05 Feb 10 Linux LUKS Crypt HOWTO

Linux kernels now support encrypted filesystems. Setting one up should take 5 minutes, or 3 hours if you’re like me and can’t read.

Firstly, install the right tools: apt-get install cryptsetup

Make a new partition, and initialize it with: cryptsetup luksFormat /dev/sda3 mycrypto

Where /dev/sda3 is your newly created partition and ‘mycrypto’ is your name for the container.

You will be prompted to type YES in uppercase to confirm your understanding that your partition is about to be wiped. If, like me, you type ‘yes’ in lowercase, it will fail with “Command Failed.”. You’ll then spend hours checking for loaded kernel modules, log files, and trawling google for more information. The answer is to type ‘YES’ in uppercase as you’re told

Enter a passphrase, and you’re ready to go.

Next, ‘open’ the container. cryptsetup luksOpen /dev/sdb3 enter the passphrase, and you should at this point end up with a /dev/mapper/mycrypto

Format with your desired partition mkfs.ext3 /dev/mapper/mycrypto

Then, you can mount /dev/mapper/mycrypto as you would any other block device: mount /dev/mapper/mycrypto /mnt/my_mount_point

To close the container:
umount /dev/mapper/mycrypto
cryptsetup luksClose mycrypto

Easy

Tags: crypto, cryptsetup, Linux, luks, mount, umount

31 Jan 10 Linux Controlled Door Entry

Having recently moved to a new apartment, one of the first things that I decided to do was build an RC entry system

Here’s some pictures:

The black box at the top is a simple Velleman RC control kit and the black box below is a 240VAC->12VDC regulated converter.  The Velleman RC receiver has two relays, one connected to an electric strike lock and the other connected over the button input in the entryphone which unlocks the main door.

On the RC transmitter there are two buttons, and as they are currently connected, one opens the main door and one unlocks the electric strike on the apartment door, with a 5 second timer on each.

This works well so far and I have paired the transmitters with the receiver so that default unpaired transmitters will not activate the relays. A few weeks on, having already locked myself out once, the next step is to extend this project.

I intend to have the RC transmitter connected separately to some embedded linux board, probably the spare Alix and Phidgets boards I have from the robot I built a while ago. The linux board will signal over a separate frequency to this door entry system. The linux board will perform a variety of functions from logging entries to automated surveillance.  Additionally the linux board will have net access and possibly run asterisk. I can either SMS my way in or alternatively call in to asterisk and do some voice authentication. More to follow when I actually have time to get this done..

Tags: alix, asterisk, embedded linux, phidgets, rc transmitter, sms, velleman

19 Jan 10 Website Security Scan

Websites get hacked every day, customers details taken, and it’s usually REALLY EASY to do. As a security consultant,  I often get a call after a Google search turns up with my details as the guy to contact when this happens.

Shameless plug: Why not contact me BEFORE this happens for a FREE basic web scan.

Shameless plug over, why not consider some of the things that can be done to help prevent a website breach..
(more…)

Tags: Apache, backups, code, cookie, cross site scripting, htaccess, LAMP, logs, mod_security, MySQL, PHP, php security, rate limit, restrict limit, Security Consultant, session, sniffing, sql injection, website security scan, xss

15 Jan 10 Embedded Linux Programmer

As an embedded linux programmer, I’ve had the opportunity to work on a number of different platforms, MIPS being one of my favorites.

There are a few general limitations that you’ll find. You have limited CPU power available, you have very little RAM available, and for more advanced operations and optimizations, your CPU will generally have a limited function set.

The usual good programming practices apply, but are of much greater importance. Specifically, don’t allocate memory that you don’t need, and dont put the CPU under undue stress with unnecessary or badly optimized loops. Taking C syntax and some pseudo code;
(more…)

Tags: assembler, embedded, loop, mips, optimize, x86

14 Jan 10 PHP Security

As a PHP programmer, there are a couple of things you can do quickly and easily to increase the security of your PHP code installation.

Look into PHP’s “safe mode” feature, ESPECIALLY if you’re running a webserver that takes the general public can upload scripts to. Here you’ll find a list of the functions disabled or restricted by safe mode. It is not strictly PHP’s job to restrict these types of functions, however unless you really know what you’re doing, the list of functions restricted by safemode is a good starting point for building secure applications. These are generally functions that allow file and directory manipulation, and socket manipulation. If it’s not possible within your environment to disable them all, disable as many of these functions as possible.

Although not that common, if I’m writing an application that heavily relies on functions that manipulate directories or sockets, I’ll prefer to create a C daemon or similar to handle this side of things and simply use PHP to communicate with it. (more…)

Tags: cross site scripting, directory, error reporting, magic quotes, MySQL, mysql_real_escape_string, PHP, php security, safe mode, socket, sql injection, xss

01 Jan 10 Linux Consultant – Server Management, Basic Housekeeping

Server management is one of the most basic requirements in maintaining a healthy server/cluster, however, is often overlooked until something goes wrong.  In it’s most basic form, server management involves:

1. Checking log files for size and suspicious entries
2. Checking disk space usage
3. Checking memory usage
4. Checking for new packages (apt-get update; apt-get upgrade)
5. Check load and process list
6. Checking backups

(more…)

Tags: housekeeping, server management

25 Dec 09 SSHing from a compromised machine

Often, when working with compromised machines, as a security consultant, I find a malicious SSH binary. The malicious SSH binary generally logs all usernames, passwords and hosts connected to from the compromised machine, and usually in /tmp/. The attacker can then log back into the machine and collect this file at a later date.
(more…)

Tags: attacker, binary, hacker, libc, malicious, md5, Security Consultant, ssh

17 Dec 09 PHP Programmer – Logical Operators

PHP allows the use of boolean operators.

AND, OR, XOR and NOT. We can combine NOT with AND and OR to form the NAND and NOR operators respectively.

$a = ($b and $c); will return TRUE if both $b AND $c are TRUE, otherwise, it will return FALSE. This can also be specified as $a = ($b && $c)

$a = ($b or $c); will return TRUE if $b OR $c are TRUE, otherwise, it will return FALSE. This can also be specified as $a = ($b || $c);

$a = ($b xor $c); will return TRUE if $b OR $c are TRUE, but not if they are both TRUE, otherwise, it will return FALSE.

$a = (! $b); will return TRUE if $b is NOT TRUE.

$a = (!($b && $c)); will form NAND (NOT + AND)
$a = (!$b || $c)); will form NOR (NOT+AND);
(more…)

Tags: and, bool, boolean, logic, logical operators, nand, nor, or, PHP, php programmer, xor

14 Dec 09 PHP Programmer – Numeric Shorthand

PHP 4 and 5 offer a few shorthand methods for basic numeric operations:

$n = $n + 1; can be specified as $n++;
$n = $n – 1; can be specified as $n–;
$n = $n + 10; can be specified as $n += 10;
$n = $n – 10; can be specified as $n -= 10;

On the subject of shorthand, also check out the PHP Ternary Operator

Tags: PHP, php programmer

03 Dec 09 PHP Programmer – Reading from files

Here I’ll give some file reading examples. There’s a few different ways to do this. I’m going to focus on plain text files only, as opposed to binary files.

If you just want to read the contents of a file into a string variable, then the easiest thing to do is use $mystring = file_get_contents(”/home/adam/myfile”);

For more control over what you’re doing, or if you want to do anything more than reading a file into a string, you’ll need to use the fopen, fread and fclose functions.

To read everything in one go:
(more…)

Tags: fclose, filesize, file_get_contents, fopen, fread, PHP, php programmer, strpos, substr