Weaponizing nessus
from the “when your only tool is a hammer, everything looks like a nail” files, comes this amusing tidbit: http://www.shellntel.com/blog/2016/6/7/weaponizing-nessus
Weaponizing nessus2016.06.20
from the “when your only tool is a hammer, everything looks like a nail” files, comes this amusing tidbit: http://www.shellntel.com/blog/2016/6/7/weaponizing-nessus
Xwindows and Windows2015.06.19
Exceed is the best. Unfortunately, it is pricey: http://connectivity.opentext.com/buy-online.aspx Your other options are: MobaXterm: in free and pay versions, pretty simple to install/setup and use. Xming: free (old version) or pay (current version), also pretty simple to use. Cygwin/X: complicated, kludgey and you should probably avoid it.
http://stackoverflow.com/questions/40453/what-is-a-good-and-free-x-server-for-windows Don’t run “strings” against files…2014.10.27
From http://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html:
Check the site for POC code. It’s old and it’s nasty. Configuring cacti for 1-minute polling2014.10.24
Trickier than it sounds, just because there’s lots of moving parts. Here is a handy guide that gets all the notes right: http://www.tolaris.com/2013/07/09/cacti-and-1-minute-polling/ Linux / Unix / VMS equivalencies2014.10.02
So you’re dumped in Brazil (VMS) and all you speak is English (Windows) and Spanish (Linux), how do you get by? A universal translator, of course: http://bhami.com/rosetta.html VMS There’s also a VMS to Unix cheat-sheet: http://www.physnet.uni-hamburg.de/physnet/vms-unix-commands.html and another: https://www.mpp.mpg.de/~huber/vmsdoc/unix_vms_cmd_xref.html setting security/ownership in VMS: http://labs.hoffmanlabs.com/node/1806 tiny gotchas that you might not expect:
$ create/directory [.tmp] $ copy dsa0: [.tmp]x.tmp $ copy dsa0: [.tmp]y.tmp $ copy dsa0: [.tmp]z.tmp This creates a directory, .tmp, and three files inside it, x.tmp, y.tmp, z.tmp. AIX AIX Cheat-sheet: http://bigcalm.tripod.com/aix/handycommands.htm AIX Cheat-sheet: http://www.tablespace.net/quicksheet/aix-quicksheet.pdf [PDF] AIX Cheat-sheet: http://www.vmexplore.com/aix-commands-cheat-sheet/ AIX documentation: http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp AIX Admin’s blog, full of AIX tips and tricks: http://nixys.fr/blog/?tag=aix (I haven’t used it but it’s the type of quick and to-the-point howto that I find most useful.) a text file cheat-sheet — quick and dirty, no-nonsense: http://www.pimpworks.org/ibm/aix.txt
SOLARIS The biggest caveat when going to Solaris from Linux is that a lot of the tools you expect are missing (ie, not installed by default) or different (ie, you’re expecting GNU versions). The easiest way to deal is to install the gnu tools and set them in your path. That said, Solaris 10 is less of a PITA than older versions (9, 8….or heaven forfend: SunOS). Here is a fast and dirty “why doesn’t this work / how do I do this?” for Solaris: http://sysunconfig.net/unixtips/solaris.html IBM redbooks, learn it, love it: http://www.redbooks.ibm.com/redbooks/pdfs/sg247186.pdf [PDF] Lesser Known Solaris Features: http://www.c0t0d0s0.org/pages/lksfbook.html
Linux user auth against Active Directory2014.07.30
Enabling user authentication on linux against Active Directory, using ubuntu, sssd and AD 2008 (should work with 2003r2) apt-get install realmd sssd samba-common samba-common-bin samba-libs sssd-tools krb5-user adcli 2. vi /etc/sssd/sssd.conf and put this in it: [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 3. chmod 0600 /etc/sssd/sssd.conf 4. vi /etc/realmd.conf and put this in it:
5. run kinit Administrator@YOURDOMAIN.ALLINCAPS.TLD
You should now be able to su – to a domain user. That’s it, you’re done: you can login to your linux box by authenticating to your Active Directory domain. Additional (and optional) stuff is below, like adding groups and restricting logins based on groups.
Additional settings inside /etc/sssd/sssd.conf [domain] section to enable groups: [domain/yourdomain.allincaps.tld] ad_domain = yourdomain.allincaps.tld krb5_realm = YOURDOMAIN.ALLINCAPS.TLD realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True ## comment out #use_fully_qualified_names = True ## these will need to be created manually or you will need to modify pam to ## mkdir them with pam_mkhomedir.so or use oddjob-mkhomedir, see below override_homedir = /home/%u fallback_homedir = /home/%d/%u ##group settings## ldap_group_uuid = objectGUID ldap_user_uuid = objectGUID ldap_group_member = member ldap_user_member_of = memberOf ldap_user_uid_number = uidNumber ldap_group_nesting_level = 1 ldap_force_upper_case_realm = True ldap_user_principal = userPrincipalName ldap_user_object_class = user ldap_user_gid_number = gidNumber ldap_group_modify_timestamp = whenChanged ldap_group_object_class = group ldap_group_name = cn ldap_user_name = sAMAccountName ldap_ns_account_lock = userAccountControl ldap_user_home_directory = unixHomeDirectory ldap_user_modify_timestamp = whenChanged ldap_group_gid_number = gidNumber ldap_referrals = false ldap_group_nesting_level = 0 Test that groups are working by su’ing to an AD user and typing in “groups”, which will show you what groups your user is a member of. To make the homedirectory autocreate: 1. edit /etc/pam.d/common-session (/etc/pam.d/session-auth in RHEL)and add this line before any pam_ldap or pam_krb5 lines: #autocreate user homedirs session required pam_mkhomedir.so umask=0022 skel=/etc/skel To limit login by AD group:
To allow an AD group to have access to sudo:
%domain\ admins ALL=(ALL) ALL %linux-sudo ALL=(ALL) ALL Further reading: Various bits, mostly to do with LDAP authentication, but can be translated for use with AD/sssd/pam (e.g. homedir creation) http://www.chriscowley.me.uk/blog/2014/06/17/new-linux-active-directory-integration/ http://funwithlinux.net/2014/04/join-ubuntu-14-04-to-active-directory-domain-using-realmd/ http://linux.tvortex.net/2011/10/sssd-against-active-directory-2003.html https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server |
SearchContactTechnical How-ToCategoriesArchivesRecent Posts |
|