Website Security Scan

Websites get hacked every day, customers details taken, and it’s usually REALLY EASY to do. As a security consultant,  I often get a call after a Google search turns up with my details as the guy to contact when this happens. Shameless plug over, why not consider some of the things that can be done to help prevent a website breach.. […]

By | January 19th, 2010|Development, Linux, MySQL, PHP, Security Consultant, Technology|1 Comment

Easy Reverse Engineering

Compiling a program doesn’t protect it or necessarily hide the source. Take the following example C program. It serves no real life purpose and should never print anything to the console: #include <stdio.h> int main(void) { const char *password = “secretpassword”; const char *otherpassword = “othersecretpassword”; if(!strcmp(password, otherpassword)) { printf(“This will never get evaluated”); } return 0; } To assemble the code using gcc -S test.c leaves test.s. The important point being that all strings remain intact: […]

By | November 2nd, 2009|C/C++, Development, Linux|0 Comments

Installing and Configuring Xen with guests

Installing and Configuring Xen on a Debian Lenny machine is pretty easy. Firstly, install the system: apt-get install xen-tools xen-utils-3.2-1 xen-linux-system-2.6.26-2-xen-686 xen-linux-system-2.6.26-2-xen-686 comes with the Xen kernel that you’ll need. It should install a new kernel as the default, and therefore you’ll now need to reboot. Once rebooted, issue uname -a to ensure that your new Xen kernel is running: apnic01:~# uname -a Linux apnic01 2.6.26-2-xen-686 #1 SMP Wed Aug 19 08:47:57 UTC 2009 i686 GNU/Linux You now have Xen installed! Now, you’ll need to make a few changes. Firstly, none of my new guest VMs had working console, apparently this is a known issue in Lenny with Lenny guests. The work around is to change the inittab on the guest. I wanted to create guests without modifications, so in this case, I edited /etc/xen-tools/xen-tools.conf and uncommented: #serial_device = hvc0 #default It’s listed as the default, but uncommenting this seemed to solve my issues. Now, you’re ready to create your first guest: […]

By | October 18th, 2009|Linux, Technology|0 Comments

Linux C setuid setgid tutorial

Here’s a very brief example of how to use setuid() and setgid() functions in your C program. #include <stdio.h> #include <sys/types.h> #include <unistd.h> int main(void) { int current_uid = getuid(); printf("My UID is: %d. My GID is: %dn", current_uid, getgid()); system("/usr/bin/id"); if (setuid(0)) { perror("setuid"); return 1; } //I am now root! printf("My UID is: %d. My GID is: %dn", getuid(), getgid()); system("/usr/bin/id"); //Time to drop back to regular user privileges setuid(current_uid); printf("My UID is: %d. My GID is: %dn", getuid(), getgid()); system("/usr/bin/id"); return 0; } The program above should be pretty self explanatory, now: adam@staging:~$ gcc -O2 -ggdb -o setuid setuid.c adam@staging:~$ ls -al setuid -rwxr-xr-x 1 adam adam 9792 2009-10-03 18:09 setuid adam@staging:~$ […]

By | October 3rd, 2009|C/C++, Development, Linux|0 Comments

Linux Security Freelancer – Securing a node – Where to start?

As a Linux Security Freelancer, I’m often asked where best to start when securing a single linux host. Whereas most would suggest configuring iptables or similar, the most effective first step in my opinion is to remove unnecessary services. There are a number of methods that you can use to show open sockets at least: lsof -U will list open sockets nmap -sT -sU localhost will scan your local machine for open TCP or UDP ports netstat -a | grep LISTEN will show all listening sockets. Forgive me for stating the obvious, but the first thing to do is disable any open sockets or services that aren’t required. On a default install, this could include the likes of the portmapper service, identd and an smtpd. Next, you want to suitably lock down user accounts, check passwords, and perhaps consider enforcing a secure password policy, at minimum I generally prefer at least 8 characters, at least one uppercase, one lowercase and one integer. Obviously this shouldn’t be easily guessible, nor should it just end in a ‘1’. Once done, the next thing that you want to do is to suitably firewall the services that you do require open, and perhaps also restrict the rate of ICMPs, etc, with iptables. […]

By | October 3rd, 2009|Linux, Security Consultant, Technology|1 Comment