IT Security

How to find unsecured ip/surveillance cameras

I made some thoughts about the security of ip camera systems. HTTP Cameras There are nowadays even cameras which doesn’t offer https. There you can fetch the stream easily. HTTPS Cameras Some camera producers give all of the cameras the same ssl certificates. If you buy one of those and copy the private key you …

How to find unsecured ip/surveillance cameras Weiterlesen »

iptables block/drop ip range

How to block/drop an ip range with iptables: I get a few fail2ban ssh mails everyday from just bergdorf network. So i wanted to block the whole ip block 91.224.160.XXX. iptables -A INPUT -s 91.224.160.0/24 -j DROP

SSH – 2/two factor authentification

two factor authentification under ssh with google authenticator apt-get install libpam-google-authenticator root@mattionline:~# google-authenticator Do you want authentication tokens to be time-based (y/n) y Do you want me to update your „/root/.google_authenticator“ file (y/n) y Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, …

SSH – 2/two factor authentification Weiterlesen »

LUKS – Create Headerbackup

How to create a LUKS Headerbackup of your crypted devices: get a list of all crypto_luks devices lsblk –fs cryptsetup luksHeaderBackup /dev/sda3 –header-backup-file headerbackup_sda3.luks cryptsetup luksHeaderBackup /dev/md0 –header-backup-file headerbackup_md0.luks

Linux – compile Keepassx

Tutorial: Compile Keepassx under Ubuntu Linux In the current apt sources there is just the version 1 available. When you compile the tarball manually you’ll get the newest version 2. Download Source code: https://www.keepassx.org/downloads/ tar xfv keepassx-2.0.2.tar.gz cd keepassx-2.0.2/ mkdir build cd build/ sudo apt-get install build-essential cmake libqt4-dev libgcrypt-dev libxtst-dev zlib1g-dev export QT_SELECT=qt4 cmake .. make …

Linux – compile Keepassx Weiterlesen »

pfsense – how to add a subnet

How to add a subnet in pfsense: brctl addbr brtsbot ip link set brtsbot up 192.168.3.0/30 Netz: 192.168.3.0 Gateway: 192.168.3.1 TSBot: 192.168.3.2 Broadcast: 192.168.3.3 virt-manager: brtsbot bei TSBot e1000 interface für pfsense -> tsbot virtio pfsense rebooten interfaces enable brtsbot static ipv4 dhcp6 ipv4 address 192.168.3.1 /30 statische ip in dem os vergeben Auf firewall …

pfsense – how to add a subnet Weiterlesen »

Php5-FPM chrooten / jail / security for webspace

Shared Webspace absichern: Ich wollte einem Kollegen Webspace geben, aber keinen Zugriff auf meine Platten. Ich habe mir direkt gedacht, dass es doch bestimmt einfach zu exploiten ist und so war es auch. Mit einem kurzen file_get_contents konnte ich auch außerhalb von /home/maxi auf die Datei /home/geheimnis zugreifen. Durch die prefix und chroot Einstellung in …

Php5-FPM chrooten / jail / security for webspace Weiterlesen »

Allow SFTP but disallow SSH

nano /etc/ssh/sshd_config #Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp Match group sftponly ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp addgroup sftponly adduser maxi sftponly /etc/init.d/ssh restart nano /etc/passwd maxi:x:1004:1004:,,,:/home/maxi:/bin/false chown root:root /home/maxi mathias@workstation:~$ ssh maxi@mattionline.de Could not chdir to home directory /home/maxi: No such file or directory This service allows sftp connections only. Connection to …

Allow SFTP but disallow SSH Weiterlesen »

mtr – Packet Loss Quelle herausfinden

Wenn mal das Internet spinnt und man herausfinden möchte, wo genau es scheitert kann man sich die genauen Routen des Traffics anzeigen lassen. mathias@workstation:~$ mtr –report veloc1ty.de Start: Tue Mar 15 20:53:37 2016 HOST: workstation                 Loss%   Snt   Last   Avg  Best  Wrst StDev   1.|– Firewall.mattionline.lan   0.0%    10    0.5   0.4   0.3   0.5   0.0   2.|– 192.168.1.1                …

mtr – Packet Loss Quelle herausfinden Weiterlesen »

Scroll to Top