Escolher Server

Posted by zh on Tuesday Mar 14, 2017 Under Uncategorized

Servidor Dedicado – Parâmetros a considerar na escolha servidor:

-Preço
-Localização do servidor
-Reputação Empresa Hospedagem
-Gerenciado ou não gerenciado? root? ou dedicado?
-Debian / Centos / Freebsd / Gentoo /OpenBSD
-Sistema Operativo encriptado? opções?
-Ligação ssl / tls
-Certificado ssl
-Internet linha T1 / bandwidth / unmetered connection/ tier 4?
-Memória ram / quantidade e tipo ecc / ram encriptada?
-Tipo de disco (ssd de preferência) / discos auto encriptados? / SAS hard drives?
-uptime empresa hosting
-backups
-Marca do hardware usado (samsung/asus/intel/western digital)?
  – processador xeon / opções?
-Estrutura Fisica, Proteção Datacenter infrastructure (power, fire detection etc)
-Firewall iptables / routers / ddos protection
-Painel de controlo plesk | cpanel | webmin | ajentis | zpanel | ispconfig | openpanel ?
-Ligação ipv4 ou ipv6
-Tipo de raid ou lvm escolhido
-filtros de pó no hardware do servidor caso haja
-tipo refrigeração
-reiniciar remoto / wake on wan / acesso remoto tipo?
-tipo de bios & marca dela / settings
-consumo energia e potência datacenter e peças material hardware usadas do datacenter
-softwares usados no servidor?
-scripts automação quais? tipos? suporta?
-suporte técnico qual? tempo resposta e como?

-contatar empresa antes de adquirir pacote de serviços
-testar os demos dos paineis

Acesso ao servidor usar:
-sftp
-ssh v3
-vpn
-permissões ficheiros
-sstp

Segurança:
-Protocolos usados
-desabilitar acesso root
-fechar portas + ajustar/configurar/desabilitar serviços
-IDS snort (sistema intrusão deteção)
-filtros mail / spamassassin+failban
-registo Logs / backlog
-Política de passwords( senhas complexas e todas diferentes)
-backups
-lista de controlo de acessos
-grupos e utilizadores
-Tipos de encriptação e cifras usadas (sha1, md5, otr, diffie hellman etc)

Plataformas teste Vulnerabilidades:
https://pentesterlab.com
http://vulnhub.com/
https://www.lunarpages.com/uptime/securing-your-linux-dedicated-server

Documentação extra ler:
https://en.wikipedia.org/wiki/Server_(computing)
http://uptime.netcraft.com/
http://youtu.be/wNyFhZTSnPg
http://youtu.be/VsjqPq6fBgM
http://wikibon.org/wiki/v/Server_Options:_When_to_Lease_vs._When_to_Buy
http://www.cyberciti.biz/faq/data-center-standard-overview/
http://www.cyberciti.biz/tips/linux-security.html

Lista Datacenter internacionais:
http://wiredre.com/international-data-center-list/
http://uptimeinstitute.com/TierCertification/

Empresas Hosting :
https://www.ovh.pt/servidores_dedicados/
https://www.hetzner.de/
http://www.server4you.com/
http://www.online.net/

Observação- sempre comprar no país que oferecer preço mais baixo!

Empresas Hosting Extra:
http://english.keyweb.de/products/server/dedicated-server/
https://www.hosteurope.de/en/Server/Root-Server/
http://www.df.eu/
http://www.extremenetworks.com/products/
https://www.1and1.co.uk/server-dedicated-l?linkOrigin=dedicated-server&linkId=ct.btn.server-dedicated-l
http://www.webtropia.com/en/root-server/root-server-details.html?pid=RootS
http://www.serversfree.com/server-features/
https://www.copahost.com/en/managed-dedicated-servers

VPS:
https://www.linode.com/
https://www.digitalocean.com/
http://contabo.com
https://www.time4vps.eu/cart.php?a=view
http://www.server4you.com/vps/
https://ramnode.com/vps.php
https://host.tugatech.com.pt/servidores-dedicados-e-vps/servidores-dedicados

Análises Seg
http://www.inguardians.com/
http://www.modzero.ch/en/contact.html
http://www.offensive-security.com/

SOFTWARE
foreman
openstack
puppet
squid
ferm
fail2ban
snort
spam assassin
dnswall
setup dns

 

 

Versão EN

—————————————————————————————————–

Dedicated Server parameters and requirements to consider on choosing a server:

-Price
-Location of the Server
-Hosting Company Reputation
-Managed / Unmanaged Server
-Debian / Centos / Freebsd
-Operating system encrypted?
-connection ssl?
-Certificate ssl ?
-Internet T1 line / bandwidth / unmetered connection
-Memory Ram / ecc amount and type / encrypted ram?
-Type Disk (ssd preferably) / self encrypted drives? / SAS hard drives?
-uptime company
-backups
-brand hardware used (samsung / asus / intel / western digital)
-Datacenter Infrastructure (power, fire detection etc)
-Firewall Iptables / router / ddos protection
-Control Panel- plesk / cpanel / webmin / ajentis / zpanel / ispconfig
-connection ipv4 or ipv6
-type of Raid or lvm chosen
-server hardware dust filters
-cooling type
-remote reboot / wake on wan / remote access
-bios type & brand
-Power / energy consumption
-Software used on server server
-automation-scripts
-technical support response time
-contact company before purchasing services package
-test panel demos

Access to the server using:
-sftp
-ssh v3
-vpn
-file permissions
-sstp

Security
-used protocols
-disable root
-close ports + services
-IDS snort (intrusion detecting system)
-mail filters / spamassassin + failban
-Logs / Backlog
-Password Policy
-Types of Encryption and ciphers used (sha1, md5, des, diffie hellman etc)
-backups
-Access control list
-All passwords different and complex

Plataformas teste Vulnerabilidades:
https://pentesterlab.com
http://vulnhub.com/
https://www.lunarpages.com/uptime/securing-your-linux-dedicated-server

Documentação extra ler:
https://en.wikipedia.org/wiki/Server_(computing)
http://uptime.netcraft.com/
http://youtu.be/wNyFhZTSnPg
http://youtu.be/VsjqPq6fBgM
http://wikibon.org/wiki/v/Server_Options:_When_to_Lease_vs._When_to_Buy
http://www.cyberciti.biz/faq/data-center-standard-overview/
http://www.cyberciti.biz/tips/linux-security.html

Lista Datacenter internacionais:
http://wiredre.com/international-data-center-list/
http://uptimeinstitute.com/TierCertification/

Empresas Hosting :
https://www.ovh.pt/servidores_dedicados/
https://www.hetzner.de/
http://www.server4you.com/
http://www.online.net/

Observação- sempre comprar no país que oferece  preço mais baixo!

Hosting Companies Extra:
http://english.keyweb.de/products/server/dedicated-server/
https://www.hosteurope.de/en/Server/Root-Server/
http://www.df.eu/
http://www.extremenetworks.com/products/
https://www.1and1.co.uk/server-dedicated-l?linkOrigin=dedicated-server&linkId=ct.btn.server-dedicated-l
http://www.webtropia.com/en/root-server/root-server-details.html?pid=RootS
http://www.serversfree.com/server-features/
https://www.copahost.com/en/managed-dedicated-servers

VPS
https://www.linode.com/
https://www.digitalocean.com/
http://contabo.com
https://www.time4vps.eu/cart.php?a=view
http://www.server4you.com/vps/
https://ramnode.com/vps.php
https://host.tugatech.com.pt/servidores-dedicados-e-vps/servidores-dedicados

Análises Seg:
http://www.inguardians.com/
http://www.modzero.ch/en/contact.html
http://www.offensive-security.com/

SOFTWARE
foreman
openstack
puppet
squid
ferm
fail2ban
snort
spam assassin
dnswall
setup dns

Tags : | add comments

crypt irc+tor+sasl

Posted by zh on Tuesday Mar 14, 2017 Under Uncategorized

Bemvindos a mais um artigo:

Neste post vamos usar crypto em clientes de IRC com Otr, , Fish, AES ou derivados e ligar com TOR e SASL se o servidor suportar ou estiver configurado ao IRC.

De forma a instalar o Otr:

Vamos usar o cliente de irc “hexchat” mas em muitos outros o esquema é semelhante.

Debian

apt-get install hexchat

sudo apt-update
sudo apt-get -y install hexchat gcc make pkg-config libglib2.0-dev git automake autoconf-archive libtool glibc-source libcrypt-gcrypt-perl libotr5-dev

Existe ainda a hipótese de fazerem isto com backports onde o comando é o mesmo mas incluem “-t release-backports” a release seria por exemplo “jessie”, mas só fazem isto se os pacotes do vosso debian estiverem com backports e adicionados os repositórios na sources list. Este passo é opcional.

sudo apt-get -y install -t jessie-backports hexchat gcc make pkg-config libglib2.0-dev git automake autoconf-archive libtool glibc-source libcrypt-gcrypt-perl libotr5-dev

git clone https://github.com/TingPing/hexchat-otr
cd hexchat-otr

# compilar
./autogen.sh ; make -s
sudo make install

Existe ainda

https://github.com/TingPing/hexchat-otr

Dentro do cliente IRC hexchat executar comandos na janela de private do nick em questão:

/otr start

/otr finish

 

Fish

Por default já vem no cliente de irc Hexchat

Comandos na janela de private do cliente de irc ou canal

No nick de utilizador:

/setkey password

/delkey nick

No canal

/setkey password
/delkey #channel

 

Windows

Otr

Fish

Brevemente….

 

SASL

Para quem não sabe é uma framework de authenticação e segurança de dados em protocolos internet.

1-Abrir a lista de Redes no Hexchat (Ctrl+S) e escolhem a rede que querem.

2-No Campo de username colocar o vosso nick primário

3- Selecionar (username+password) no método de login

4- No campo de SASL password colocar a password.

 

TOR

Hexchat

/set net_proxy_host 127.0.0.1
/set net_proxy_type 3
/set net_proxy_port 9050 ou 9150 depende config
/set net_proxy_use 0

/set irc_user_name

/server -ssl hidden.onion 443 YourPasswordHere

ou

/server -ssl ipv6.url.pt 6697

Tags : | add comments

Arch linux vbox install

Posted by zh on Tuesday Mar 14, 2017 Under Uncategorized

Primeiramente instalar o virtualbox ou outra plataforma de virtualização de forma a criar uma máquina virtual no SO este pode ser Windows, GNU/Linux, Mac os x, BSD ou outros, neste caso vamos usar GNU/Linux

 

Depois fazer o download do ISO no site do ArchLinux:

https://www.archlinux.org/download/ na forma que mais preferirem magnet, torrent ou http.

Iremos criar uma nova entrada no vbox com as seguintes caracteristicas:

 

Selecionar type linux, arch linux 64bits

e indicar

Ram- 1GB ram

disco 20gb espaço

 

Comandos inseridos na vhd da vbox

loadkeys pt-latin9

timedatectl set-ntp true

cfdisk

mkfs.ext4 /dev/sda2

mount /dev/sda2 /mnt

mkswap /dev/sda1

swapon /dev/sda1

mkdir /mnt/boot

mount /dev/sda2 /mnt/boot

pacstrap /mnt base base-devel

 

genfstab -U -p /mnt >> /mnt/etc/fstab

arch-chroot /mnt

ln -sf /usr/share/zoneinfo/Europe/Lisbon /etc/localtime

hwclock –systohc

locale-gen

echo “LANG=pt_PT.UTF-8” > /etc/locale.conf

echo “KEYMAP=pt-latin9” > /etc/vconsole.conf

echo “planet” > /etc/hostname

 

pacman -S grub-bios

grub-install /dev/sda

grub-mkconfig -o /boot/grub/grub.cfg

mkinitcpio -p linux

 

echo “127.0.1.1 planet.localdomain planet” > /etc/hosts

127.0.0.1 localhost.localdomain localhost

::1 localhost.localdomain localhost

127.0.1.1 myhostname.localdomain myhostname

 

passwd

exit

 

useradd -m -g users -s /bin/bash test

useradd -m -g users -G wheel -s /bin/bash test

passwd test

 

visudo (add sudoers)

User ALL=(ALL) ALL

Ambiente Gráfico XFCE

pacman -Syy

pacman -S xorg-server xorg-server-utils xorg-xinit xf86-video-amdgpu xfce4 xfce4-goodies lightdm

echo “exec startxfce4” > ~/.xinitrc

systemctl enable lightdm.service

systemctl enable dhcpcd.service

umount –R /mnt

 

Tags : | add comments

#hydra example

Posted by root on Tuesday Mar 14, 2017 Under Uncategorized

Hydra is a very fast network logon cracker that support many different services.

hydra -l lifefilta -P passwords.txt ftp://192.168.122.5

hydra ssh -l -P -s 22 -vV

Tags : , , | add comments

#tcpdump examples

Posted by root on Tuesday Mar 7, 2017 Under Bash, Network

In most cases you will need root permission to be able to capture packets on an interface. Using tcpdump (with root) to capture the packets and saving them to a file to analyze with Wireshark (using a regular account) is recommended over using Wireshark with a root account to capture packets on an “untrusted” interface. See the Wireshark security advisories for reasons why.

See the list of interfaces on which tcpdump can listen:

tcpdump -D

Listen on interface eth0:

tcpdump -i eth0

Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater):

tcpdump -i any

Be verbose while capturing packets:

tcpdump -v

Be more verbose while capturing packets:

tcpdump -vv

Be very verbose while capturing packets:

tcpdump -vvv

Be verbose and print the data of each packet in both hex and ASCII, excluding the link level header:


tcpdump -v -X

Be verbose and print the data of each packet in both hex and ASCII, also including the link level header:

tcpdump -v -XX

Be less verbose (than the default) while capturing packets:

tcpdump -q

Limit the capture to 100 packets:

tcpdump -c 100

Record the packet capture to a file called capture.cap:

tcpdump -w capture.cap

Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time:

tcpdump -v -w capture.cap

Display the packets of a file called capture.cap:

tcpdump -r capture.cap

Display the packets using maximum detail of a file called capture.cap:

tcpdump -vvv -r capture.cap

Display IP addresses and port numbers instead of domain and service names when capturing packets (note: on some systems you need to specify -nn to display port numbers):

tcpdump -n

Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers:

tcpdump -n dst host 192.168.1.1

Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers:

tcpdump -n src host 192.168.1.1

Capture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers:


tcpdump -n host 192.168.1.1

Capture any packets where the destination network is 192.168.1.0/24. Display IP addresses and port numbers:

tcpdump -n dst net 192.168.1.0/24

Capture any packets where the source network is 192.168.1.0/24. Display IP addresses and port numbers:

tcpdump -n src net 192.168.1.0/24

Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers:

tcpdump -n net 192.168.1.0/24

Capture any packets where the destination port is 23. Display IP addresses and port numbers:

tcpdump -n dst port 23

Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

tcpdump -n dst portrange 1-1023

Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

tcpdump -n tcp dst portrange 1-1023

Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

tcpdump -n udp dst portrange 1-1023

Capture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers:

tcpdump -n "dst host 192.168.1.1 and dst port 23"

Capture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers:

tcpdump -n "dst host 192.168.1.1 and (dst port 80 or dst port 443)"

Capture any ICMP packets:

tcpdump -v icmp

Capture any ARP packets:

tcpdump -v arp

Capture either ICMP or ARP packets:


tcpdump -v "icmp or arp"

Capture any packets that are broadcast or multicast:

tcpdump -n "broadcast or multicast"

Capture 500 bytes of data for each packet rather than the default of 68 bytes:

tcpdump -s 500

Capture all bytes of data within the packet:

tcpdump -s 0

Based on Article first published March 13, 2010. Last updated October 1, 2014 by RationallyPARANOID.com

Tags : , , | add comments

#iptables Block Incoming Port

Posted by root on Sunday Apr 17, 2016 Under Bash, Debian, Network

The syntax is as follows to block incoming port using IPtables:

/sbin/iptables -A INPUT -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP
 
### interface section use eth1 ###
/sbin/iptables -A INPUT -i eth1 -p tcp --destination-port {PORT-NUMBER-HERE} -j DROP
 
### only drop port for given IP or Subnet ##
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP-ADDRESS-HERE} -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port {PORT-NUMBER-HERE} -s {IP/SUBNET-HERE} -j DROP
Tags : , , , | add comments

Kiwi IRC config file

Posted by root on Thursday Mar 3, 2016 Under IRC

The config file is looked for in 2 locations. First in /etc/kiwiirc/config.js and then within the application directory.

An example comes with Kiwi named config.example.js. You may want to copy this file to config.js so you have the original to refer back to in future. At its core, the file a basic javascript file. This means you can use simple logic (eg. if statements) for advanced configuration, or even reading values from external places.

There are certain lines within the config file that must not be changed. There are comments throughout the file to help guide you what must be set and how to do so. In most cases – the default settings will work out of the box.

Example config.js

var conf = {};

// Run the Kiwi server under a different user/group
conf.user = "";
conf.group = "";


// Log file location
conf.log = "kiwi.log";



/*
 * Server listen blocks
 */

// Do not edit this line!
conf.servers = [];

// Example server block
conf.servers.push({
    port:   7778,
    address: "0.0.0.0"
});

// Example SSL server block
//conf.servers.push({
//    port:     7777,
//    address: "0.0.0.0",
//
//    ssl:   true,
//    ssl_key: "server.key",
//    ssl_cert: "cert.pem"
//});






// Where the client files are
conf.public_http = "client/";

// Max connections per connection. 0 to disable
conf.max_client_conns = 5;


/*
 * Client side plugins
 * Array of URLs that will be loaded into the browser when the client first loads up
 * See http://github.com/prawnsalad/KiwiIRC/wiki/Client-plugins
 */
conf.client_plugins = [
    // "http://server.com/kiwi/plugins/myplugin.html"
];



// Enabled CAP extensions (See ENTER URL TO CAP INFO HERE PLS)
conf.cap_options = [];




// Directory to find the server modules
conf.module_dir = "../server_modules/";

// Which modules to load
conf.modules = [];




// WebIRC passwords enabled for this server
conf.webirc_pass = {
    //"irc.network.com":  "configured_webirc_password",
    //"127.0.0.1":        "foobar"
};

// Some IRCDs require the clients IP via the username/ident
conf.ip_as_username = [
    "irc.network.com",
    "127.0.0.1"
];

// Whether to verify IRC servers' SSL certificates against built-in well-known certificate authorities
conf.reject_unauthorised_certificates = false;



/*
 * Reverse proxy settings
 * Reverse proxies that have been reported to work can be found at:
 *     http://github.com/prawnsalad/KiwiIRC/wiki/Running-behind-a-proxy
 */

// Whitelisted HTTP proxies in CIDR format
conf.http_proxies = ["127.0.0.1/32"];

// Header that contains the real-ip from the HTTP proxy
conf.http_proxy_ip_header = "x-forwarded-for";

// Base HTTP path to the KIWI IRC client (eg. /kiwi)
conf.http_base_path = "/kiwi";



// Enabled transports for the browser to use
conf.transports = [
    "websocket",
    "flashsocket",
    "htmlfile",
    "xhr-polling",
    "jsonp-polling"
];




// Default quit message
conf.quit_message = "http://www.kiwiirc.com/ - A hand-crafted IRC client";


// Default settings for the client. These may be changed in the browser
conf.client = {
    server: 'irc.kiwiirc.com',
    port:    6697,
    ssl:     true,
    channel: '#kiwiirc',
    nick:    'kiwi_?'
};


// If set, the client may only connect to this 1 IRC server
//conf.restrict_server = "irc.kiwiirc.com";
//conf.restrict_server_port = 6667;
//conf.restrict_server_ssl = false;
//conf.restrict_server_channel = "#kiwiirc";
//conf.restrict_server_password = "";
//conf.restrict_server_nick = "kiwi_";




/*
 * Do not ammend the below lines unless you understand the changes!
 */
module.exports.production = conf;
Tags : , , | add comments

Postfix clean mails pending

Posted by root on Sunday Dec 14, 2014 Under Uncategorized

Postfix is a mail server, just enter the following command to flush the mail queue:

postfix -f

Other cleaning mails commands:

postsuper -d ALL Delete differed mail queue messages

postqueue -f Process queue. Or: postfix flush

postcat -vq XXXXXXXXXX > themessage.txt save mail to file

mailq display queue or: postqueue -p

postsuper -d deferred mail clear queue

Tags : | add comments

Webmin SSL certificate

Posted by root on Monday Nov 11, 2013 Under Bash, Centos, Debian, Linux, SSH

This happens because the default SSL certificate that is generated by webmin is not issued by a recognized certificate authority. From a security point of view, this makes the certificate less secure because an attacker could theoretically redirect traffic from your server to another machine without you knowing, which is normally impossible if using a proper SSL certificate. Network traffic is still encrypted though, so you are safe against attackers who are just listening in on your network connection.

If you want to be really sure that the Webmin server you are connecting to is really your own, the only solution is to order a certificate from an authority like Verisign that is associated with your server’s hostname and will be recognized web browsers. This certificate should be placed in the file /etc/webmin/miniserv.pem and be in the same certifcate+key format as the existing miniserv.pem file.

To request a certificate, follow these steps :


Run the command

openssl genrsa -out key.pem 2048

This will create the file key.pem which is your private key

Run the command

openssl req -new -key key.pem -out req.pem

When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create the file req.pem, which is the certificate signing request (CSR)
Send the CSR to your certificate authority by whatever method they use. They should send you back a file that starts with —–BEGIN CERTIFICATE—– which can be put in the file cert.pem.

Combine the private key and certificate with the command cat key.pem cert.pem

/etc/webmin/miniserv.pem

Re-start webmin (making sure it is in SSL mode) to use the new key.

Tags : , , | add comments

Kali Linux Debian Repositories

Posted by root on Tuesday Oct 22, 2013 Under Uncategorized

What is kali linux ?? please refer : http://kali.org

Since kali linux is build based on debian we can directly install packages using package manager in any debian operating system just by adding following repositories.

Add the following repositories in /etc/apt/sources.list

deb http://http.kali.org/kali kali main contrib non-free
deb-src http://http.kali.org/kali kali main contrib non-free
deb http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free

now for example you want to install sqlmap

#apt-cache search sqlmap

#apt-get install sqlmap
Tags : | add comments