Linux on System Overlord

Security 101: Beginning with Kali Linux

david@systemoverlord.com (David Tomaschik) — Fri, 03 Jul 2020 00:00:00 +0000

I’ve found a lot of people who are new to security, particularly those with an interest in penetration testing or red teaming, install Kali Linux™¹ as one of their first forays into the “hacking” world. In general, there’s absolutely nothing wrong with that. Unfortunately, I also see many who end up stuck on this journey: either stuck in the setup/installation phase, or just not knowing what to do once they get into Kali.

This isn’t going to be a tutorial about how to use the tools within Kali (though I hope to get to some of them eventually), but it will be a tour of the operating system’s basic options and functionality, and hopefully will help those new to the distribution get more oriented.

Backing up to Google Cloud Storage with Duplicity and Service Accounts

david@systemoverlord.com (David Tomaschik) — Mon, 23 Sep 2019 00:00:00 +0000

I wanted to use duplicity to backup to Google Cloud Storage. I looked into it briefly and found that the boto library, originally for AWS, also supports GCS, but only using authorization tokens. I’d rather use a service account, for which authorization tokens are not available.

I looked into the options and the best information I could find was a Medium post, but it also describes using authorization tokens and creating a separate GMail/Google Apps account for the access. I’d really prefer to go with a service account to avoid having to sign up another account, and to be able to use more granular ACLs for the service account.

Pi Zero as a Serial Gadget

david@systemoverlord.com (David Tomaschik) — Sun, 21 May 2017 00:00:00 +0000

I just got a new Raspberry Pi Zero W (the wireless version) and didn’t feel like hooking it up to a monitor and keyboard to get started. I really just wanted a serial console for starters. Rather than solder in a header, I wanted to be really lazy, so decided to use the USB OTG support of the Pi Zero to provide a console over USB. It’s pretty straightforward, actually.

Bash Extended Test & Pattern Matching

david@systemoverlord.com (David Tomaschik) — Mon, 17 Apr 2017 00:00:00 +0000

While my daily driver shell is ZSH, when I script, I tend to target Bash. I’ve found it’s the best mix of availability & feature set. (Ideally, scripts would be in pure posix shell, but then I’m missing a lot of features that would make my life easier. On the other hand, ZSH is not available everywhere, and certainly many systems do not have it installed by default.)

I’ve started trying to use the Bash “extended test command” ([[) when I write tests in bash, because it has fewer ways you can misuse it with bad quoting (the shell parses the whole test command rather than parsing it as arguments to a command) and I find the operations available easier to read. One of those operations is pattern matching of strings, which allows for stupidly simple substring tests and other conveniences. Take, for example:

GOT and PLT for pwning.

david@systemoverlord.com (David Tomaschik) — Sun, 19 Mar 2017 00:00:00 +0000

So, during the recent 0CTF, one of my teammates was asking me about RELRO and the GOT and the PLT and all of the ELF sections involved. I realized that though I knew the general concepts, I didn’t know as much as I should, so I did some research to find out some more. This is documenting the research (and hoping it’s useful for others).

Martian Packet Messages

david@systemoverlord.com (David Tomaschik) — Sun, 06 Nov 2011 02:36:13 +0000

Occasionally, you might see messages like the following in your Linux kernel messages:

martian source 192.168.1.1 from 127.0.0.1, on dev eth1<br />
        ll header: 52:54:00:98:99:d0:52:54:00:de:d8:10:08:00

There's a lot of discussion out there about what this means, but not a lot about how to trace down the source. Hopefully this will provide some insight into what the messages actually mean, and how to understand them.

Tablets, Free Software, and You

david@systemoverlord.com (David Tomaschik) — Fri, 23 Sep 2011 01:38:56 +0000

Tablets are the current 'big thing' in computing devices -- so much so, in fact, that many believe tablets will replace most of the uses of laptops and desktops. This aligns closely with the trend to put "everything" on the web. While making everything browser-based certainly has its conveniences, it also has risks.

Users are continually placing their privacy and their data in the hands of others, while ignoring the risks posed by these actions. Look, for example, at the terms of service and software licenses associated with the iPad. Apple can remotely "kill" software on your iPad. If that software was storing your data, too bad, it's gone.

Using an SSH Connection to Provide Remote Support (Part I)

david@systemoverlord.com (David Tomaschik) — Tue, 20 Sep 2011 15:37:46 +0000

Last week, at the ALE meeting, a question came up about using SSH to provide remote support for someone who is not especially Linux-literate. I suggested using an SSH reverse tunnel so the end-user wouldn't need to worry about firewalls, NAT, etc.

Thinking about the problem, I realize that it's a little more complicated than that. So in part 1, I'm going to discuss the general solution and the approach to the problem. In Part II, I'll present a more comprehensive solution that will (I think) scale better.

Southeast Linuxfest 2011

david@systemoverlord.com (David Tomaschik) — Mon, 13 Jun 2011 18:08:18 +0000

This year was my 2nd Southeast Linuxfest (I'd previously attended the inaugural SELF at Clemson in 2009) and I was blown away by how it has grown. As a former organizer for the Atlanta Linux Fest (which I terribly miss) I know how hard it is to make an event like this a success. I have to applaud the organizers of SELF, even if I'm not sure who all of them are! The conference retained a great "local" feel while still attracting a diverse group of people.

Linode Rocks!

david@systemoverlord.com (David Tomaschik) — Wed, 18 May 2011 03:13:28 +0000

As you may know, my site is hosted by Linode, one of the older Linux VPS providers. I was excited when Linode announced native IPv6 support in some of their data centers, but then disappointed when I saw "No ETA" for the Atlanta datacenter where my site was hosted. I had been running my node with Hurricane Electric's IPv6 tunnel service, but I prefer a native solution when I can get it.

Memo to Self when Moving Databases

david@systemoverlord.com (David Tomaschik) — Sat, 05 Mar 2011 23:50:32 +0000

As a memo to myself, and in case others aren't aware of this:

If you move the entirety of a mysql server (e.g., all databases, especially the "mysql" database) to a new Debian-based (Debian, Ubuntu, etc.) server, you need to make sure the debian-sys-maint user is created or updated.

If moving from a non-Debian-ish environment, try:

GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY '--password--' WITH GRANT OPTION;

where "--password--" comes from /etc/mysql/debian.cnf.

GnuPG: The What and the Why (For Me, Anyway)

david@systemoverlord.com (David Tomaschik) — Mon, 28 Feb 2011 07:05:11 +0000

I'm a big advocate of GnuPG, the Free implementation of the OpenPGP standard. I've even recently begun to use a smart card for storing my keys. I've also answered some questions about why I do this, so I thought I'd write about it here. Put simply: the Bill of Rights is important to me. My privacy is important to me. Security is important to me. OpenPGP can help me protect the things that are important to me.

SSH across a Layer 7 Filter

david@systemoverlord.com (David Tomaschik) — Sat, 19 Feb 2011 03:14:50 +0000

Every once in a while, I find myself in a situation behind some sort of device that filters a lot of traffic. Most often, it's on my laptop at some facility (e.g., coffee shop) that only allows HTTP/HTTPS out. For a while, I just listened for SSH traffic on port 443 (HTTPS) to connect through port-based firewalls. However, a few times now I've seen a connection reset immediately after the SSH handshake started (during the protocol&cipher negotation). Looking at them through WireShark made it obvious it wasn't a server or client problem, but some intermediate device sending a RST.

apc.stat=0 and Updating Software

david@systemoverlord.com (David Tomaschik) — Tue, 08 Feb 2011 04:36:41 +0000

When you're running APC on PHP and you have apc.stat=0, it's sometimes easy to forget that when you update software (WordPress) the code running on your server remains unchanged until you flush the APC cache. So, when you go to update WordPress to 3.0.5, you should flush your APC cache after running the update. If you don't, you'll be very confused when WordPress repeatedly tells you to upgrade to the version you just installed!

Major Sites that a 'tiered' Internet Would Have Killed

david@systemoverlord.com (David Tomaschik) — Mon, 24 Jan 2011 03:08:02 +0000

Again and again, we hear about the idea of a "tiered" Internet, containing 1st and 2nd class citizens. In some variants, entire sites would be cut off by ISPs. Let's take a look at sites that probably would not have been able to get started with the notion of a "tiered" Internet. In this list, I'm including major sites that were started without major commercial backing, whose success only came after making it big -- something that takes users being able to access the site, of course. Let's assume that a tiered Internet came out about a decade ago, right after the fall of the dot-com era.

Welcome to Nginx!

david@systemoverlord.com (David Tomaschik) — Sun, 23 Jan 2011 17:49:21 +0000

If you're reading this, it's thanks to Nginx. As of about midnight last night, all content on SystemOverlord.com is being served up by Nginx. I did this for two reasons: Nginx has a much smaller memory profile than Apache, which is important when running on a 512MB VPS, and Nginx's preferred PHP path is through a FastCGI interface, which allows me to run separate PHP FastCGIs under different users for each application on my server. Privilege separation for different webapps has always been a big thing security-wise, and I'm glad I was able to get it going with a minimum of fuss. Wordpress, Nginx, MySQL, and Ubuntu Server powered, all on a Linode VPS!

Announcing NetStatUI: A PyGTK interface for network statistics

david@systemoverlord.com (David Tomaschik) — Sat, 22 Jan 2011 18:06:48 +0000

NetStatUI is my first significant FOSS release. It’s also my first significant Python project and my first use of GTK+. Yes, that’s a lot of firsts all at once, so I apologize if I’ve done things sub-optimally. I’m still learning some of the wonderful niceties of Python (a subject of a later post) and so I may have done some things “the other way.” NetStatUI is a program to display statistics and information about the IP connections currently on your system. It is an attempt to provide a usable NetStat work-alike for the desktop user. Many new users are shy of the command line, and having a graphical version may be useful.

IPv6: On my Linode, and at Home

david@systemoverlord.com (David Tomaschik) — Fri, 21 Jan 2011 02:07:32 +0000

Hurricane Electric, ARIN, and others, report that we may be as close as 12 days to exhaustion of the main IPv4 pool. Accordingly, I decided it was time to get both my VPS and my home network IPv6-ready. It wasn't as painful as I feared, though doing it in DD-WRT is a bigger pain than it should be. If I had an OpenWRT router, it looks like it would be easier.

Merry Christmas, and Thank You!

david@systemoverlord.com (David Tomaschik) — Sat, 25 Dec 2010 18:38:46 +0000

A big Merry Christmas to all my readers, and a big Christmas thank you to my favorite groups & organizations:

Also, of course, Merry Christmas to my friends and coworkers at Kennesaw State University, to my family, and especially to the love of my life (and wife), Ann.

Backupninja!

david@systemoverlord.com (David Tomaschik) — Fri, 24 Dec 2010 21:14:51 +0000

I don't know how I missed it before, but I found a great backup tool today. It's BackupNinja. It's stupidly simple to set up to back up a small number of machines. It's no centralized backup system like bacula, but for a single server or two (like I have) it seems far better than a "roll your own" solution.

So, a big Christmas thank you to the BackupNinja devs.

WikkaWiki: My new PIM

david@systemoverlord.com (David Tomaschik) — Tue, 21 Dec 2010 09:00:24 +0000

For a while now, I've found myself finding tidbits of information that I think would be useful again in the future, or more commonly, having to look up things where I know I've looked it up before. In both cases, I keep thinking that I need somewhere to document this. For a short while, I just threw this information into a file called "TIPS" that I edited with vim. Sounds great, except I use a lot of computers, and keeping it on a flash drive meant pulling out the flash drive a lot. Not only was that slightly inconvenient, but even worse, the file was becoming unwieldy, and there was no good way to link to web-based resources for finding more information.

1 OS, 2 Servers, 5... days?

david@systemoverlord.com (David Tomaschik) — Thu, 18 Nov 2010 05:34:09 +0000

At work, we're switching a number of our LAMP stack applications to be hosted on Ubuntu Server. Because of its increased stability, we generally run the LTS editions, so we're currently on Lucid Lynx (10.04). In this particular case, we're moving our Drupal CMS hosting over from RHEL 5.4 to Ubuntu Server on two new servers to be configured for high availability. Turns out it took 5 days to do what would normally be done in a half a day.

Why the risk of running as root is overblown

david@systemoverlord.com (David Tomaschik) — Sat, 31 Jul 2010 01:37:46 +0000

Please Note: This is only relevant to single-user desktop installations of Linux. The issues I will discuss here don't apply to servers. In fact, the exact opposite applies there.

"Don't run as root" is an oft-repeated mantra of *nix security. While I agree 100%, it's not as big on the desktop as some would think. I'd like to point out why here. I still believe you shouldn't login as root, but I also believe that it's up to each user to make their own decision.

Needing more focus...

david@systemoverlord.com (David Tomaschik) — Sun, 20 Jun 2010 03:40:51 +0000

I've come to the conclusion that I need to become more focused in some areas of my life. I want to be able to contribute to open-source projects, including Ubuntu, but I realized that I don't know enough about any single project to really dive in and work on the code. I need to find a single project to contribute (codewise) to.

I sometimes feel that there's this technological void in my life, with a desire to work on a project of some sort. The big problem is that I have diverse interests: user experience, information security, embedded systems/robotics, etc. I know it's a ridiculous statement to make, but even at 25, I feel like I'm behind where I'd like to be in my life.

AXIS IP Cameras = Fail

david@systemoverlord.com (David Tomaschik) — Sun, 21 Feb 2010 04:42:40 +0000

At work, we've been developing a custom camera recording solution for the past 4 months. Essentially, it's a system to provide a web-based interface to record a number of IP cameras, transcode the videos, and output the videos to a variety of the web applications we use (Moodle, Drupal, etc.) The cameras in question are Axis Q1755 cameras, which are really intended for use as HD security cameras and not in the studio-type environment we have here. (Neither I nor my department was involved in camera selection, and those who were have serious second thoughts.) In any case, these cameras are a continuous source of frustration for us.

RHCE

david@systemoverlord.com (David Tomaschik) — Mon, 07 Dec 2009 06:33:57 +0000

Generally speaking, I try not to push my ego on here too much. It's big enough on its own. However, I feel like this is a pretty major accomplishment for myself, and I haven't posted in a while, so I thought I'd throw it up there. As of this past Friday, I am now a Red Hat Certified Engineer (RHCE)™! This is without a doubt the hardest test I've taken, as a "practical" (hands-on) exam. No multiple-choice guessing here.