I waited for a little bit to post this, but I recently ventured into the realm of writing PAM modules, and my first project has been finished. This is a MongoDB authentication module. In short, it allows you to authenticate users to a MongoDB database that the user has access to (for added security, the user should have read-only access to the database). This module requires libmongo-client, libpam, gcc and ld to compile (the last three should be on every system that allows for compiling programs). This module is written in strict C, and compiles without warnings. I’ve written a good how-to and such on GitHub, with the project officially supported by Zorveo (both links at the bottom of this post). Once you have libmongo-client downloaded and installed, set up is very quite easy. More modules will be released in the future as well.
Before asking for support, please read the README file on GitHub, as it was written to be as extensive as possible.
I got an interesting article in my inbox today in regards to using extended attributes to create checksums. While I don’t know if this will pick up to be a de facto standard way of distributing checksums, this is definitely a step in the right direction. Continued »
This is going to be a short article, but one I think will be quite useful for people who venture into making their own PAM modules. This might not work for your system, but for mine (and others it seems too), it does. Note too though that I will most likely be writing a series of articles on writing a custom PAM authentication (and possibly other types) module as this can be very useful for custom set ups. Continued »
It’s really no secret now, with all the news/media coverage, of the hacks on Sony and other companies, that some people are quite upset about things in this world. The way I look at it is it’s like a teenager acting out. They don’t know how to do it calmly or rationally, so they do it the only way they see fit. Everyone has their own outlet. However, the one thing that I can’t seem to comprehend is how they are acting out against “governments”, “conglomerates”, and other facts of life. This is an I.T. security article, and more is covered inside the “Continued…” link. Continued »
Like most people, I have Linux installed on my laptop. However, with the way I have it set up, I don’t have a readily-available battery monitoring widget/app/etc… to tell me when my battery’s going to die. Even though my laptop is almost always on the charger now, I still decided to cook up a little script to make this a little more aware to me, seeing as how I almost always have the terminal open. Continued »
For some reason, May has seemed to be authentication month for me. I just finished writing an article about SHA-12 encryption for passwords, Two Factor Authentication via SSH, and now I’m here for a new adventure. As mentioned in the two-factor article, I would write about my adventures in using it to authenticate users on the machine itself, not just with SSH. I have perfected this, and I will go into details (and a useful script at the end) for the world to share. Continued »
I’ve been trying to figure out for a little bit now how to do use the previously written Two Factor Authentication via SSH article for logging into my system directly. While it’s probably the same for SSH as it is for anything else involving PAM authentication, I haven’t actually dived into it too far currently. However, while working on some hardening thoughts for my system, I discovered how to enable SHA hashing, instead of using MD5, for logging into the system. Continued »
I’ve been looking for something like this for a while, and have never seen it. I know it exists somewhere, as does most things these days, but I was too lazy to search through the archives of Google, and wrote a script myself. What this does is take each line of the output from ps, and sends a signal (kill -s) to the process ID to kill it. Continued »
Recently I ventured into WHMCS, and decided that I did not like that the “company title” was a text instead of image. With this in mind, I began experimenting with the “company title” setting in WHMCS’ admin panel, and discovered that it’s prone to a potential security flaw. Continued »
Security and smart phones, a great combination when used in the right situations. A while ago, Google released their two-factor authentication mechanism, as well as released software to run on iPhones, Blackberries, and of course Android. Since they released this, I was wondering how long it’d take to really take power with this for IT systems (lets face it, Google is trying to take over the IT world). Then, I stumbled upon (ironically not on StumbleUpon) an article that shows steps on how to integrate Google Authenticator with SSH. That’s where this really takes an interesting turn. Continued »