Author: MICHAL

Reinstalling GRUB

In one of my previous posts I mentioned some troubles regarding reinstalling Ubuntu 22, loosing ability to select OS and to boot at all actually. I found that Ubuntu 20 recognizes properly my fresh Windows installation but Ubuntu 22 does not. So I stayed with version 20 however here was no OS selection, which translates to broken GRUB installation. After Ubuntu 20 installation finished it tried to put bootloader but failed to do this because of drives numbering. My first drive in Lenovo Thinkpad T420s is mSATA but computer and operating system thinks that this is my second drive. My actual second drive is SSD located in regular drive bay. So, this is something that developers have not cover properly.

However you can fix this but booting Ubuntu 20 from USB/CD media and try live session. Open terminal and mount installed Ubuntu filesystem and then chroot into it.

mkdir /mnt/newroot
mount /dev/sdXY /mnt/newroot
mount --bind /proc /mnt/newroot/proc
mount --bind /sys /mnt/newroot/sys
mount --bind /dev /mnt/newroot/dev
chroot /mnt/newroot
grub-install /dev/sdX # put only drive letter and not partition number
update-grub # see whether it recognized all operating systems
exit
reboot

Then go to BIOS/UEFI and put your drive with /dev/sdX on first boot place before other drives. You can leave USB/CD/Network boot before, but do not put there other drives as they might also have bootsectors filled with bootloaders. Now after reboot, you see GRUB with OS selection.

Expand CentOS LVM disk and filesystem

There are two ways of expanding your root filesystem space. It’s either by adding additional volumes or by resizing PV. Let’s try the latter. We have CentOS 7 wth XFS running on Proxmox. First expand drive size with admin UI. Next:

yum install cloud-utils-growpart
growpart /dev/sdX 2
pvresize /dev/sdX2
lvextend -l +100%FREE /dev/mapper/centos-root
# and...
xfs_growfs / # for XFS 
# or
resize2fs /dev/mapper/centos-root

At first after resizing drive you will see in lsblk that the drive should have additional space. At growpart you will see your partition expands. At pvresize there is no change. Change happens on lvextend, so you will see you LVM increases in space. To see filesystem change in df you need to run either xfs_growfs or resize2fs depending on your filesystem you’re running on.

Windows/Ubuntu dual boot issues

I have dual boot on my Lenovo Thinkpad T420s, Windows 10 and Ubuntu 22. Actually I had, because I tried to reinstall Ubuntu 22 and I’ve lost my dual boot and ability to boot at all. So I tried few things:

  • reformat manually EFI and root partitions
  • os-prober and update-grub
  • setting root and prefix at grub rescue
  • grub-install
  • Windows installation troubleshooting

Unfortunately it does not work. Something went terribly wrong. To bring back Windows first boot from installation media and go for command prompt:

diskpart
list disk
sel disk X # select disk with Windows installed
list partition
sel partition Y # select boot partition
detail partition # in case Active is set to No then...
active
exit

This way I was able to boot into Windows once again, but unable to do it from grub and unable to boot Ubuntu any more. I also tried the following:

bootrec /fixmbr
bootrec /fixboot # does not work
bootrec /rebuildbcd

So I decided to reinstall Windows as I keep only Office, Typora and Fruity Loops there so will be easy to bring it back. After Windows reinstallation I tried to install Ubuntu one more time, but… there is no option for dual boot installation! Why? I do not know for now.

KeeneticOS basic reconfiguration

In case you would like to have PPTP VPN server but no such is installed. But first things first. For such an obsolete hardware and software keep in mind that accessing it requires passing old host key algorithms and cipers. Then:

components install vpnserver
components commit
# now it will reflash software and reboot
service vpn-server
no isolate-private
# here you apply regular PPTP configuration (see my other posts)
# ...
system configuration save
copy running-config startup-config

If you have other VPN types enabled, better disable it as you will be using PPTP and not SSTP or OpenVPN/WireGuard. Now, for HTTP access, most of the time it will be configured for local network access only. We can change this:

ip http security-level public
ip http port 81

Changing HTTP UI port to something different than default will give us ability to run other service on that port and do port forwarding to inside of local network.

Cowrie Honeypot

Until recently I did not know that honeypots I encounter are based on Cowrie. But it does not change much to be honest. I already seen almost 100 of these while randomly exploring things on the internet. It was first thought that they are honeypots, by pure intuition. You enter a system and run ps to list processes and see broad range of things like:

  • ejabberd (erlang)
  • nginx worker process
  • VBoxService
  • mysqld

But on the other hand you are unable to run top command or any other which normally are available on valid systems. Then comes to your mind that there is something wrong with it. How naive it is to think that someone or something will be so dumb not to know that it is fake…

Anyway, I started thinking why on earth would someone deploy Cowrie or any other Honeypot setup. In theory by using honeypots you attract attacker to enter and play around. You can grab passwords, files with malware and commands they try to use. This way you can build your antimalware solutions. But it would require lots of such systems deployed and for sure it is just like that.

Second use case is when such honeypot is deployed on private networks and would be the first choice of person or system entering your perimeter. It will spend time and effort on hacking fake system loosing interest in other things and gives time to identify this threat and properly mitigate it by applying patches and reconfiguring systems.

Further reading:

https://github.com/cowrie/cowrie

SSH access using Ruby to outdated servers

If for some unknown reasons you need to connect thru SSH to some outdated server using Ruby code, then you are in the right place. But first a little piece of theory behind it. There are 4 configurable things in OpenSSH concerning security configuration:

  • KexAlgorithms: per-connection keys (key exchange)
  • HostkeyAlgorithms: public key to identify server to clients
  • Ciphers: connection encryption
  • MACs: message authentication codes

As time passes various algorithms become deprecated and are known to be vulnerable. However there are tons of servers on the internet and on private networks which still use these old things. On a regular SSH client as well as net-ssh Ruby client code you will not be able to connect to such servers, instead you will receive error messages that you are unable to establish connection.

There is solution for that.

First:

:host_key => "+ssh-dss"

Then:

append_all_supported_algorithm: true

With these two additional options which you pass to Net::SSH.start method you will be able to connect to the most of running servers out there. Still there will be some chance you may need to adjust it, like for some old Cisco hardware, but you will cover 99.99%. Hope that you find it useful no matter if you try to administer you old networking rig or just playing around with various things…

Proxmox node out of cluster

I was replacing drives and memory in one of servers and out of a sudden node was unable to start. When finally it booted it was gone out of cluster. Weird. This node has been installed on SSD drive which had 2 years or constant runtime. Debian prompted with some file system issue at one and another time. After few reboots finally it booted successfuly but node was unable to communicate properly with other cluster members.

I tried to start time synchro from the stratch to no avail. I pulled out other drives than this one with operating system without any change. I restared also other cluster members. The node was available to log in and check it out, but I felt that any hacking could result in unpredictable behavior in the future, so I decided to reinstall it.

There are few things to remember if reinstalling node. First it will be planned operation you must cancel and remove replication jobs because after node will be shutdown there is no chance to do this from user interface. If node is already unaavailable then:

pvecm expected 1
pvesr list
pvesr delete JOBID --force

Next, from other nodes run node deletion command:

pvecm delnode NODENAME

When reinstalling node remember not to use the same IP and node name. It might work, but…

KeeneticOS PPTP VPN server

If you own this router then you might be interested how to setup VPN Server. I am personally interested in a way of how to do this using CLI only. It looks easy however there is one odd settings you should be aware of. To start with, it will be PPTP VPN server, but as far as I know this KeeneticOS can set up also OpenVPN and possibly WireGuard, but as always PPTP is the easiest to configure. Start with logging into the box. It might sound obvious, but there are plenty of hardware which requires now unsuported algorithms and ciphers:

ssh  -o "HostKeyAlgorithms=+ssh-dss" admin@x.x.x.x -o"KexAlgorithms=+diffie-hellman-group1-sha1" -c aes256-ctr

Fortunately you can pass options to ssh client for HostKeyAlgorithms, KexAlgorithms and also ciphers (-c argument). This allows you to enter the box. Next:

vpn-server
mtu 1400
system configuration save
exit
service vpn-server
vpn-server interface YOURINTERFACE
vpn-server pool-range x.x.x.x y

Now we are close, but one odd thing:

no isolate-private
system configuration save
copy running-config startup-config

A word of explanation here. We just set up server on a interface with given pool-range which is client IP range while connecting to the VPN. We connect using username and password which is also used to access the box via SSH. Service command enables VPN server or any particular service you work on. Last thing is to disable network isolation, and we do this by specifying “no” before isolate-private. In the end we save configuration and copy current configuration into defaults. We are done here.

PPTP VPN on Wive-NG router

On Wive-NG router when talking about VPN you have either PPP or WireGuard. As PPP is first listed so I tried it before trying WireGuard. Here are my thoughts. Configuration is pretty simple. In the router menu, go to Services – VPN Server. Then select PPTP protocol. In the Users section create new user with login and password and that’s all from the server side.

From the client side it is also pretty simple. First install pptp-linux:

sudo apt install pptp-linux
cd /etc/ppp/peers
touch PPTP

Next thing is to fill configuration file with settings as follows:

pty "pptp x.x.x.x --nolaunchpppd --debug"
name USERNAME
password PASSWORD
remotename PPTP
require-mppe-128
require-mschap-v2
refuse-eap
refuse-pap
refuse-chap
refuse-mschap
noauth
debug
persist
maxfail 0
defaultroute
replacedefaultroute
usepeerdns

With this configuration it is time to activate connection:

chmod 600 /etc/ppp/peers/PPTP
pon PPTP

To disable connection:

poff PPTP

There is one downside of using it. It create several routes of course but it prevents accessing client from outside, so in case of setting it up on remote host you will instantly loose connection. On a local machine it will not be a problem.