Friday, March 25, 2016

SuSE SLES 12 Single User Mode w/ Networking

For some crazy reason, SAMBA on my brand new SLES12 box was corrupt/wonky/broken. So, no logins, and a weird "module is unknown" error when you would attempt to login with correct credentials; only to be told get outta here.

I scoured the Google's looking for help and was able to patch together something to get it working ... or at least get networking in single user mode to work! Here's the steps:

1. Reboot/Startup your box and hold shift at the Grub bootup screen

2. Once at the SuSE splash screen, press "e" key for edit into Grub.
3. You should now be at the Grub 2.0 screen, find the line that starts with "linux" and press END key.


4. At the end of that line, type in "single", then hit F10 to save/boot up.
5. Now, you should be taken to single user mode, enter root's password and BANG! you're in!
6. Now, this is the weird part to get the network to start: You need to wait a good minute for all of the bootup scripts and services to start, then (and only then) can you get the NIC to load/activate on the network with your previous network settings so we can get to zypper or apt-get and reload/update everything. Once you've waited enter:

/sbin/service network start

You should now have super fun times network access so you can zypper update/install things to your hearts content! You're welcome!! 


Posted by at 1 comment:

Wednesday, March 4, 2015

Mod_Security - Get 401 Errors Out of Relevant Status Logs!

Congrats, you're on your way to hard core security with mod_security! But now you're audit log is filling up faster than a North Dakota Bear at a Golden Coral (Sorry, Brian) with general errors that DO NOT trigger any mod_sec rules.

 Normally, out of the box, you'll have mod_security's SecAuditEngine rules set like so:

SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04)"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog "|bin/rotatelogs.exe -l -f f:/logs/%Y-%m-%d-modsec-audit.log 86400"

 Or ... something close to that. Let's break down the REGEX on the line for SecAuditLogRelevantStatus:

?:5 -- Log anything that is a 500 level error, e.g., 500 Internal Server Error or the lovely 503 Service Unavailable. 
4(?!04) -- Log any 400 level error EXCEPT for any 404 errors.

 I'm all for the 500 level errors being logged as those should never happen, but for my modsec_audit log I'm FILLING up with about a million 401's that I could care less about. Apache is going to grab these anyway in a much more compressed format, so I don't need to also see these in my modsec log. So, to fix that (and if you're a REGEX noob like me) just modify that 4(?!04) line to read:

 "^(?:5|4(?!04|01)"

By adding that "|01" to the end, we're just saying any 404 OR 401's, which, Apache is going to grab for you anyway. 

 Hope that clears up your mod_sec logs!!  
Posted by at 2 comments:

Friday, February 20, 2015

Windows Firewall IP Scope Limit is 1000 Entries

1,000 ENTRIES IS THE MAX WINDOWS FIREWALL RULES WILL ACCEPT.

For the longest time, we've been building in-house security tools to keep bad actors out of our Apache, or at the least, keep them from banging on our ports. One of the C# tools we built will do a REGEX search in Apache's logs and if it sees something fishy will automatically add it to the Windows Firewall via an inbound rule for port 80 and 443 we created called "Block Apache Punks". (It used to have a very rated R name before. They made me change it. Use your imagination). Here's what it normally looks like when you're making an individual IP entry:


And then when you hit OK, it'll appear that it's taking it, but when you hit apply on your rule, you will see the error: "The array bounds are invalid." and it will NOT accept your entry. Because you've hit the limit. Which is dumb. It's 2015. Why is this happening.




We never looked it up, but heard there was a limit to the amount of IP's and CIDR addresses you could add to this list ... well, we found out last week what that number is: It's 1,000, like the big fat text above.


Hopefully, you'll come across this from a Google search and realize you NEED to move to something with much much more flexibility in your OpsSec plan for keeping out the bad guys. As I type this, we're moving to Apache mod_security with about 20 rules already and the ability to add infinite IP's if we need to. Something we should have done a long long time ago.
Posted by at 1 comment:

Wednesday, February 18, 2015

Windows 8.1 Offline Activation

Windows 8.1 is pretty slick, but if you're on NIPRnet, there is 0% chance it will activate itself over the network. Gone are the days of using the 1-800 number to call Microsoft and activate over the phone with 40 some odd digits, so if you're lucky enough to move to Windows 8.1 (Bye bye Pass-the-Hash Hacks!) here's how to activate IF you have a product key handy (Thanks, MSDN Subscription!)

1. Copy your product key to the clipboard

2. Right click on the Windows 8.1 Start Thingy and choose Run


3. Now type "slui 3" and hit Enter. This kicks off the Windows Activation Client and the option "3" tells slui to run the GUI.

 

4. You should see the below, where you'll paste your Win 8.1 key and hit close .. no need to wait for the spinning "I'm working on something" circle gif that will load. 

5. That's it! Enjoy not being harassed every week about your activation key. YOU'RE WELCOME.

Posted by at 1 comment:

Thursday, February 12, 2015

Adobe CS6 Registration for Offline Activation and You Can Too!

So, they finally broke down and bought you Adobe CS6 eh? But you know you can't login with you're AdobeID, right? Because Adobe isn't allowed through the firewall, right? (THANKS DISA)

Well, have I got awesome news for you! Here's how to get your Adobe Photoshop/Illustrator registered and not explode in 7 days and you can too:

1. You should get the "Sign in now" page right away after starting your install and putting in your serial number for CS6. Choose sign in later if you haven't installed your CS6 yet.
2. Once you're installed, start up Illustrator and choose the "help" menu up top, then "product registration".
3. It'll bring up the "Sign in Required" page, but that's what we want. You'll see the "Having trouble connecting to the internet?" link now, click it.  It should have also opened up the offline activation website at Adobe. Don't close that.
4. You'll now get the  "No Internet Connection" page and the option (finally) to do an "Offline Activation". Click that button:
5. Now, you'll see the steps for an offline activation and the button to generate a request code. Click that bad boy!

6. You'll see a new screen with your request code shown (I've blurred mine out). Copy this to your clipboard and have it handy for the Adobe website to follow:
7. Now, at the website for your request code, you'll click the "Generate a Response Code" link right in the middle of that page:
8. It'll prompt you to sign in with your AdobeID next. So, do that:

9. Now, you'll paste the request code you generated and enter your serial number that you probably lost and just spent the last 4 hours looking for, or you're realizing you need that number now and are going to leave this page for tomorrow. At any rate, paste your code and enter your SN, then click "Generate Response Code".
10. If you were successful you'll see this next page showing you the response code for your offline activation. Copy the response code to your clipboard and we're almost done!
12. Now, take the response code you've just copied and paste it into the offline activation window you left open (You did leave that open, right?) and click (finally!) "Activate".
13. Finally! You're activated and CS6 won't asplode your computer! Now go have fun making all those Photoshops of your boss's head onto a donkey.
14. You're done. Get outta here. Close the window already. GAWD.








Posted by at 24 comments:

Thursday, December 4, 2014

Weapons of Choice (at Work) : Logitech k740 Keyboard

I'm lucky enough to get work to furnish me with some sweet gear to hack away and make sure Facebook is up. Here's my review (and approval) of the Logitech k740 Illumiated Keyboard:

Pros:
  1. It will make everyone who stops by your cube jealous. It is that gorgeous. 
  2. It lights up. 
  3. The type experience is uber fluid. 
  4. It has a clear border about 1/4" thick. When you look through it things are magnified and basically hidden from view. This feature is pointless, but good looking. 
  5. You can customize the FN keys. Sweet.  
  6. Did I mention it lights up? Because IT DOES. 
Cons:
  1. The insert key is super tiny. 
  2. It makes everyone else so jealous they will try to steal it from you. 
  3. It doesn't angle up very much, maybe 3-4 degrees ... should be more. 


I give it 5/5 Chris Tacos™:




Posted by at No comments:

Scientific Linux Network is Default Off. Here's how to turn it on!

By default in SL7 and when using it as a virtual machine, eth0 (or your main Ethernet virtual NIC) is turned off for some God forsaken reason and you may find yourself constantly hitting this button to turn it on:





Open up a terminal and do the following to always have it on:


sudo vi /etc/sysconfig/network-scripts/ifcfg-[somerandomthingforyournic]

Change the ONBOOT line to yes
Posted by at 1 comment:
Subscribe to: Posts (Atom)