I.T. Security and Linux Administration

November 17, 2011  4:01 PM

Quick and Dirty Space Cleaner

Eric Hansen Eric Hansen Profile: Eric Hansen

I’ve been noticing my /var/log getting pretty full over the past week.  I’ve deleted some old logs that were made from logwatch, but wanted a better (read: lazier) solution.  Now, if you don’t care about the contents of the log files, then this is awesome.  However, generally I wouldn’t try this on a production environment unless you know the logs won’t be needed.  Here’s the one-liner I use:

for i in `find . -type f`; do echo '' > $i; done

This is assuming you’re in the “/var/log/” directory (or where ever your logs are stored).  A simple routine to just clear out the contents of every log.  This brought my /var directory from 92% usage to 22% usage (which, as a side note, has an allocated 4.6 GB of space).

November 16, 2011  12:10 PM

2048-bit SSL Keys

Eric Hansen Eric Hansen Profile: Eric Hansen

Citrix put out an interesting white paper recently detailing the reasoning behind using 2048-bit SSL keys instead of the (technically) de-facto 1024-bit keys.  While the white paper is also to market and sell their own products, it does raise some interesting points…but, most importantly is there really a need to raise the bit-strength of our SSL keys?

Continued »

October 24, 2011  1:58 PM

Linux Con: Europe

Eric Hansen Eric Hansen Profile: Eric Hansen

Letting everyone who reads my blogs to know that if you can’t attend the Europe LinuxCon, they’re offering free streaming for Wed., Thurs. & Fri. seminars.  While it doesn’t look to be an all-day free streaming (I could be wrong), the streams are at least highlighting some important aspects of it.  Here’s the Tweet that Linux Foundation sent out not too long ago:

Can’t make it to #linuxconeurope in Prague this week? See Torvalds and others on our live video stream: http://t.co/p7FHVPVw

This seems like a pretty interesting event, especially given the release release and development of Linux 3.0.

October 23, 2011  1:57 PM

Mounting TrueCrypt Volumes Remotely

Eric Hansen Eric Hansen Profile: Eric Hansen

While testing new security possibilities on my home network, I was wondering how to make TrueCrypt volumes accessible via the network, without one having to mount the container itself locally.  Granted, I was doing all of this during a 2 A.M. programming-and-security binge, so I wasn’t thinking clearly, but I finally stumbled upon an old friend of mine, sshfs.  Basically, what sshfs is is essentially mount for SSH.  It connects to a given directory via SSH (so you can also use key authentication…with a little bit of trickery), and if the remote server already has a TrueCrypt container mounted, you can just use sshfs for that.  Here’s how!

Continued »

October 13, 2011  11:13 AM

ArchLinux Package for sinfo

Eric Hansen Eric Hansen Profile: Eric Hansen

In this month’s issue of Linux Journal, they wrote about a CLI network monitoring tool called sinfo. At first it looked like a great program to explore the network a little bit, as you can use it to also monitor remote computers as well (LAN and such). As a side note, since I had a little bit of trouble figuring out how exactly to make that work, I’ll write up a short tutorial on that soon. But, back on topic, I soon realized that sinfo is not in either AUR or any “official” repos for Arch Linux, and so I took it upon myself to do so. The end result can be found here: https://aur.archlinux.org/packages.php?ID=53144.

If you use Arch Linux (the official site has a repo for Debian systems already), and you want to try out an, in all actuality very quite useful tool, give it a try.

October 12, 2011  1:00 PM

Bash Script for SSH Key Generation

Eric Hansen Eric Hansen Profile: Eric Hansen

I’ve mentioned a good couple of times here on how to set up SSH key authentication, as well as some benefits to it.  But, I was always wondering how (and if) I could make it more automated.  Then it hit me, there’s always ssh-keygen’s wonderful man pages!  A good hour or two later, I’ve come up with two different methods of doing this.  One is purely automated (minus asking for the passphrase), and the other has default answers for each prompt.

The (almost) purely automated script can be found here: http://itknowledgeexchange.techtarget.com/itanswers/ssh-key-authentication-generator/ Underneath the cut, you’ll see the less-automated script.

Continued »

October 2, 2011  11:33 PM

[PHP] Page Authentication

Eric Hansen Eric Hansen Profile: Eric Hansen

Ever wondered how you can make sure people don’t view a page they’re not supposed to (i.e.: restrict them from accessing certain files in /var/www/domain.com/topsecretdocs/files_list.php)? Well, most people come up with the idea of putting a define() in the page that calls the file in question (in this case, files_list.php), and then do a simple if(!defined(…)){ die(“HACKER”); } kind of thing, similar to what phpBB does with its files. But, there is a simplier way of handling this particular situation.

Continued »

September 30, 2011  9:22 PM

[PHP] Lighttpd Access Log Viewer

Eric Hansen Eric Hansen Profile: Eric Hansen

In an earlier post I made, Lighttpd Access Log Parsing, I wrote a quick Bash line to parse Lighttpd’s access log file that you can easily port over to any other log file.  This time, I’ve done the same thing, but with PHP (using HTML for output, but you can change that if you like).  Click continue to see the awesome powers PHP can have with some regex magic, and basic HTML!

Continued »

September 28, 2011  7:06 PM

Linux & Windows 8 Secure Boot

Eric Hansen Eric Hansen Profile: Eric Hansen

While I normally don’t write about Windows on here, ITKE asked me via Twitter to write down my thoughts about the controversy surrounding Linux and Secure Boot, Windows’ answer to what TrueCrypt and BitLocker have been doing for a while now.  I’m not going to be biased and say that Windows is the spawn of all that is evil, as there are good and bad things involving all of this mess.  What I’m going to be doing is outlining some of the finer grained details and expand on them from an article I read on ZDNet.

Continued »

September 28, 2011  11:37 AM

Bandwidth Monitoring With bwbar

Eric Hansen Eric Hansen Profile: Eric Hansen

There’s quite a few systems out there that like to present to you a fancy graph and such information on the system’s bandwidth usage.  However, if you’re looking for something simple and straight to the point (and optionally have a web server running), bwbar is what you should be using.  Its a lightweight, easy to use, and easy on resources solution for displaying current bandwidth usage, written in C (or C++).  (More information about the program itself can’t be found as kernel.org is down…still…).  But, in this article I will show you how to use this tool to give you an overview of your bandwidth usage.

Continued »

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: