m currently working on extracting the *.debs from a Ubuntu Security Distro called Protech that can be find at http://www.lifedork.net/protech-ubuntu-based-linux-security-distro.html. I will then post an ISO so that you can add all of the security tools provided without having to re-install your operating system.

NASA Laptops Infected with Virus

Posted on July 8, 2010 by admin

So our overly paranoid friend over at NASA had a virus infected on a couple of astronauts laptops. What makes this even scarier is that it has happened before and they still don’t have these systems loaded with any type of Anti-Virus software. Couple of questions for our engineers at NASA:

Why, why, and why don’t you have AV software installed on these systems? The reponse would most likely be, “Well, they are never connected to the Internet and the laptops in question are not running critical systems.”. Hmmm… I have to think if they are this lazy securing systems that astronauts use, how confident are we that they take security seriously on the more critical systems such as the computers that run the shuttles and the satellites? See the BBC link below for more details.

http://news.bbc.co.uk/2/hi/technology/7583805.stm