SSH Hardening

Here is some code that will add some security to your /etc/sshd_config file:

  • Enable X11Forwarding
  • Force Version 2 of the protocol
  • Disable all the usual RHosts garbage
  • Disable root logons
  • Disable the use of empty passwords

Copy the code below to a text file and make it executable then run it using the sudo command. Remember to restart your SSH service after the changes have been made.


#!/bin/sh
SSH_DIR=/etc/ssh
# unalias cp rm mv
cd $SSH_DIR
cp ssh_config ssh_config.tmp
cat $SSH_DIR/ssh_config.tmp | grep -v Protocol | sed ‘$a\\nProtocol 2’
> $SSH_DIR/ssh_config
rm ssh_config.tmp
cp sshd_config sshd_config.tmp
awk ‘/^#? *Protocol/ { print “Protocol 2”; next };
/^#? *X11Forwarding/ \
{ print “X11Forwarding yes”; next };
/^#? *IgnoreRhosts/ \
{ print “IgnoreRhosts yes”; next };
/^#? *RhostsAuthentication/ \
{ print ” RhostsAuthentication no”; next };
/^#? *RhostsRSAAuthentication/ \
{ print “RhostsRSAAuthentication no”; next };
/^#? *HostbasedAuthentication/ \
{ print “HostbasedAuthentication no”; next };
/^#? *PermitRootLogin/ \
{ print “PermitRootLogin no”; next };
/^#? *PermitEmptyPasswords/ \
{ print “PermitEmptyPasswords no”; next };
/^#? *Banner/ \
{ print “Banner /etc/issue.net”; next };
{print}’ sshd_config.tmp > sshd_config
rm sshd_config.tmp

Setting up a Non-Root User on Backtrack 4

Traditionally one of the most dangerous practices surrounding UNIX is using the root account as your normal user account. This is the default under Backtrack and here’s how to fix it so you only use Root when you need to:

1. Open a Konsole session.

2. Type: adduser username.

3. You will be asked a series of questions along with setting your password.

4. Once the account is created, type: cp -rf /root/.kde* /home/username.

6. Type: chown -R username:username /home/username to overwrite any of root’s perms that may have copied over.

5. Edit the /etc/group file with your editor of choice and add username to the admin and audio groups.

6. Logout and back in with the new account and you should be good to go.

Step #4 will copy all of the application menu’s that have links to the Backtrack programs so you don’t loose them. Enjoy.

Turbo Mode SSH Logins

If your like me and have to logon to multiple Linux/UNIX systems by means of SSH, manually entering a password for each logon session can be a pain. The procedure below will enable you to run all of your SSH sessions password free.

We will use what is termed as public-key SSH authentication and the first thing that we need to do is to generate our public/private keypair. Open a shell prompt and type in the command:

$ ssh-keygen -t rsa

This will produce the output of:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/monk/.ssh/id_rsa):

Just press through all of the prompts. This creates two files, ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. To use this keypair on a server try this:

$ ssh server “mkdir .ssh; chmod 0700 .ssh”
$ scp .ssh/id_rsa.pub server:.ssh/authorized_keys2

You will be prompted for your password after each command and you’ll need to substitute “server” with the actual hostname of the system that you want to connect to. After running these two commands you will not be prompted for a password.

There have been security concerns raised over the safety of this, but you have the same problem with passwords. Someone would have to compromise your account and gain access to your private key. I would also recommend incorporating a mandatory access control system on the private key such as Apparmor or SELinux, but that will be the subject of another post.

Death is not Natural

City of God – Book 13 – Part 6

Of the evil of death in general, considered as the separation of soul and body
Wherefore, as regards bodily death, that is, the separation of the soul from the body, it is good unto none while it is being endured by those who we say are in the article of death. For the very violence with which body and soul are wrenched asunder, which in the living had been conjoined and closely intertwined, brings with it a harsh experience, jarring horridly on nature so long as it continues, till there comes a total loss of sensation, which arose from the very inter-penetration of spirit and flesh.

And all this anguish is sometimes forestalled by one stroke of the body or sudden flitting of the soul, the swiftness of dying which with violently painful sensation robs of all sensation, yet, when it is piously and faiithfully borne, it increases the merit of patience, but does not make the name of punishment inapplicable. Death, proceeding by ordinary generation from the first man, is the punishment of all who are born of him, yet, if it be endured for righteousness’ sake, it becomes the glory of those who are born again; and though death be the award of sin, it sometimes secures that nothing be awarded to sin.

I frequently hear non-Christians say something to the effect of death, “Death is the natural process of life. We are born, we live, and then we die. That is just how the cycle of life works.” What I hope to show by the apologetic of Augustine who is using the foundation of the Scriptures, is that there is nothing natural in relation to death, but is the result of the curse of the fall of our first parents(Gen 3:17-19). We can see by the exposition above provided by the great church father Augustine, that he describes the various pains involved in the strokes of death that will afflict us both. By both I mean both the elect and the reprobate. Notice the union between body and soul that is destroyed at the onslaught of death. Before they were knit together like a fish in water, similar to the union between man and life, apart from being grafted into Christ all is lost.

The second paragraph to Augustine’s exposition is the hope that all those redeemed by Christ have and there can even be peace in the midst of the bonds of death for the Christian. For only for the Christian has our eternal mediator destroyed him who had the power over death(Heb 2:14).

The Word of God: Its two parts — the Law and the Gospel

By Theodore Beza (1519-1605)

That which we call The Word of God: Its two parts — the Law and the Gospel

On this subject we call the “Word of God” (for we know well that the Eternal Son of God is also so named) the canonical books of the Old and New Testament; for they proceed from the mouth of God Himself.

We divide this Word into two principal parts or kinds: the one is called the “Law”, the other the “Gospel”. For, all the rest can be gathered under the one or the other of these two headings.

What we call Law (when it is distinguished from Gospel and is taken for one of the two parts of the Word) is a doctrine whose seed is written by nature in our hearts. However, so that we may have a more exact knowledge, it was written by God on two Tables and is briefly comprehended in ten commandments. In these He sets out for us the obedience and perfect righteousness which we owe to His majesty and our neighbours. This on contrasting terms: either perpetual life, if we perfectly keep the Law without omitting a single point, or eternal death, if we do not completely fulfil the contents of each commandment (Deut. 30:15-20; James 2:10).

What we call the Gospel (“Good News”) is a doctrine which is not at all in us by nature, but which is revealed from Heaven (Matt 16:17; John 1:13), and totally surpasses natural knowledge. By it God testifies to us that it is His purpose to save us freely by His only Son (Rom. 3:20-22), provided that, by faith, we embrace Him as our only wisdom, righteousness, sanctification and redemption (1 Cor 1:30). By it, I say, the Lord testifies to us all these things, and even does it in such a manner that at the same time he renews our persons in a powerful way so that we may embrace the benefits which are offered to us (1 Cor 2:4).

The similarities and the differences between the Law and the Gospel

We must pay great attention to these things. For, with good reason, we can say that ignorance of this distinction between Law and Gospel is one of the principle sources of the abuses which corrupted and still corrupt Christianity.

The majority of men, blinded by the just judgement of God, have indeed never seriously considered what curse the Law subjects us to, nor why it has been ordained by God. And, as for the Gospel, they have nearly always thought that it was nothing other than a second Law, more perfect than the first. From this has come the erroneous distinction between precept and advice; there has followed, little by little, the total ruin of the benefit of Jesus Christ.

Now, we must besides consider these things. The Law and the Gospel have in common that they are both from the one true God, always consistent with Himself (Heb. 1:1-2). We must not therefore think that the Gospel abolishes the essence of the Law. On the contrary, the Law establishes the essence of the Gospel (Rom 10:2-4); this is what we shall explain a little further on. For both set before us the same God and the essence of the same righteousness (Rom 3:31), which resides in perfect love to God and our neighbour. But there is a great difference in these points which we shall touch on, and especially concerning the means of obtaining this righteousness.

For, in the first place, as we alluded to before, the Law is natural to man. God has engraven it in his heart from creation (Rom 1:32; 2:14,15). When, a long time afterwards, God made and exhibited the two Tables of the Law, this was not to make a new law, but only to restore our first knowledge of the natural law which, because of the corruption of sin, was little by little becoming obliterated from the heart of man (Rom 7:8-9). But the gospel is a supernatural doctrine which our nature would never have been able to imagine nor able to approve without a special grace of God (1 Cor. 1:23; 2:14). But, the Lord has revealed it, firstly to Adam shortly after his sin, as Moses declares (Gen 3:15), afterwards to the patriarchs and the prophets in increasing degrees as seemed good to Him (Rom 1:2; Luke 1:55,70), until the day in which He manifested Jesus Christ in Person. It is He who has clearly announced and accomplished all that is contained in the Gospel (John 15:15; 6:38). This Gospel God still reveals today and will reveal it until the end of the world by the preaching instituted in His Church (John 17:18; Matt 28:20; 2 Cor. 5:20).
Continue reading

Directions for Hating Sin

Richard Baxter

Direct. I. Labour to know God, and to be affected with his attributes, and always to live as in his sight.—No man can know sin perfectly, because no man can know God perfectly. You can no further know what sin is than you know what God is, whom you sin against; for the formal malignity of sin is relative, as it is against the will and attributes of God. The godly have some knowledge of the malignity of sin, because they have some knowledge of God that is wronged by it. The wicked have no practical, prevalent knowledge of the malignity of sin, because they have no such knowledge of God. They that fear God will fear sinning; they that in their hearts are bold irreverently with God, will, in heart and life, be bold with sin: the atheist, who thinks there is no God thinks there is no sin against him. Nothing in world will tell us so plainly and powerfully of the evil of sin, as the knowledge of the greatness, wisdom goodness, holiness, authority, justice, truth, &c. of God. The sense of his presence, therefore, will revive our sense of sin’s malignity.

Direct. II. Consider well of the office, the bloodshed, and the holy life of Christ.—His office is to expiate sin, and to destroy it. His blood was shed for it: his life condemned it. Love Christ, and you will hate that which caused his death. Love him, and you will love to be made like him, and hate that which is so contrary to Christ. These two great lights will show the odiousness of darkness.

Direct. III. Think well both how holy the office and work of the Holy Ghost is, and how great a mercy it is to us.—Shall God himself, the heavenly light, come down into a sinful heart, to illuminate and purify it? And yet shall I keep my darkness and defilement, in opposition to such wonderful mercy? Though all sin against the Holy Ghost be not the unpardonable blasphemy, yet all is aggravated hereby.

Continue reading