If you run digital services platform or critical infrastructure then most probably you are covered by NIS 2 and its requirements including those concerning information security. Even if you are not covered by NIS 2, then still you may benefit from its regulations which seem to be similar with those coming from ISO 27001. In this article I show how to automatically deploy anti-rootkit and anti-virus software for your Linux workstations and servers. TLDR By using rkhunter anti-rootkit and ClamAV anti-virus you are closer to NIS 2 and ISO 27001 and farther away from threats like cryptocurrency miners and ransomware.
Until recently I though that having DNS subdomain entries provides enough obscurity thus should it be secure. If your DNS server does not offer transfering domain to another place then any subdomains should be hidden from public sight. Transfers, if enabled (or rather misconfigured) could be made by: Second thing is querying for ANY option, but it does not mean “all”: So, with disabled transfers and lack of exactly private entries while quering for any, you would think that you are on a safe side. And that is actually wrong. There are two 3 options on a table: Someone run
In case you have access to MikroTik device without UI available, only CLI then you possibly would like to know how to do some basic reconfiguration to gain access to admin panel listening on local network. So… to change user password: To see all the configuration: To create PPTP VPN: To adjust firewall for PPTP VPN: To enable HTTP web configuration: Now, once you connect thru PPTP VPN to the remote host, you can access UI. But if you set 0.0.0.0/0 as an address then you may also be able to connect to it using public address.
In case you would like to have PPTP VPN server but no such is installed. But first things first. For such an obsolete hardware and software keep in mind that accessing it requires passing old host key algorithms and cipers. Then: If you have other VPN types enabled, better disable it as you will be using PPTP and not SSTP or OpenVPN/WireGuard. Now, for HTTP access, most of the time it will be configured for local network access only. We can change this: Changing HTTP UI port to something different than default will give us ability to run other service
Until recently I did not know that honeypots I encounter are based on Cowrie. But it does not change much to be honest. I already seen almost 100 of these while randomly exploring things on the internet. It was first thought that they are honeypots, by pure intuition. You enter a system and run ps to list processes and see broad range of things like: ejabberd (erlang) nginx worker process VBoxService mysqld But on the other hand you are unable to run top command or any other which normally are available on valid systems. Then comes to your mind that
If for some unknown reasons you need to connect thru SSH to some outdated server using Ruby code, then you are in the right place. But first a little piece of theory behind it. There are 4 configurable things in OpenSSH concerning security configuration: KexAlgorithms: per-connection keys (key exchange) HostkeyAlgorithms: public key to identify server to clients Ciphers: connection encryption MACs: message authentication codes As time passes various algorithms become deprecated and are known to be vulnerable. However there are tons of servers on the internet and on private networks which still use these old things. On a regular SSH
If you own this router then you might be interested how to setup VPN Server. I am personally interested in a way of how to do this using CLI only. It looks easy however there is one odd settings you should be aware of. To start with, it will be PPTP VPN server, but as far as I know this KeeneticOS can set up also OpenVPN and possibly WireGuard, but as always PPTP is the easiest to configure. Start with logging into the box. It might sound obvious, but there are plenty of hardware which requires now unsuported algorithms and
On Wive-NG router when talking about VPN you have either PPP or WireGuard. As PPP is first listed so I tried it before trying WireGuard. Here are my thoughts. Configuration is pretty simple. In the router menu, go to Services – VPN Server. Then select PPTP protocol. In the Users section create new user with login and password and that’s all from the server side. From the client side it is also pretty simple. First install pptp-linux: Next thing is to fill configuration file with settings as follows: With this configuration it is time to activate connection: To disable connection:
Possibility that you own or operate EcoRouter 2008 with EcoBNGOS are very low. However just in case you will have to work with this one it will be useful to know at least some basic commands. I choose user password change as it is the most important thing at first glace after setup, so: After this logout and login again to check if it is working. On some routers there might be a problem with not enough disk space to save configuration change, that’s why you need to also check if the change has been applied properly.