https://systemoverlord.com/tags/system-administration.htmlRecent content in System Administration on System OverlordHugoen-usdavid@systemoverlord.com (David Tomaschik)david@systemoverlord.com (David Tomaschik)Sat, 03 Mar 2018 00:00:00 +0000https://systemoverlord.com/2018/03/03/openssh-two-factor-authentication-but-not-service-accounts.htmlSat, 03 Mar 2018 00:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2018/03/03/openssh-two-factor-authentication-but-not-service-accounts.html<p>Very often, people hear &ldquo;SSH&rdquo; and &ldquo;two factor authentication&rdquo; and assume you&rsquo;re talking about an SSH keypair that&rsquo;s got the private key protected with a passphrase. And while this is a reasonable approximation of a two factor system, it&rsquo;s not <em>actually</em> two factor authentication because the server is not using two separate factors to authenticate the user. The only factor is the SSH keypair, and there&rsquo;s no way for the server to know if that key was protected with a passphrase. However, OpenSSH has supported true two factor authentication for nearly 5 years now, so it&rsquo;s quite possible to build even more robust security.</p>https://systemoverlord.com/2014/10/20/psa-typos-in-mkfs-commands-are-painful/Mon, 20 Oct 2014 14:19:40 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/10/20/psa-typos-in-mkfs-commands-are-painful/<p>TL;DR: I apparently typed <code>mkfs.vfat /dev/sda1</code> at some point. Oops.</p> <p>So I rarely reboot my machines, and last night, when I rebooted my laptop (for graphics card weirdness) Grub just came up with:</p> <pre><code>Error: unknown filesystem. grub rescue&gt; </code></pre> <p>WTF, I wonder how I borked my grub config? Let&rsquo;s see what happens when we ls my /boot partition.</p> <pre><code>grub rescue&gt;ls (hd0,msdos1) unknown filesystem </code></pre> <p>Hrrm, that&rsquo;s no good. An <code>ls</code> on my other partition isn&rsquo;t going to be very useful, it&rsquo;s a LUKS-encrypted LVM PV. Alright, time for a live system. I grab a Kali live USB (not because Kali is necessarily the best option here, it&rsquo;s just what I happen to have handy) and put it in the system and boot from that. <code>file</code> tells me its an <code>x86 boot sector</code>, which is not at all what I&rsquo;m expecting from an ext4 boot partition. It slowly dawns on me that at some point, intending to format a flash drive or SD card, I must&rsquo;ve run <code>mkfs.vfat /dev/sd</code><strong><code>a</code></strong><code>1</code> instead of <code>mkfs.vfat /dev/sd</code><strong><code>b</code></strong><code>1</code>. That one letter makes all the difference. Of course, it turns out it&rsquo;s not even a valid FAT filesystem&hellip; since the device was mounted, the OS had kept writing to it like an ext4 filesystem, so it was basically a mangled mess. <code>fsck</code> wasn&rsquo;t able to restore it, even pointing to backup superblocks: it seems as though, among other things, the root inode was destroyed.</p>https://systemoverlord.com/2014/05/13/the-machine-inside-the-machine/Tue, 13 May 2014 04:24:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/05/13/the-machine-inside-the-machine/<p>Imagine this scenario:</p> <blockquote> <p>One of your employees visits a site offering a program to download videos from a popular video site. Because they&rsquo;d like to throw some videos on their phone, they download and install it, but it comes with a hitchhiker: a RAT, or remote access trojan. So Trudy, an attacker, has a foothold, but the user isn&rsquo;t an administrator, so she starts looking at the network for a place to pivot. Scanning a private subnet, she finds a number of consecutive IP addresses all offering webservers, FTP servers, and even telnet! Connecting to one, the attacker suddenly realizes she has just found her golden ticket&hellip;</p>