SSH Penetration Testing

Prevention against Brute force attack

A threshold account lockout policy in windows which locked an account after certain numbers of attempt that can be possible in UNIX also through Iptables chain rule.

Here admin can set iptable chain rules for a certain number of login attempts and if user crossed the defined number then the account will get locked for some time period as specified by admin.

Type the given below command to set iptable chain rule for account lockout policy:

sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 120 --hitcount 3 -j DROP




[email protected]:/etc$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: UPDATE seconds: 120 hit_count: 3 name: DEFAULT side: source mask: 255.255.255.255
           tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
sudo service ssh restart

Install iptables-persistent:

sudo apt-get install iptables-persistent
sudo su
iptables-save > /etc/iptables.rules

HOWTO: ArchLinux – Intel and AMD have CPU meltdown as two major security flaws are blown open

Etkilenen OS versiyonları; 4.14.12-1 versiyonun altındaki tüm Arch Linux işletim sistemleri.

[[email protected] ~]$ uname -a
Linux Dell-Linux 4.14.8-1-ARCH #1 SMP PREEMPT Wed Dec 20 21:27:44 UTC 2017 x86_64 GNU/Linux
[[email protected] ~]$

Çözüm & Solution,
[[email protected] ~]$ sudo pacman -Sy

[[email protected] ~]$ sudo pacman -Syyu
[sudo] password for Arch: 
:: Synchronizing package databases...
 core                             26.8      KiB   204K/s  00:01 [####################################################################] 100%
 extra                            1639.8    KiB   509K/s  00:03 [####################################################################] 100%
 community                        4.3       MiB   675K/s  00:06 [####################################################################] 100%
 multilib                         168.6     KiB   214K/s  00:01 [####################################################################] 100%
 archlinuxfr                      1.5       KiB   3.74M/s 00:00 [####################################################################] 100%
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (52) bind-9.11.2-3  bind-tools-9.11.2-3  linux-4.14.12-1  linux-headers-4.14.12-1  mesa-17.3.1-2  

[[email protected] ~]$ uname -a
Linux Dell-Linux 4.14.12-1-ARCH #1 SMP PREEMPT Wed Jan 3 07:02:42 UTC 2018 x86_64 GNU/Linux

AVG-552

Package linux
Status Fixed
Severity High
Type multiple issues
Affected 4.14.7-1
Fixed 4.14.11-1
Current 4.14.12-1 [core]
Ticket FS#56832
Created Thu Jan 4 00:17:01 2018

 

Çekirdeği kontrol etmek için;

[[email protected] ~]$ zgrep CONFIG_PAGE_TABLE_ISOLATION /proc/config.gz
CONFIG_PAGE_TABLE_ISOLATION=y
[[email protected] ~]$ dmesg | grep iso  
[    0.000000] Kernel/User page tables isolation: enabled

AVG-522

Linux Find Large Files

RedHat / CentOS / Fedora Linux

find {/path/to/directory/} -type f -size +{size-in-kb}k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

50MB ‘dan büyük dosyaların listelenmesi için;
$ find . -type f -size +50000k -exec ls -lh {} \; | awk ‘{ print $9 “: ” $5 }’

Debian / Ubuntu Linux

find {/path/to/directory/} -type f -size +{size-in-kb}k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

50MB ‘dan büyük dosyaların listelenmesi için;
$ find . -type f -size +50000k -exec ls -lh {} \; | awk ‘{ print $8 “: ” $5 }’

Arch linux is patched : KRaCK

Verify like this: If you don’t sync your package databases you will likely pull an old version.

$ sudo pacman -Q wpa_supplicant
wpa_supplicant 1:2.6-8

This should go without saying, but for anyone new to arch make sure you run:
$ sudo pacman -Syu wpa_supplicant

verify like this:
$ sudo pacman -Q wpa_supplicant
wpa_supplicant 1:2.6-11

HOWTO: Delete all hidden .swp files from terminal

E325: ATTENTION
Found a swap file by the name ".swp"
owned by: subhrcho dated: Wed Dec 26 05:54:45 2012
file name: ~subhrcho/
modified: YES
user name: subhrcho host name: slc04lyo
process ID: 26176
While opening file ".vimrc"
dated: Mon Jan 28 22:45:16 2013
NEWER than swap file!

(1) Another program may be editing the same file.
If this is the case, be careful not to end up with two
different instances of the same file when making changes.
Quit, or continue with caution.

(2) An edit session for this file crashed.
If this is the case, use ":recover" or "vim -r "
to recover the changes (see ":help recovery").
If you did this already, delete the swap file ".swp"
to avoid this message.

Swap file ".swp" already exists!

find . -type f -name “.*.swp” -exec rm -f {} \;

Ubuntu Skype Kurulumu

wget -O skype.deb http://download.skype.com/linux/skype-ubuntu-precise_4.2.0.13-1_i386.deb
sudo dpkg -i skype.deb
sudo apt-get -f install && rm skype.deb
sudo apt-get install gtk2-engines-murrine:i386 gtk2-engines-pixbuf:i386 sni-qt:i386