Feb 042012
 

I created this because I always forget the command to enumerate snmp and I am often too lazy to read man pages 🙂

#!/bin/bash
 
# By Ed Wiget
# This script takes an input ip or domain and performs a snmpwalk using common community strings
# 20120204 - initial script
 
function proghelp (){
	echo ""
	echo ""
	echo "Help:"
	echo "./eds-smtpwalk.sh ip_address"
	echo ""
	echo "Example:"
	echo "./eds-smtpwalk.sh 127.0.0.1"
	echo ""
	echo ""
}
 
if [ $# -ne 1 ]
then
clear
proghelp
exit
fi
 
# set up the first input value
if [ "$1" == "" ]; then
 
        echo "What is the ip address to query?"
        read SVRIP
else
        SVRIP=$1
fi
 
if [ -f wordlist-common-snmp-community-strings.txt ]; then
	for COMSTG in `cat wordlist-common-snmp-community-strings.txt`
		do
# removed below in favor of auto list
# set up the second input value
#if [ "$2" == "" ]; then		
#        echo "What is the community string?"
#        read COMSTG
#else
#	COMSTG=$2
#fi
 
		snmpwalk -v2c -c ${COMSTG} $1 system
	done
 
else
 
echo "wordlist-common-snmp-community-strings.txt does not exist.......fetching now......please wait"
echo ""
wget http://fuzzdb.googlecode.com/svn/trunk/wordlists-misc/wordlist-common-snmp-community-strings.txt
echo ""
echo "please run again....."
fi

Jan 092012
 

One of the easiest ways to set up a subversion server that is lightweight is to use an existing linux server with sufficient free space available to hold your repositories.  This is much more lightweight because it really doesn’t require any additional software or services, outside of subversion which is likely already installed if you use the svn client; and ssh which is probably already installed and running.

I will give the steps I used for centos, but it will work with other linux distributions if you apply the correct package management steps (pacman, apt-get, yum, emerge, etc):

First, make sure we have subversion and openssh installed:

yum install subversion openssh-server

Continue reading »

Nov 232011
 

I have been using cluster ssh on and off for some time now but I have never written about it.  So first, let me tell you what my definition of it is……a huge time saver for multiple like tasks that need completed across many servers or systems.

As an example, lets say a critical update comes in and it affects 25 web servers, a lot of people will log into each web server, perform the update, log out, go to the next one, etc until completed.  That’s a huge waste of time….assuming it takes 5 minutes to log in, run the update, log out, log into the next one….that is 25 x 5 or roughly 125 minutes, slightly more than 2 hours.

Continue reading »

Sep 122011
 

This is just a quick note on how to password protect wp-admin using nginx.

You may have to fiddle with the location of the lines in the site.conf file.

Where I thought the config variables needed to go, gave me a “download file” of type bin in nginx after authentication.

So, here is how I did it:

server {
   listen 80;
   server_name domain.com www.domain.com;
   access_log /logs/domain.com-access.log;
   error_log /logs/domain.com-error.log;
   root /var/www/sites/domain.com/htdocs;
location / {
try_files $uri $uri/ /index.php?q=$request_uri;
	   }
include /usr/nginx/conf/staticfiles.conf;
include /usr/nginx/conf/php.conf;
include /usr/nginx/conf/drop.conf;
 
        # password protect wp-admin
                location ~ ^/wp-admin {
                auth_basic “Restricted”;
                auth_basic_user_file /path/to/htpasswd/file;
                try_files $uri $uri/ /index.php?q=$request_uri;
                }
}

Jun 132011
 

As system administrators, we often need to search for potential backdoors or shells in web sites for servers we manage.  Its not something we want to happen, but need to do especially if we are supporting legacy code; have gotten behind on patches or updates; or a new exploit slipped through the cracks due to its popularity and how quickly it spread.

I wrote a quick bash script based on a php version I found here.

Here is the short script:

Continue reading »

May 102011
 

A lot of recent talks about “securing the cloud” but let me give you my take on it.

I am in the cloud, businesses are in the cloud, but which cloud?  Is any one cloud environment more secure than the other?  Let me give you a few things I have learned about the cloud….cause this might seem rather alarming to some or most.

Treat all cloud environments as a hostile environment.  Treat it like a wide open door to your business infrastructure, matter of fact, treat it like something blew 2 of the 4 outer parameter walls off of your business along with half of the roof coming down.  Rethink what you consider secure, how you secure services and applications, and treat it like you just handed everything to a blackhat hacker.

Almost every cloud environment I have used or tested offers a “private ip address” but is it really private?  If you dig around, you will find that it is not.  Matter of fact, it seems that others with those private ip addresses believe they have their own vlan switch of private ip address ranges segregated from everyone else….but fact is, you share your data on your private ip address range with many other clients on the same private ip address range.  Why?  Because you are all sharing a cut of the cpu, memory, network cards, etc of the same physical server.  Even though you might secure your forward facing applications, you would be surprised how many applications within the private ip addresses are not secured.  Why?  Because people automatically think of it in terms of “our local network or private lan”.  Why?  Because its in the same ip range as a private network.

See EXAMPLE 1 below

And because people treat it like a private lan network, they do the craziest things like “unpatched apache or other insecure software”, how about mysql root without a password on the private lan for ease of administration, or what about using the private lan to send critical confidential customer (or patient) records across to another failover server on the private lan….unencrypted.  You see where this is going??

See EXAMPLE 2 below

And then lets talk about pre-made cloud environments…..

Continue reading »

Apr 282011
 

So, sometimes I write scripts to be a quick way to monitor or audit other systems.  The following script was written as a way to quickly audit a list of domain names, i.e. from a list of 1 domain per line.  Initially it was used to audit a list of subdomains from a nettica account to see if the name still resolved and if so, determine if the server was running ssh with a valid key.  I have realized the script has a lot of uses, as a way to validate hosts are up and also validate ssh is running.  You could also replace the “ls” command in order to monitor other services on a server or even top or similar.  So, this script could start as a foundation and easily expanded upon.

First, you need a text file containing 1 domain name per line, like this:

domain1.com
domain2.com
domain3.com
sub.domain4.com

Continue reading »