Hoxt.com – Open Source Mirrors Apache, CPAN, PHP, MySQL, PuTTY, Linux Virtual Server, Linux Documentation Project, ProFTPD

17Jul/100

Install OSSEC automatically with expect

If you want to script the installation of ossec, this script will use expect/spawn to automatically enter values for prompts:

#!/usr/bin/expect -d
set timeout -1
spawn ossec-hids-2.4.1/install.sh
expect "en/br/cn/de"
send "en\r"
expect "Press ENTER to continue"
send "\r"
expect "What kind of installation"
send "local\r"
expect "Choose where to install the OSSEC HIDS"
send "\r"
expect "Do you want e-mail notification"
send "y\r"
expect "your e-mail address"
send "root@localhost\r"
expect "Do you want to use it"
send "y\r"
expect "Do you want to run the integrity check daemon"
send "y\r"
expect "Do you want to run the rootkit detection engine"
send "y\r"
expect "Do you want to enable active response"
send "y\r"
expect "Do you want to enable the firewall-drop response"
send "y\r"
expect "Do you want to add more IPs to the white list"
send "n\r"
expect "Press ENTER to continue"
send "\r"
expect "Press ENTER to finish"
send "\r"
expect eof

7Jul/100

shell scripting – Bash alias that takes argument

Normally, you would have this shortcut in .bash_profile

alias sshwww='ssh john@www.example.com'

What about you have 100s of www servers:

sshwww() { ssh "john@$1".example.com; }

Usage: "sshwww web1", "sshwww web2"

Even more, you can su directly to root from john:
sshroot() { ssh "john@$1".example.com "su"; }

Usage: "sshroot web1", "sshroot web2"

Filed under: Uncategorized No Comments
7Jul/100

Make an encrypted password for useradd

Very simple using php:

php -r "echo crypt('myplaintextpassword123');"

useradd -m -p "$1$abJez234$fD4Dn4IrG3Hzeas3hBjIb0" -d /home/john -s /bin/bash john

Filed under: Uncategorized No Comments
7Jul/100

su – Run a command after entering root password

For a better scripting automation and still retain the security of su/non-root login:

su -c "mysql -e 'SHOW STATUS;' "

This will return the status of mysql. Now you can run this via a regular user, then su, then mysql. You'll be asked for password twice, one for the regular user, one for root.

ssh nonroot@server "su -c \"mysql -e 'SHOW STATUS;' \""

You'll get "standard in must be a tty" error. Too bad! Nice concept but does not work like this. Now to solve this, I've seen some suggestion to use an expect script but not supplying the root password automatically. The expect script will ask for the password.

Update: no need for expect script, with just an ssh option "-t" to force it to ask for a tty (see man page for description). So the solution is this:

ssh -t nonroot@server "su -c \"mysql -e 'SHOW STATUS;' \""

Security is still there, you'll be asked for two different passwords, but you can now write a script to guide the process flow as you expected and not having to teach/say/request/instruct users to type in a certain command (eg: then type su, then type your xxx command). Love it eh!

Filed under: Uncategorized No Comments
7Jul/100

Puppet locking problem

If you run "puppetd --test" manually or via service and get this error:

Run of Puppet configuration client already in progress; skipping

Problem: the lock file is not removed properly. It's a known bug: http://projects.reductivelabs.com/issues/2888

Solution: manually remove /var/lib/puppet/state/puppetdlock
Also, you might need to check /var/run/ for the pid and delete/kill the process if it's indeed running

Filed under: Uncategorized No Comments
6Jul/100

mod_security and Apache dummy internal connection

The core rule looks specially for 127.0.0.1 so if your apache is listening to specific IPs and not 127.0.0.1, this rule will be ignored.

Solution: add Listen 127.0.0.1:80 to your httpd.conf, it should be the first line before other Listen's statements

You might want to add exceptions or slowly introduce the rulesets. Some core rules are very specific and might not work for your case.

#Include modsecurity.d/base_rules/modsecurity_crs_20_protocol_violations.conf
#Include modsecurity.d/base_rules/modsecurity_crs_21_protocol_anomalies.conf
#Include modsecurity.d/base_rules/modsecurity_crs_23_request_limits.conf
#Include modsecurity.d/base_rules/modsecurity_crs_30_http_policy.conf
#Include modsecurity.d/base_rules/modsecurity_crs_35_bad_robots.conf
#Include modsecurity.d/base_rules/modsecurity_crs_40_generic_attacks.conf
#Include modsecurity.d/base_rules/modsecurity_crs_41_phpids_converter.conf
#Include modsecurity.d/base_rules/modsecurity_crs_41_phpids_filters.conf
#Include modsecurity.d/base_rules/modsecurity_crs_41_sql_injection_attacks.conf
#Include modsecurity.d/base_rules/modsecurity_crs_41_xss_attacks.conf
#Include modsecurity.d/base_rules/modsecurity_crs_42_tight_security.conf
#Include modsecurity.d/base_rules/modsecurity_crs_45_trojans.conf
#Include modsecurity.d/base_rules/modsecurity_crs_47_common_exceptions.conf
#Include modsecurity.d/base_rules/modsecurity_crs_48_local_exceptions.conf
#Include modsecurity.d/base_rules/modsecurity_crs_49_enforcement.conf
#Include modsecurity.d/base_rules/modsecurity_crs_49_inbound_blocking.conf
#Include modsecurity.d/base_rules/modsecurity_crs_50_outbound.conf
#Include modsecurity.d/base_rules/modsecurity_crs_59_outbound_blocking.conf
#Include modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf

Some example exceptions

# avoid for Apache dummy internal connection
SecRule REMOTE_ADDR "^127\.0\.0\.1$" phase:1,nolog,allow,ctl:ruleEngine=Off

# turn off for this file
SecRule REQUEST_BASENAME "^special\.php$" phase:1,nolog,allow,ctl:ruleEngine=Off

# certain agents do not send Accept header and it's okay, I don't need to see those errors
SecRule REQUEST_HEADERS:User-Agent "SomeAgentString" phase:1,nolog,pass,ctl:ruleRemoveById=960015

Filed under: Uncategorized No Comments
16Jan/060

Our thanks to the open source developers

The development team at AdSpeed uses open source applications daily and to show our support to the great open source creators and developers, we are proud to dedicate a server in our ad server network with redundant bandwidth to host a variety of open source mirrors. This server has been online since 2006. Following is the list of available mirrors:

  1. Apache: http://apache.hoxt.com/
  2. PuTTY: http://putty.hoxt.com/
  3. ProFTPD: http://proftpd.hoxt.com/
  4. Linux Virtual Server: http://lvs.hoxt.com/
  5. Linux Documentation Project: http://ldp.hoxt.com/
  6. cURL: http://curl.hoxt.com/
  7. CPAN: http://cpan.hoxt.com/
  8. OpenSSL: http://openssl.hoxt.com/
  9. PHP: http://php.hoxt.com/

rsync mirroring commands

These mirrors are created and synced with the following commands:

==> rsync.apache.sh <==
rsync -rtlzv --progress --delete rsync.apache.org::apache-dist /home/mirrors/apache

==> rsync.centos.sh <==
rsync --progress -azHv --delete --bwlimit=600 us-msync.centos.org::CentOS /home/mirrors/centos

==> rsync.cpan.sh <==
rsync --progress -av --delete rsync.nic.funet.fi::CPAN /home/mirrors/cpan

==> rsync.curl.sh <==
rsync --progress -r -t -z --delete "rsync://cool.haxx.se/curlweb/*" /home/mirrors/curl/
rsync --progress -z -t --delete "rsync://cool.haxx.se/curldownload/*" /home/mirrors/curl/download/

==> rsync.kde.sh <==
rsync --progress -za --timeout=3600 --delete rsync.kde.org::www /home/mirrors/kde

==> rsync.ldp.sh <==
rsync -rlptv --progress --delete ftp.ibiblio.org::ldp_mirror /home/mirrors/ldp

==> rsync.lvs.sh <==
rsync --progress -auvz --delete rsync.linuxvirtualserver.org::w3lvs /home/mirrors/lvs

==> rsync.mozilla.sh <==
rsync --progress -az --delete --delete-after ftp-rsync.mozilla.org::mozilla-releases/ /home/mirrors/mozilla

==> rsync.mysql.sh <==
rsync --progress -av --delete --delete-after rsync://mysql.mirrors.pair.com/mysql/ /home/mirrors/mysql

==> rsync.openssl.sh <==
rsync --progress -rztpv --delete rsync://ftp.openssl.org/openssl-ftp/ /home/mirrors/openssl/openssl-ftp
rsync --progress -rztpv --delete rsync://ftp.openssl.org/openssl-web/ /home/mirrors/openssl/openssl-web

==> rsync.php.sh <==
rsync -avzC --progress --timeout=600 --delete --delete-after --include='manual/en/' --include='manual/en/**' --exclude='manual/**' --exclude='distributions/**' --exclude='extra/**' rsync.php.net::phpweb /home/mirrors/php

==> rsync.proftpd.sh <==
rsync --progress --recursive --times --links --compress --delete rsync.proftpd.org::proftpd-www /home/mirrors/proftpd

==> rsync.putty.sh <==
rsync -auHv --progress rsync://rsync.chiark.greenend.org.uk/ftp/users/sgtatham/putty-website-mirror/ /home/mirrors/putty

Filed under: Uncategorized No Comments