Tag Archive for 'Security'

How To: Cisco VPN Client On Ubuntu

Published
by
Tyler
on May 17, 2007
in Internet, Linux, Noteworthy and Open Source
. 183 Comments Tags: , , , , , , , .

IMPORTANT UPDATE, SEE BELOW

So, I installed Ubuntu 7.04 Feisty Fawn beta about 2 months ago. I installed it on my notebook and one of my workstations, both of which had Windows installed previously. I’m not dual booting on those machine, they’re 100% Ubuntu now.

After getting everything setup and running nicely, I realized I had no way of connecting to the Cisco PIX VPN we have at work. This is really important for me to be able to do, my job depends on it. I immediately went to Google and started searching. Turns out a nice fellow named Alexander Griesser has created a patch for the Cisco VPN client. The most recent CIsco VPN client for linux won’t compile with kernels 2.6.19 or newer. There’s really not much of a difference between his instructions and this how-to. However, I’m including more detailed instructions for those who may not be familiar with compiling software on Linux.

Here’s the steps I took to get the Cisco VPN Client to work under Unbutu 7.04 (Feisty Fawn). In all reality, this should work with any version of Ubuntu, not just 7.04. I used this same method to get the Cisco VPN Client working on Ubuntu 8.04. Note: A $ at the beginning of a line signifies a command to be run from the terminal.

  1. Download vpnclient-linux-4.8.00.0490-k9.tar.gz (mirror) to your home directory.
  2. Open a terminal window and untar the vpnclient with the following command:
    $ tar xzf vpnclient-linux-4.8.00.0490-k9.tar.gz
    This will create a new folder called vpnclient in your home directory. Leave the terminal window open, you’ll need it later.
  3. Download the patch (mirror) and save it to the vpnclient folder that was created in step 2.
  4. Go back to your terminal window and move into the vpnclient folder:
    $ cd vpnclient/
  5. Now patch the Cisco VPN source with this command:
    $ patch < vpnclient-linux-2.6.22.diff
  6. Next we actually build the Cisco VPN client, issue this command:
    $ sudo ./vpn_install
    Just hit enter for everything it asks you, the defaults are all OK. You may see lots of warnings, but those are OK.
  7. The VPN client is installed, now we need to start it:
    $ sudo /etc/init.d/vpnclient_init start
  8. Place your .pcf configuration files in /etc/opt/cisco-vpnclient/Profiles/
  9. If your .pcf file is called myVPN.pcf, you’ll connect to the VPN with the following command:
    $ sudo vpnclient connect myVPN


That’s it! You should now be able to connect to your Cisco VPN with the official Cisco VPN client on Linux. This will probably work on pretty much any linux setup, not just Ubuntu.

UPDATE (8/18/2007): Alexander Griesser released a new patch that works with kernel versions 2.6.22 and greater. The new patch is backwards compatible, so it also works with older kernels as well, such as 2.6.10 and 2.6.21. All the download links above point to the newest release of the patch. I’ll continue to update this how-to as he releases new patches.

UPDATE (10/04/2007): Cisco has finally released a new version of their vpn client for Linux. This new version compiles on all the new 2.6.xx kernels without the need for patching! You can download it from Alexander’s site or you can get it right here.

UPDATE (12/29/2007): Alexander Griesser has a new project page for his Cisco VPN client patches. It contains basic usage information and will most likely always have the latest and greatest patch available for download. In addition to that, Alexander has a new patch to make version 4.8.01.0640-k9 of the Cisco VPN Client compile on 64bit systems. Again, you can download the latest Cisco VPN Client for linux from the following link:
http://www.longren.org/downloads/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz

Ubuntu is a far cry from the Microsoft Windows OS that you’re used to. No need to pass the 70-270 or 70-649 exam to understand what’s going on. The Cisco 646-204 and 642-901 exams on the other would get more use with the open source format of this Linux release. Ubuntu is a 220-601 PC builder’s dream come true.

Popularity: 100% [?]

WordPress 2.0.6 Important Security Update

Published
by
Tyler
on January 6, 2007
in Internet, PHP, Personal, Security and WordPress
. Comments Tags: , , , , , , , .

WordPress 2.0.6 has been released. It includes an important security fix for a vulnerability reported by Stefan Esser, developer of Suhosin, an advanced protection system for PHP installations.

Head over to the WordPress development blog for more details on the release of WordPress 2.0.6. The development blog also says that 2.0.6 is likely going to be the final release in the 2.0.x series before 2.1 is ready for public consumption. WordPress 2.1 has officially entered beta. I’ve actually been using svn versions of WordPress 2.1 for most of my development on Unwakeable. WordPress 2.1 is gonna rock!

A problem with WordPress 2.0.6 and Feedburner has been discovered. Neosmart has two possible workarounds for the problem. If you use the Feedburner Feed Replacement plugin for WordPress, you may be OK though. I believe that plugin does the same basic thing that workaround #2 does, but I could be wrong.

Also, Unwakeable 1.2 will be out within a week. I know, I know, you’re asking yourself “damn, how many times is he gonna say that?”, I can assure you this is the last time. :) I had more of a rough time getting back into the swing of things at work than I anticipated. Luckily everything decided to break when I got back instead of breaking while I was on vacation. Actually, I may even drop Unwakeable 1.2 tomorrow, depending on how everything goes tonight.

Popularity: 5% [?]

PhishTank Is Here

Published
by
Tyler
on October 2, 2006
in Internet, OpenDNS, Personal and Security
. Comment Tags: , , , , , , , , , , , .

PhishTank launched today. PhishTank is a site designed to make keeping tabs on phishing sites easier. If you come across a phishing site while browsing the web, you’re encouraged to submit the URL to PhishTank.

PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.

PhishTank is operated by OpenDNS. OpenDNS opened their services to the public earlier this year to much fanfare. David Ulevitch and crew have done an amazing job with OpenDNS, I expect the same from PhishTank.

PhishTank does not provide protection against phishing sites, they simple store phishing related data. OpenDNS does protect against phishing though. OpenDNS and PhishTank go hand in hand. OpenDNS blocks access to phishing sites that are in the PhishTank database. Here’s a little piece from the OpenDNS FAQ about reporting phishing sites:

The fight against phishing isn’t just for the banks and big companies to tackle; you can help. Right now, we encourage submission of possible phishing sites via our contact form. Nothing will be blocked unless it’s verified.

Later this summer, we will introduce PhishTank.com, a free community site, with API, which will serve as a collaborative clearing house for data and information about phishing and malware on the Internet.


PhishTank will no doubt prove to be a valuable resource for the internet security community. Now, users of OpenDNS can basically control what sites are deemed “phishing” sites by making use of PhishTank. This was one of the main gripes people had with OpenDNS initially. There was no method to show what sites were flagged as phishing sites. Let there be transparency!

Popularity: 6% [?]

Generate Easy To Remember Random Passwords

Published
by
Tyler
on September 8, 2006
in Internet, Noteworthy, Personal and Security
. Comments Tags: , , , , , , , , .

SafePasswd is awesome. Most random password generators simply generate random combinations of numbers and letters. Those passwords are often very difficult to remember, making it difficult for users to actually put these passwords into use anywhere. That’s where SafePasswd comes into play.

The default “type” of password generated by SafePasswd is an “Easy To Remember” password. These passwords include a pseudo-word, or words comprised of combinations of letters and numbers that resemble actual words found in the English language. It’s pretty neat, and works very well. I could actually memorize a large number of the passwords generated without much trouble. Definitely much easier than remembering 8 or 10 random numbers and letters.

SafePasswd lets you choose how many characters you want your password to be. The longer the better. You can also choose several different “types” of passwords, the default being “Easy To Remember”. The other types of passwords are “Letters (A-Z)”, “Numbers (0-9)”, “Letters & Numbers (A-Z,0-9)”, “All Characters (most secure)”, and finally, “Hex (0-9, A-F)”.

[Via UNEASYsilence]

Popularity: 4% [?]

More SSH Brute Force Protection

Published
by
Tyler
on August 23, 2006
in Internet, Linux, Noteworthy, Personal and Security
. Comments Tags: , , , , , , , , , , , , .

Stopping SSH Brute Force Attacks resulted in some really great comments and suggestions from readers.

So, this is a follow up to the last SSH brute force post. I didn’t realize there was such a wide selection of applications for dealing with this, but there is! The two best looking options in my opinion are Fail2ban and DenyHosts.

I’ve actually started using DenyHosts on two machines now, and it’s working very well. I chose to go with DenyHosts for a very simple reason. Community stats. I love stats.

Anyway, if you’re looking for something to protect against ssh brute force attacks, go with Fail2ban or DenyHosts, they’re still being actively developed. I can’t say the same for Breakinguard, as it appears to have been abandoned about 1 year ago. And like I said, DenyHosts does it’s job extremely well, I couldn’t ask for anything more.

If you’re looking for another solution, try using cryptographic keys instead of passwords. A tutorial on configuring SSH to look for keys instead of passwords can be found here. This was suggested by commenter pwyll.

Oh, and this is the 700th post. yay!

Popularity: 7% [?]

Stopping SSH Brute Force Attacks

Published
by
Tyler
on August 21, 2006
in Internet, Linux, Noteworthy, Personal and Security
. 11 Comments Tags: , , , , , , , , , , , .

A few weeks ago at work, I noticed a bunch of failed login attempts to one of our Linux servers. After doing some investigation, I found that no intrusion had actually been made, which is excellent. Lines similar to this were filling my /var/log/messages log file:

Aug 20 23:31:26 elixer sshd[22526]: Failed password for invalid user alias from 66.166.22.186 port 26217 ssh2

Notice they’re trying to login with the username “alias”, which doesn’t exist on that system. In fact, all the usernames attempted don’t exist, which makes me feel a little safer. Still, I don’t like seeing my boxes actively attacked. So, to stay on top of these breakin attempts, I installed Breakinguard.

Breakinguard basically watches your log file for any failed login attempts. You can set a pre-defined number of attempts that can be executed before breakinguard will block the IP.

The Package itself does a ‘tail -f’ of your syslog, and when it identifies a matching line within your logs, it logs this ‘attempt’. If more than the pre-defined number of attempts from the same IP address are received it triggers the iptables (or any other block method defined) block and also emails you notification.

I’ve never been able to get the configure script to work for me, simply because the perl module installation always fails. So, to get around that I simply installed these perl modules manually and commented out these lines in the configure script:

$PERL -MCPAN -e "install File::Tail"
$PERL -MCPAN -e "install IO::Socket"

Those two lines execute perl and try to install the File::Tail module and the IO::Socket module. After manually installing the perl modules below and commenting out the lines above in the configure script, the configure script should run and do it’s thing without error.

File::Tail
IO::Socket


After the configuration script has run, you should have a couple new files, /etc/breakinguard.conf and /etc/rc.d/breakinguard. Now, the /etc/breakinguard.conf file stores the breakinguard configuration. This is where you tell breakinguard which log file to monitor and how many incorrect login attempts are defined as a breakin.

I’m not going to bother going through all the options in breakinguard.conf, simply because they’re all explained pretty well within the conf file.

The other “new file”, /etc/rc.d/breakinguard is the script used to launch breakinguard. Run “/etc/rc.d/breakinguard start” to start breakinguard.

Once breakinguard is running, it will monitor whichever log file you specified in /etc/breakinguard.conf (/var/log/messages in my case). When it sees a failed login attempt, it will be noted. Now, when an IP fails a certain number of logins, iptables will be called to block all traffic from the IP.

Below is an example email that’s generated by Breakinguard when it blocks an IP:

BreakinGuard has blocked an IP based on suspicious activity
Please review this server.

Detail:
Hostname: elixer.hostname
IP Blocked: 202.82.16.180
Last log entry that caused the block:
Aug 22 06:17:05 elixer sshd[25591]: Failed password for invalid user alias from 202.82.16.180 port 45340 ssh2

Popularity: 7% [?]

cheap xbox 360 games - buy from zavvi
cheap xbox 360 games - zavvi

mobile phones - Web Design - Debt - Credit Card Consolidation - Car Insurance - Arizona Landscaping
Mobile Phone - Bike Insurance - Landlords Insurance - Search Engine Marketing - Mobile Phone