Security

Tmux Sheet Cheat

Vijay Ronan — Mon, 16 Mar 2020 17:23:17 +0000

# remap prefix from 'C-b' to 'C-a'
unbind C-b
set-option -g prefix C-a
bind-key C-a send-prefix
#setting the delay between prefix and command
set -s escape-time 1
#Set the base index for windows to 1 instead of 0
set -g base-index 1
bind r source-file ~/.tmux.conf
#Set the default terminal mode to 256color mode
set -g default-terminal "screen-256color"
#SET Color for the active window
setw -g window-status-current-style fg=white,bold,bg=red
#Status line righ side - 31-Oct 13:37
set -g status-right "#[fg=black]%d %b %R"
#Update the status line every sixty seconds
set -g status-interval 60
#set the color of the window list
setw -g window-status-style fg=cyan,bg=black
#enable vi keys.
setw -g mode-keys vi
#enable mouse
set -g mouse on
bind Escape copy-mode
bind-key -T copy-mode-vi v send-keys -X begin-selection
bind-key -T copy-mode-vi y send-keys -X copy-selection
bind-key -T copy-mode-vi r send-keys -X rectangle-toggle
unbind p
bind p paste-buffer

Nexpose

Vijay Ronan — Wed, 15 May 2019 21:57:22 +0530

Nexpose components:

Security Console - This is the component you’ll use to create sites, run scans, generate reports, and much more. The Security Console is accessed via a web-based user interface through any of our supported browsers.
PostgreSQL database - The embedded PostgreSQL databases stores all the asset scan data and is used for generating reports.
Local Scan Engine - Scan Engines are responsible for performing scan jobs on your assets. Your installation includes a local Scan Engine that you can use for trial purposes like this one. Note that Scan Engines only store scan data temporarily before sending it back to the Security Console for integration and long-term storage.

Macos Bash

Vijay Ronan — Wed, 15 May 2019 19:26:25 +0530

export PS1="\[\033[0m\]\w\$ "
export CLICOLOR=1
export LSCOLORS=ExFxBxDxCxegedabagacad
alias ls='ls -GFh'

Nmap

Vijay Ronan — Sat, 04 May 2019 00:12:12 +0530

Nmap is an open-source network scanner. It is used to discover hosts and services on a computer network by sending packets and analyzing the responses.

Features

Host discovery Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
Port scanning Enumerating the open ports on target hosts.
Version detection – Interrogating network services on remote devices to determine application name and version number
OS detection – Determining the operating system and hardware characteristics of network devices.
Scriptable interaction with the target – using Nmap Scripting Engine(NSE) and Lua programming language.

Host Discovery

Ping Scan -sn
TCP SYN Scan -sn -PS
TCP ACK Scan -sn -PA

Scan all TCP ports

nmap -n -p- 192.168.1.1

SNMP Configuration Juniper SRX

Vijay Ronan — Tue, 26 Jun 2018 23:50:47 +0530

Allow SNMP service from Security Zone

set security zones security-zone trust host-inbound-traffic system-services snmp

Set snap community and Allowed clients

set snmp community ZIodZHut3jTjHRiYBzpg authorization read-only
set snmp community ZIodZHut3jTjHRiYBzpg clients 10.11.50.137/32

Timezone Convert Python

Vijay Ronan — Sat, 23 Jun 2018 14:22:24 +0530

Install pytz module

pip install pytz

from datetime import datetime
from pytz import timezone
fmt = "%b %d %H:%M"
# Current time in UTC
utc_time = datetime.now(timezone('UTC'))
# Convert to IST time zone
ist_time = utc_time.astimezone(timezone('Asia/Kolkata'))
ist_time = ist_time.strftime(fmt)
print ist_time

Reinstall Windows Bootloader

Vijay Ronan — Sat, 23 Jun 2018 14:17:18 +0530

Boot from DVD
go to repaire option
It will auto dectec the C drive Go to command prompt

bootrec /fixmbr

repair the boot loader

bootrec /fixboot

write new bootloader to MBR

Django Http Request Meta

Vijay Ronan — Sat, 23 Jun 2018 14:13:16 +0530

A standard Python dictionary containing all available HTTP headers. Available headers depend on the client and server, but here are some examples:

request.META.get('HTTP_USER_AGENT')

CONTENT_LENGTH – The length of the request body (as a string).
CONTENT_TYPE – The MIME type of the request body.
HTTP_ACCEPT – Acceptable content types for the response.
HTTP_ACCEPT_ENCODING – Acceptable encodings for the response.
HTTP_ACCEPT_LANGUAGE – Acceptable languages for the response.
HTTP_HOST – The HTTP Host header sent by the client.
HTTP_REFERER – The referring page, if any.
HTTP_USER_AGENT – The client’s user-agent string.
QUERY_STRING – The query string, as a single (unparsed) string.
REMOTE_ADDR – The IP address of the client.
REMOTE_HOST – The hostname of the client.
REMOTE_USER – The user authenticated by the Web server, if any.
REQUEST_METHOD – A string such as “GET” or “POST”.
SERVER_NAME – The hostname of the server.
SERVER_PORT – The port of the server (as a string).

Git Commands

Vijay Ronan — Sat, 23 Jun 2018 13:50:07 +0530

Major GIT commands:

git config

Sets configuration values for your user name, email, gpg key, preferred diff algorithm, file formats and more. Example: git config –global user.name “My Name” git config –global user.email “user@domain.com” cat ~/.gitconfig [user] name = My Name email = user@domain.com

git init

Initializes a git repository – creates the initial ‘.git’ directory in a new or in an existing project. Example: cd /home/user/my_new_git_folder/ git init

git clone

Makes a Git repository copy from a remote source. Also adds the original location as a remote so you can fetch from it again and push to it if you have permissions. Example: git clone git@github.com:user/test.git

git add .

Adds files changes in your working directory to your index. Example: git add .

git rm

Removes files from your index and your working directory so they will not be tracked. Example: git rm filename

git commit

Takes all of the changes written in the index, creates a new commit object pointing to it and sets the branch to point to that new commit. Examples: git commit -m ‘committing added changes’ git commit -a -m ‘committing all changes, equals to git add and git commit’

git status

Shows you the status of files in the index versus the working directory. It will list out files that are untracked (only in your working directory), modified (tracked but not yet updated in your index), and staged (added to your index and ready for committing). Example: git status # On branch master # # Initial commit # # Untracked files: # (use “git add … “ to include in what will be committed) # # README nothing added to commit but untracked files present (use “git add” to track)

git branch

Lists existing branches, including remote branches if ‘-a’ is provided. Creates a new branch if a branch name is provided. Example: git branch -a * master remotes/origin/master

git checkout

Checks out a different branch – switches branches by updating the index, working tree, and HEAD to reflect the chosen branch. Example: git checkout newbranch

git merge

Merges one or more branches into your current branch and automatically creates a new commit if there are no conflicts. Example: git merge newbranchversion

git reset

Resets your index and working directory to the state of your last commit. Example: git reset –hard HEAD

git stash

Temporarily saves changes that you don’t want to commit immediately. You can apply the changes later. Example: git stash Saved working directory and index state “WIP on master: 84f241e first commit” HEAD is now at 84f241e first commit (To restore them type “git stash apply”)

git tag

Tags a specific commit with a simple, human readable handle that never moves. Example: git tag -a v1.0 -m ‘this is version 1.0 tag’

git fetch

Fetches all the objects from the remote repository that are not present in the local one. Example: git fetch origin

git pull

Fetches the files from the remote repository and merges it with your local one. This command is equal to the git fetch and the git merge sequence. Example: git pull origin

git push Pushes all the modified local objects to the remote repository and advances its branches. Example: git push origin master

git remote

Shows all the remote versions of your repository. Example: git remote origin

git log

Shows a listing of commits on a branch including the corresponding details. Example: git log commit 84f241e8a0d768fb37ff7ad40e294b61a99a0abe Author: User user@domain.com Date: Mon May 3 09:24:05 2010 +0300 first commit

git show

Shows information about a git object. Example: git show commit 84f241e8a0d768fb37ff7ad40e294b61a99a0abe Author: User user@domain.com Date: Mon May 3 09:24:05 2010 +0300 first commit diff –git a/README b/README new file mode 100644 index 0000000..e69de29

git ls

Shows a tree object, including the mode and the name of each item and the SHA-1 value of the blob or the tree that it points to. Example: git ls-tree master^{tree} 100644 blob e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 README

git cat

Used to view the type of an object through the SHA-1 value. Example: git cat-file -t e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 blob

git grep

Lets you search through your trees of content for words and phrases. Example: git grep “www.siteground.com” – *.php

git diff

Generates patch files or statistics of differences between paths or files in your git repository, or your index or your working directory. Example: git diff

NAT Configuration ASA

Vijay Ronan — Sat, 23 Jun 2018 13:38:12 +0530

Static NAT

object network host-10.29.29.33
host 10.29.29.33
nat (dmz,outside) static 103.252.X.X
access-list outside-inside extended permit ip any object host-10.29.29.33

Source NAT

object network net-10.29.0.0
nat (any,outside) dynamic interface
object network host-10.29.20.62

NAT Configuration Netscreen

Vijay Ronan — Sat, 23 Jun 2018 13:32:42 +0530

set interface "<INTERFACE_NAME>" mip <PUBLIC_IP> host <PRIVATE_IP> netmask 255.255.255.255 vr "trust-vr"
set policy id 200 from "Untrust" to "Trust" "Any-IPv4" "MIP(<PUBLIC_IP>)" "ANY" permit log

Django and Mysql in Ubuntu

Vijay Ronan — Sat, 23 Jun 2018 11:59:20 +0530

Install required packages

sudo apt-get install python-pip python-dev python-virtualenv mysql-server libmysqlclient-dev

Create project and virtualenv

mkdir ipinfinity && cd ipinfinity
virtualenv venv
pip install "django<1.9" mysqlclient

Create database in Mysql and change setting in django

Change database setting to mysql

DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'myproject',
'USER': 'myprojectuser',
'PASSWORD': 'password',
'HOST': 'localhost',
'PORT': '',
}
}

Migrate to Mysql and create super user

python manage.py makemigrations
python manage.py migrate
python manage.py createsuperuser

Juniper SRX Sessions

Vijay Ronan — Fri, 22 Jun 2018 01:09:10 +0530

Display Sessions Summary

show security flow session summary

Display All Sessions

show security flow session

Terminate All Sessions

clear security flow session all

Display a Specific Source IP / Subnet Session

show security flow session source-prefix 10.29.29.93
show security flow session source-prefix 10.29.28.0/24

Display a Specific Destination IP / Subnet / Port Session

show security flow session destination-prefix 4.2.2.2
show security flow session destination-prefix 8.8.8.0/8
show security flow session destination-port 80

Terminate the session whose session ID you specify

clear security flow session session-identifier 40000381

Pat Configuration Vyatta

Vijay Ronan — Fri, 22 Jun 2018 00:43:24 +0530

PAT Configuration in Vyatta

set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 10.29.29.0/24
set nat source rule 10 translation address masquerade

SSH Configuration ASA

Vijay Ronan — Mon, 23 Jun 2014 14:05:09 +0530

Set hostname

asa(config)# hostname asa1

Set domain name

asa1(config)# domain-name blog.smsid.in

Create RSA Key

asa1(config)# crypto key generate rsa modulus 1024

Allow ssh from inside/ Outside

asa1(config)# ssh 0.0.0.0 0.0.0.0 outside
asa1(config)# ssh 0.0.0.0 0.0.0.0 inside

Create Local user account

asa1(config)# username admin password ******* privilege 15

Local user account database to SSH AAA group

asa1(config)# aaa authentication ssh console LOCAL

Ubuntu Static IP Address

Vijay Ronan — Sun, 22 Jun 2014 00:34:51 +0530

Static IP Configuration Debian & Ubuntu

Edit :/etc/network/interfaces

vi /etc/network/interfaces
# The loopback interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 10.29.29.61
netmask 255.255.255.0
network 10.29.29.0
broadcast 10.29.29.255
gateway 10.29.29.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 10.29.29.10
# Configuration for eth0 aliases
# This line ensures that the interface will be brought up during boot.
auto eth0:0
# eth0:0
# This is a second IP address.
iface eth0:0 inet static
address 10.30.1.2
netmask 255.255.255.0

Restart networking:

/etc/init.d/networking restart

Kvm and Openvswitch Ubuntu 14

Vijay Ronan — Sat, 22 Mar 2014 00:56:41 +0530

Update packages

apt-get update && apt-get upgrade

Install Packages

apt-get install openvswitch-switch qemu-kvm libvirt-bin

Ubuntu Box has 2 NIC

eth0 - only management traffic which is connected to Cisco 3560X port number g0/44 eth1 - Traffic for VM’s(all vlans) - connected to Cisco 3560X port number g0/46

Cisco Configuration

interface GigabitEthernet0/44
description *** Connected Monitoring02 eth0 ***
switchport access vlan 20
switchport mode access
spanning-tree portfast
interface GigabitEthernet0/46
description *** Connected Monitoring02 eth1 ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 21-29
switchport mode trunk

Update network configuration in ubuntu

edit /etc/network/interfaces

auto lo
iface lo inet loopback
# The primary network interface
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 10.29.20.62
netmask 255.255.255.0
network 10.29.20.0
broadcast 10.29.20.255
gateway 10.29.20.1
dns-nameservers 8.8.8.8
auto eth1
iface eth1 inet manual

Openvswitch configuration

ovs-vsctl add-br ovs-switch ### create bridge name
ovs-vsctl add-port ovs-switch eth1 ### add physical port to bridge
ovs-vsctl show ### check configuration
fdae1b4b-d255-41f2-b764-c535a24f5ccc
Bridge ovs-switch
Port "eth1"
Interface "eth1"
Port ovs-switch
Interface ovs-switch
type: internal
ovs_version: "2.0.2"

Delete default network setting and update, Here vlan 25, we made it as a default network

cd /etc/libvirt/qemu/networks/
root@monitoring:/etc/libvirt/qemu/networks# ls
autostart default.xml
root@monitoring:/etc/libvirt/qemu/networks# > default.xml

Edit /etc/libvirt/qemu/network/default.xml

<network>
<name>default</name>
<forward mode='bridge'/>
<bridge name='ovs-switch'/>
<virtualport type='openvswitch'/>
<portgroup name='vlan-20'>
<vlan>
<tag id='20'/>
</vlan>
</portgroup>
<portgroup name='vlan-21'>
<vlan>
<tag id='21'/>
</vlan>
</portgroup>
<portgroup name='vlan-22'>
<vlan>
<tag id='22'/>
</vlan>
</portgroup>
<portgroup name='vlan-23'>
<vlan>
<tag id='23'/>
</vlan>
</portgroup>
<portgroup name='vlan-24'>
<vlan>
<tag id='24'/>
</vlan>
</portgroup>
<portgroup name='vlan-25' default='yes'>
<vlan>
<tag id='25'/>
</vlan>
</portgroup>
<portgroup name='vlan-26'>
<vlan>
<tag id='26'/>
</vlan>
</portgroup>
<portgroup name='vlan-27'>
<vlan>
<tag id='27'/>
</vlan>
</portgroup>
<portgroup name='vlan-28'>
<vlan>
<tag id='28'/>
</vlan>
</portgroup>
<portgroup name='vlan-29'>
<vlan>
<tag id='29'/>
</vlan>
</portgroup>
</network>

Restart libvirt-bin

/etc/init.d/libvirt-bin restart

Finally reboot the ubuntu box

VM Guest install

virt-install \
--name debian7 \
--ram 1024 \
--disk path=./debian7.img,bus=virtio,size=15 \
--vcpus 2 \
--os-type linux \
--os-variant debianwheezy \
--graphics none \
--console pty,target_type=serial \
--location 'http://ftp.us.debian.org/debian/dists/wheezy/main/installer-amd64/' \
--extra-args 'console=ttyS0,115200n8 serial'