mitmproxy : intercept, inspect, modify and replay

Tags

mitmproxy, ubuntu

https://mitmproxy.org/ is CLI based An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed. Installation easy. For Ubuntu do the following:

sudo apt-get install python-pip python-dev libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev
sudo pip install mitmproxy

Run mitmproxy

fakrul@console ~> mitmproxy

It will run on port 8080. Now fire up your browser and point it the proxy. You can use it for both http & https. You will get the all the session details.

OpenVPN in Ubuntu 14.04

Tags

OpenVPN, Security, ubuntu, VPN

The quickest way to install OpenVPN in Ubuntu 14.04:

1. Download the initial script:

$ wget https://git.io/vpn -O openvpn-install.sh

2. Run the command

$ sudo bash openvpn-install.sh

You need to define the external IP address on which you will run the service

a.External IP address on which you will run the service

b. Port No

c. DNS you want to use

To get the public IP you can try the following command:

dig TXT +short o-o.myaddr.l.google.com @ns1.google.com

It will create necessary certificates and also create the first client.

That is all. Your OpenVPN server has been configured and ready to use. You can see added firewall rules /etc/rc.local file:

$ cat /etc/rc.local
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 202.125.97.10

Type the following command start the OpenVPN service:

$ sudo /etc/init.d/openvpn start

The client certificate will be stored in the home directory.

fakrul-apnic.ovpn

To connect from MacOSX, you can use TunnelBlick which is available at https://tunnelblick.net

To add new client run the openvpn-install.sh script. Choose option 1 to add new client and certificate will be store in home folder.

Install and Configure SNMP on Ubuntu

Tags

SNMP, ubuntu

This guide describe how to install and configure SNMP on Ubuntu.

1.Installation

root@netflow:/# sudo apt-get install snmpd

2. Configuration
Move existing /etc/snmp/snmpd.conf configuration file to /etc/snmp/snmpd.conf.org

root@netflow:/# mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org

Create a new /etc/snmp/snmpd.conf file:

# Configure Read-Only community and restrict who can connect
rocommunity COPUBLIC 103.12.179.0/24
rocommunity COPUBLIC 127.0.0.1

# Information about this host
sysLocation bdHUB Dhaka Bangladesh
sysContact noc@bdhub.com

# Which OSI layers are active in this host
# (Application + End-to-End layers)
sysServices 72

Make snmpd use the newly created file and make it listen to all interfaces:

Edit /etc/default/snmpd

root@netflow:/# vi /etc/default/snmpd

Change from:

# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1’

To:

# snmpd options (use syslog, close stdin/out/err).
#SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1’
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf’

and restart snmpd

root@netflow:/# /etc/init.d/snmpd restart

3. Test
Check SNMP is running

root@netflow:/# sudo netstat -ulnp | grep 161
udp 0 0 0.0.0.0:161 0.0.0.0:* 28676/snmpd

Check the snmpstatus output

root@netflow:/# snmpstatus -c ‘COPUBLIC’ -v2c 103.12.179.12

bindgraph : Monitoring DNS Queries

Tags

bind, bindgraph, ubuntu

1. Install bindgraph

# apt-get install bindgraph

2. Enabling logging in bind9
Add a config file where We’ll include logging configuration:

# vi /etc/bind/named.conf
include “/etc/bind/named.conf.log”;

Add definition logging:

# vi /etc/bind/named.conf.log

# Configure the logging options
logging {

category security { security_channel; default; };
category lame-servers { null; };
category default { default; };
category queries { querylog; };

channel security_channel {
file ”/var/log/named/security.log”;
severity debug;
print-time yes;
print-category yes;
print-severity yes;
};

channel default {
file “/var/log/named/bind.log” versions 3 size 5m;
severity warning;
print-time yes;
print-category yes;
print-severity yes;
};

channel “querylog” {
file “/var/log/named/bind-queries.log”;
print-time yes;
print-category yes;
};
};

This log configuration creates a new channel that will send all log output to the log file definition and associate this channel with the predefined category named queries, included with bind software.

3. Create named directory for logging and set correctly permissions:

# mkdir /var/log/named
# chown bind:bind /var/log/named/

4. Restart bind9 service:

# service bind9 restart

5. Configuring bindgraph

Edit bindgraph settings to set the correct file queries log:

# vi /etc/default/bindgraph
DNS_LOG=/var/log/named/bind-queries.log

6. Edit apache settings to access only to the statistics from internal network:

# vi /etc/apache2/sites-enabled/000-default

AllowOverride None

Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from 192.168.1.0/24

7. Restart bindgraph service and apache:

# service bindgraph restart
# service apache2 restart

8. Now we can access our statistics from the link: http://your-ip-address/cgi-bin/bindgraph.cgi

[source: http://opentodo.net/2012/09/monitoring-dns-queries-with-bindgraph/]

Access RANCID backup with webSVN

Tags

RANCID, ubuntu, websvn

1. Install WebSVN:

# apt-get install websvn

When asked for the “svn parent repositories” change the path to be: /var/lib/rancid/svn. Do the same when asked about “svn repositories”

2. Fix permissions. The web server must be able to read the SVN (Subversion) folder

# chgrp -R www-data /var/lib/rancid/svn
# chmod g+w -R /var/lib/rancid/svn

3. Change ownership of web files

# chown www-data:www-data /usr/local/websvn

4. Edit websvn configuration file:

# vi /usr/share/websvn/include/config.php
$config->addRepository(‘Routers’, ‘file:///var/lib/rancid/svn/’);

5. Add the following virtual host entry to your apache configuration file /etc/apache2/sites-enabled/000-default

# vi /etc/apache2/sites-enabled/000-default

Alias /websvn /usr/share/websvn
DirectoryIndex index.php
Options FollowSymLinks
deny from all
AllowOverride AuthConfig
Order deny,allow

php_flag magic_quotes_gpc Off
php_flag track_vars On

6. Reload apache and try to browse the websvn: http://hostname/websvn

Bellow is the screenshot how webSVN look like:

If you get error ““/var/lib/rancid/CVS/db/uuid’: Permission denied” the CVS directory is owned by the user rancid:rancid” try the following:

# usermod -a -G rancid www-data