Monday 29 September 2014

Bash Code Injection Vulnerability


rpm -qa | grep bash

bash-3.2-32.el5

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
You have new mail in /var/spool/mail/root

yum upgrade bash

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

rpm -qa | grep bash
bash-3.2-33.el5.1

Ref :- https://access.redhat.com/articles/1200223

Wednesday 24 September 2014

Install mod_ssl on Apache2 - Ubuntu

Steps to install mod_ssl on Apache2 - Ubuntu

apt-get install mod_ssl

dpkg -S mod_ssl.so
apache2.2-bin: /usr/lib/apache2/modules/mod_ssl.so

a2enmod ssl
Module ssl already enabled

To make sure that the SSL module was loaded properly :

apache2ctl -t -D DUMP_MODULES | grep ssl
[Thu Sep 25 11:28:16 2014] [warn] NameVirtualHost *:80 has no VirtualHosts
Syntax OK
ssl_module (shared)



Mutual SSL authentication in Ubuntu

Two-way SSL using CA certificates

 cd /root

 mkdir CA

 cd CA

 mkdir newcerts private

vi openssl.cnf

#
# OpenSSL configuration file.
#
# Establish working directory.
dir = .
ts = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req

[ ca ]

default_ca = CA_default

[ CA_default ]

serial = $dir/serial
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match

[ policy_match ]

countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]

default_md = sha1
distinguished_name = req_distinguished_name

[ req_distinguished_name ]

countryName = Country
countryName_default = IN
countryName_min = 2
countryName_max = 2
localityName = Locality
stateOrProvinceName_default = Karnataka
localityName_default = Bangalore
organizationName = Organization
organizationName_default = edurite
commonName = Common Name
commonName_max = 64

[ certauth ]

subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true

[ server ]

basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
nsCertType = server

[ client ]

basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = clientAuth
nsCertType = client

[ v3_req ]

basicConstraints = CA:FALSE
subjectKeyIdentifier = hash

Generate self-signed certificate

 openssl req -config ./openssl.cnf -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 3650 -extensions certauth -outform PEM -out ca.cer

 openssl genrsa -out server.key 2048

 openssl req -config ./openssl.cnf -new -key server.key -out server.req

 openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.cer

 rm server.req

 openssl genrsa -out client.key 2048

openssl req -config ./openssl.cnf -new -key client.key -out client.req

 openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extfile openssl.cnf -extensions client -days 365 -outform PEM -out client.cer

 openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12

 rm client.key client.cer client.req

vi /etc/apache2/sites-available/default

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName 10.98.33.136:443

        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
SSLEngine on
LogLevel warn
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
SSLVerifyClient require
SSLVerifyDepth 10
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
#SSLCACertificateFile /etc/apache2/ssl/ca.cer
</VirtualHost>

/etc/init.d/apache2 restart

./OpenSSL_Client rname@some.com 365 passwd /var/www/html/CERT

Now Import the P12 file to the browser.

Ref :- http://www.flatmtn.com/article/setting-openssl-create-certificates

Tuesday 23 September 2014

Two-way SSL authentication


Two-way SSL authentication or mutual SSL authentication or client
authentication works by resolving its identity to SSL server with a use of
the client certificate.

All certificates will be issued by using OpenSSL application and openssl.cnf
configuration file.

 cd /root

 mkdir CA

 cd CA

 mkdir newcerts private

 vi /root/CA/openssl.cnf

#
# OpenSSL configuration file.
#
# Establish working directory.
dir = .
ts = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req

[ ca ]

default_ca = CA_default

[ CA_default ]

serial = $dir/serial
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match

[ policy_match ]

countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]

default_md = sha1
distinguished_name = req_distinguished_name

[ req_distinguished_name ]

countryName = Country
countryName_default = IN
countryName_min = 2
countryName_max = 2
localityName = Locality
stateOrProvinceName_default = Karnataka
localityName_default = Bangalore
organizationName = Organization
organizationName_default = edurite
commonName = Common Name
commonName_max = 64

[ certauth ]

subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:true

[ server ]

basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
nsCertType = server

[ client ]

basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = clientAuth
nsCertType = client

[ v3_req ]

basicConstraints = CA:FALSE
subjectKeyIdentifier = hash

 echo '01' > serial
 touch index.txt

 to generate self-signed certificate

 openssl req -config ./openssl.cnf -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 3650 -extensions certauth -outform PEM -out ca.cer

 openssl genrsa -out server.key 2048

 openssl req -config ./openssl.cnf -new -key server.key -out server.req

 openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extfile openssl.cnf -extensions server -days 365 -outform PEM -out server.cer

 rm server.req

 openssl genrsa -out client.key 2048

openssl req -config ./openssl.cnf -new -key client.key -out client.req

 openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extfile openssl.cnf -extensions client -days 365 -outform PEM -out client.cer

 openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12

 rm client.key client.cer client.req

vi /etc/httpd/conf.d/ssl.conf

LoadModule ssl_module modules/mod_ssl.so
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

Listen 443

<VirtualHost 172.16.0.14:443>
DocumentRoot "/var/www/SSL/digitally"
CheckSpelling on
DirectoryIndex opsindex.php
ServerName 172.16.0.14
ServerAdmin root@localhost
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /etc/httpd/conf/ssl/server.cer
SSLCertificateKeyFile /etc/httpd/conf/ssl/server.key
SSLVerifyClient require
SSLVerifyDepth 10
SSLCACertificateFile /etc/httpd/conf/ssl/ca.cer
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

 httpd -S

 /etc/init.d/httpd/restart

 mkdir -p /var/www/html/CERTS

./OpenSSL_Client rname@some.com 365 passwd /var/www/html/CERTS

Now Import the P12 file to the browser.

Ref :- http://www.flatmtn.com/article/setting-openssl-create-certificates

Thursday 11 September 2014

Purge logs of MySQL


The PURGE BINARY LOGS statement deletes all the binary log files listed in the log index file prior to the specified log file name or date. BINARY and MASTER are synonyms. Deleted log files also are removed from the list recorded in the index file, so that the given log file becomes the first in the list.

Examples:-

mysql> SHOW BINARY LOGS;
+------------------+-----------+
| Log_name         | File_size |
+------------------+-----------+
| mysql-bin.000034 |  14785707 |
| mysql-bin.000035 |       143 |
| mysql-bin.000036 |       143 |
| mysql-bin.000037 |       120 |
+------------------+-----------+
4 rows in set (0.00 sec)

mysql> PURGE BINARY LOGS BEFORE '2014-09-10';

mysql> PURGE BINARY LOGS BEFORE '2013-04-22 09:55:22';

mysql>PURGE BINARY LOGS TO 'mysql-bin.000015';


ref : https://mariadb.com/kb/en/mariadb/documentation/sql-commands/administration-commands/sql-commands-purge-logs/