Automating VirtualBox Snapshots

biblical_apologetics_degree_wideI depend a lot upon VirtualBox for my security-related research and testing. That being the case I make a lot of changes to my VirtualBox VM’s and losting a given state and not being able to rollback to last known good state would be very bad. Yes, you can take snapshots manually via the GUI or even by the means of the CLI. When you have over 20 VM’s that you manage this can be pain in the butt.

This is where scripting comes in, so I built some simple Bash scripts to automate this process and have it run hourly via Cron.

 

 

The first script simply outputs to STDOUT a list of all the VirtualBox VM’s in the system:

vboxmanage list vms 

This will simply produce the name and registration number of each VM you have defined on the system.

Now to automate the snapshot process we simply craft something like:

for i in `vmlist | awk '{print $1}' | perl -pi.orig -e 's/\"//g'`
   do
      echo "Creating snapshot for $i"
      vboxmanage snapshot $i take $i-`date +%Y%m%d%H%M%S`
   done

This will create a snapshot for each VM with the snapshot name of each VM followed by a date/time stamp. Put this script in your crontab and your good to go.

Ubuntu – Distribution Agnostic Virtualbox Auto-Install Script

Just threw together a very simplistic shell script that will:

1. Add the Virtualbox repository to /etc/apt/sources.list and will automatically build it by pulling the “Codename” variable from ‘lsb_release’.

2. Download and install the GPG key associated with the Virtualbox repository.

3. Perform an ‘apt-get update’ and install Virtualbox with no prompts.

You can checkout the code from the Github below and the script is ‘build_vbox’.

git@github.com:jandrusk/build-scripts.git

Emacs – Working with Regions

In this weeks segment on Emacs wizardry let’s learn some of the basic commands for working with regions of text so you can move around your Emacs region faster than Blackberry’s are forgotten about.

Keystrokes Command Name Action
C-@ or C-SPACE set-mark-command Mark the beginning (or end) of a region.
C-x C-x exchange-point-and-mark Exchange location of cursor and mark.
C-w or SHIFT-DELETE kill-region Delete the region
C-y or SHIFT-INSERT yank Paste most recently killed or copied text.
ESC-w or C-INSERT kill-ring-save Copy the region.
Esc-h mark-paragraph Mark paragraph.
C-x C-p mark-page Mark page.
C-x h mark-whole-buffer Mark buffer.
ESC-y yank-pop After C-y, pastes earlier deletion.

Linux PAM Resources

Pluggable authentication modules (PAM) are a mechanism to integrate multiple low-level authentication schemes into a high-level application programming interface (API). It allows programs that rely on authentication to be written independent of the underlying authentication scheme. PAM was first proposed by Sun Microsystems in an Open Software Foundation Request for Comments (RFC) 86.0 dated October 1995. It was adopted as the authentication framework of the Common Desktop Environment. As a stand-alone infrastructure, PAM first appeared from an open-source, Linux-PAM, development in Red Hat Linux 3.0.4 in August 1996. PAM is currently supported in the AIX operating system, DragonFly BSD,[1] FreeBSD, HP-UX, Linux, Mac OS X, NetBSD and Solaris.

Below is a list of good resources related to PAM that you can use to improve your Linux security model.

Linux PAM Admin Guide

NetBSD PAM Guide

Nice PAM Tutorial

Redhat Reference for PAM Modules

PAM Manual

Ubuntu 11.10 – Static IP Address Problems with DNS

I had purchased an uberiffic desktop PC from System76 a few months ago and set it up with a static IP address along with a dynamic DNS name to access from the Internet. Prior to upgrading to Ubuntu 11.10 it had worked flawlessly. After upgrading, all of sudden DNS look ups failed. I searched all the usual places such as Ubuntu forums, mailing lists, and just good old fashioned Google queries. There were a few suggestions none of which worked for me.

Than finally I realized that sometimes the simplist solutions are the most effective so I dropped to a Terminal session and ran:

sudo apt-get remove network-manager network-manager-gnome

Updated my /etc/resolv.conf with Google’s public DNS nameservers, rebooted, and automagically it worked!

How to Install Firewall Builder 5 In Ubuntu


Firewall Builder is a GUI application that allows you to create sophisticated firewall rules. Currently only version 4 is available in the Ubuntu repositories, so here is how to install version 5 in Ubuntu:

1. From a Terminal window type: wget http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc -0- | sudo apt-key add - 

2. Add the line deb http://packages.fwbuilder.org/deb/stable/ VersionName contrib
   Where VersionName is the string of your Ubuntu version such as natty. 

3. From a Terminal window type: sudo apt-get update

4. From a Terminal window type: sudo apt-get install fwbuilder

Linux Foundation Breach

I was actually browsing through the Freedombox site to look at the project and when I clicked on one of the links to the Linux Foundation I received the breach notification that now reads (Condensed Version):

“Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.”

They make the statement of “..security best practices”. If they were using security best practices should they have been breached to begin with? My hope is if and when they discover what happened is that in the interest of Open Source is that they would offer full-disclosure on the details of the incident so the Linux community can learn from the mistakes that appears to have affected kernel.org and now the Linux Foundation.

What I find interesting is that as a result of the kernel.org breach, Linux Torvalds has moved the Linux Kernel project to GitHub. So I’m wondering what assurance Linus feels that GitHub will give him that kernel.org could not? It really comes to is that they have not been breached yet.

Top 5 Books for the UNIX Security Geek

Here is Justin’s top 5 UNIX security books.

Title Author ISBN
Practical UNIX and Internet Security Garfinkel and Spafford 1-56592-148-8
UNIX System Security David Curry 0-201-60640-2
The UNIX Programming Environment Kernighan and Pike 0-13-937681-X
UNIX & Linux System Administration Handbook Nemeth et al 0-13-151051-7
Building Internet Firewalls O’Reilly and Assoc 1-56592-124-0