security – Page 2

HOW TO : Use Python to look for credit card numbers

Simple script in python to look for credit card numbers in a file.

[code]

#Importing modules
import re
import os

# Define variables
inputFile = ‘test.txt’
searchPattern = ‘((\D(6011|5[1-5]\d{2}|4\d{3}|3\d{3})\d{11,12}\D)|(^(6011|5[1-5]\d{2}|4\d{3}|3\d{3})\d{11,12}\D))’

tempinputFile = open(inputFile)
tempLine = tempinputFile.readline()

while tempLine:
print ("LINE: " + tempLine)
foundContent = re.search(searchPattern,tempLine, re.IGNORECASE)
if foundContent:
print("FOUND: " + foundContent.group())
tempLine = tempinputFile.readline()

tempinputFile.close() [/code]

The script started out as a simple check for any 16 digit numbers that had a non numeric character on either end. But I tweaked it a little bit to look for credit card like numbers using the regex from http://www.regular-expressions.info/creditcard.html. Finally I added an option to match credit card like numbers if the numbers start at the beginning of the line (i.e there is no non-numeric number before the credit card number)

Project Uptime : Progress Report – 4

Continuing to lock down the server as part of project uptime a bit more.. I highly recommend enabling and using iptables on every Linux server. I want to restrict inbound traffic to the server to only SSH (tcp port 22) and HTTP(S) (tcp port 80/443). Here’s the process

Check the current rules on the server

[code]sudo iptables -L [/code]

Add rules to allow SSH, HTTP and HTTPS traffic and all traffic from the loopback interface

[code]sudo iptables -I INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp –dport ssh -j ACCEPT
sudo iptables -A INPUT -p tcp –dport http -j ACCEPT
sudo iptables -A INPUT -p tcp –dport https -j ACCEPT
[/code]

Drop any traffic that doesn’t match the above mentioned criteria

[code]sudo iptables -A INPUT -j DROP [/code]

save the config and create script for the rules to survive reboots by running

[code]sudo su –
iptables-save > /etc/firewall.rules[/code]

now create a simple script that will load these rules during startup. Ubuntu provides a pretty neat way to do this. You can write a simple script and place it in /etc/network/if-pre-up.d and the system will execute this before bringing up the interfaces. You can get pretty fancy with this, but here is a simple scrip that I use

[code]
samurai@samurai:/etc/network/if-pre-up.d$ cat startfirewall
#!/bin/bash

# Import iptables rules if the rules file exists

if [ -f /etc/firewall.rules ]; then
iptables-restore </etc/firewall.rules
fi

exit 0
[/code]

Now you can reboot the server and check if your firewall rules are still in effect by running

[code]sudo iptables -L [/code]

March 29, 2012 by admin HOWTO Linux security Technology Uncategorized 0

Project Uptime : Progress Report – 3

Things have been a bit hectic at work.. so didn’t get a lot of time to work on this project. Now that that the new server has been setup and the kernel updated, we get down to the mundane tasks of installing the software.

One of the first things I do, when configuring any new server is to restrict root user from logging into the server remotely. SSH is the default remote shell access method nowadays. Pls don’t tell me you are still using telnet :).

And before restricting the root user for remote access, add a new user that you want to use for regular activities, add the user to sudo group and ensure you can login and sudo to root as this user. Here are the steps I follow to do this on a Ubuntu server

Add a new user

[code]useradd xxxx [/code]

Add user to sudo group

[code]usermod -G sudo -a xxxx[/code]

Check user can sudo to gain root access

[code]sudo su – xxxx
su – [/code]

Now moving into the software installation part

Install Mysql

[code]sudo apt-get install mysql-server [/code]

you will be prompted to set the root user during this install. This is quite convenient, unlike the older installs, where you had to set the root password later on.

Install PHP

[code]sudo apt-get install php5-mysql [/code]

In addition to installing the PHP5-mysql, this will also install apache. I know, I mentioned, I would like to try out the new version of Apache. But it looks like Ubuntu, doesn’t have a package for it yet. And I am too lazy to compile from source :).

With this you have all the basic software for wordpress. Next, we will tweak this software to use less system resources.

March 28, 2012 by admin Databases HOWTO Linux Networking security Technology Uncategorized Web 0

HOW TO : Check SSL certificate validity using curl

If you want to check the SSL certificate validation (expiry time, hostname match, self signed etc) using curl, you can do it by running

[code]curl -cacert URL_ADDRESS [/code]

Example : If you want to check the SSL certificate of GoDaddy

[code]curl -cacert https://www.godaddy.com [/code]

March 19, 2012 by admin Networking security Technology Uncategorized Web 0

HOW TO : Generate MD5 fingerprint of SSL cert

Quick onliner on generating a MD5 fingerprint for a SSL certificate using openssl

[code]openssl x509 -noout -md5 -fingerprint -in NAME_OF_CERTIFICATE_FILE [/code]

If you don’t specify the -md5 option, you will get a SHA1 fingerprint.

March 17, 2012 by admin HOWTO Linux security Technology Uncategorized 0

HOW TO : Modify iptables rules

Quick how to for my personal records. iptables is an open source firewall (and it does a lot more) included with most linux distributions.

Steps to add new rule to existing configuration

Check the list of rules and their corresponding sequence

[code]sudo iptables -vL –line-numbers [/code]

Add the new rule at the required location/sequence

[code] sudo iptables -I INPUT LINE_NUMBER RULE [/code]

Example :

[code]iptables -I INPUT 8 -s X.X.X.X/24 -p tcp -m state –state NEW -m tcp –dport 3128 -j ACCEPT[/code]

Save the configuration

[code] sudo serivce iptables save [/code]

Thx to Sijis for helping with the commands.

December 12, 2011 by admin HOWTO Linux Networking security Uncategorized 0

I have been tagged..

As a site linking to site which is linking to site that serves malware. And I thought it was worth a post, because that site is twit.tv according to google 🙂 .

I believe the warning is due to the fact that I linked to some video provided by twit on this post (https://kudithipudi.org/2011/11/04/overheard-comment-about-start-upentrepreneurship) .

I pinged Leo on Google + about it and hopefully he will have his team take care of it. Wait.. let me say that again.. I pinged Leo!!! . Isn’t technology amazing. With the click of a button, I was able to send a personal message to one of the most famous tech personalities.

November 6, 2011 by admin Rantings security Technology Uncategorized Web 0

HOW TO : Check web services using curl

Quick note for myself to check web services using curl ([L/U]nix utility to play with http(s) traffic)

[code] curl https://URL_TO_TEST –insecure –trace-ascii debug.txt [/code]

Comments on options :
–insecure is used if you are testing web services served over SSL using self signed certs
–trace-ascii dumps all traffic between the client (curl in this case) and the server in human readable format

October 31, 2011 by admin HOWTO Linux Networking security Uncategorized Web 0

Embarassing Screenshots : American Express Websites admin page is open to the public

Details : http://qnrq.se/full-disclosure-american-express/

Proof :

October 6, 2011 by admin security Technology Uncategorized Web 0