Search CVE – web interface with php

2014-11-03 1 min read Uncategorized

So, last few weeks have been very busy with lot of security issues, so I thought of having a local CVE Search app. But all I could find on google and github.com were on python and nothing that I could use quickly. So here is link to one that I wrote quickly:

CVE Search PHP

 

It’s in php. So just download in some folder and access from a web-server and you are done.

Continue reading

Sandbox apache (httpd) for better security.

2014-03-26 1 min read Fedora

Apache/httpd is something which you would like to have contained. And now fedora provides a native way/mechanism to to so with virt-sandbox-service. With this, you can create a virtualized sanbox service and then connect/list/manage such with virsh.

We will be using LXC.

Basically its couple of commands and you have a contained service running.

# List all the containers
virsh -c lxc:/// list

# Create the sandbox, all default parameters. Will take dhcp address.
virt-sandbox-service create -C  --username amitag -u httpd.service httpd_conta

# Create the container with static IP.
virt-sandbox-service create -C  --username amitag -u httpd.service -N \
address=192.168.122.11/24%192.168.122.255  httpd_conta#Enable and start the service.
virt-sandbox-service start httpd_conta
virt-sandbox-service enable httpd_conta#Delete the container if not required any more.
virt-sandbox-service delete  httpd_conta

 

Continue reading

Sandbox Firefox – First step to security

2014-03-19 2 min read Fedora Firefox

First we will setup cgroup to limit cpu and memory usage, so here we go:

Add the configuration in /etc/cgconfig.conf

#------start cgconfig----------------
#new group
group firefox {
    perm {
        task {
#user your login id and group here, so that you can control this group
        uid = amitag;
        gid = amitag;
        }
        admin {
# same as above, set to your login id and group.
           uid = amitag;
           gid = amitag;
        }
    }
# set the limits for cpu.. by default there are 1024 shares of cpu with no other groups,
# so share of 102 would be around 10% .
    cpu{
        cpu.shares="102";
    }
# limit the cpus to be used to only 0-1
    cpuset{
        cpuset.cpus=0-1;
        cpuset.mems=0;
    }
# limit the maximum memory to 700Mb.
    memory {
        memory.limit_in_bytes="700M";
        memory.max_usage_in_bytes="0";
    }
}
#------end cgconfig----------------

 

Continue reading

configure firewall – the easy way.

2013-04-24 1 min read Fedora Linux

It is good practice to keep iptables/firewall enabled. But configuring it is difficult, do you agree. Not any more 🙂

Install firewall-config

sudo yum install firewall-config

This will install a GUI application, which you can run with “Firewall” application in the dash or with “firewall-config” in terminal. It is pretty straight forward to use this tool, even if you don’t have much knowledge on Firewall/iptables.

Continue reading

Allow incoming/outgoing ports on iptables

2012-11-27 2 min read Fedora
Schematic for the packet flow paths through Li...
Schematic for the packet flow paths through Linux networking and Xtables (Photo credit: Wikipedia)

Last couple of years, I just used to disable iptables on my system, this time I decided not to disable it and keep it enabled.

So far so good, now comes the tricky part, I have http server enabled on my system and since this is on local network with already firewall and other security in place so I can allow all incoming to my system and similarly I need to enable XDMCP outgoing. So, I can add the rules like this :

Continue reading

mysql output to an array for easy parsing.

2011-05-11 2 min read Bash Database

 

Today I was looking for some way to put the output of the mysql output in an array in a bash script. Quick google search yeilded to results something like this:

 

  <td>
    <div class="text codecolorer">
      output=$(mysql -e "select * from table")
    </div>
  </td>
</tr>
1

The problem with the above approach is that all the words go into separate index. So if you have a line that has space then that is split into multiple index’s. Not good…

Continue reading

Security — Installing and monitoring snort logs.

2010-06-04 2 min read Fedora Linux

Snort is a very good security tool to install if you are concerned about the security of your system. I find it really useful but the problem is I keep forgetting to monitor the logs so what did I do, I installed snort and configured cron to send to logs everyday, here&#8217;s how.

On fedora, snort is available in the repository but the rules are not. So to install snort just type in the following in a terminal:

Continue reading
Older posts Newer posts