Getting your smartcard to work with Ubuntu

The big bummer of Common Access Cards (CAC) is that there hasnt been a real good solution to get it working in Linux. I've seen it done for OS X but not for Linux. Well the guys over at HR Geeks did a writeup on how to get it working, worth a look if you have made the jump to being full-time Linux.

http://www.hrgeeks.com/2008/11/21/using-a-dod-cac-with-ubuntu-and-firefox/

Setting up my "slice" from slicehost

If you are looking to have your own box and get your hands dirty with Linux administration then slicehost is a great option for you.

My last hosting company didn't allow me access to log files and were just an overall pain to work with. I can tell you that if Alan Shimel had had my hosting company the guys that took over his domain probably wouldn't have had the patience to wait out what it took me to move mine...anyway I digress.

Slicehost is great, here is a breakdown of their plans:

RAM PRICE HD BW

	256 slice	$20.00	10GB	100GB
	512 slice	$38.00	20GB	200GB
	1GB slice	$70.00	40GB	400GB
	2GB slice	$140.00	80GB	800GB
	4GB slice	$280.00	160GB	1600GB

You start with a slimmed down version of one of the following OS's"

Arch 2007.08
CentOS 5.2
Debian 4.0 (etch)
Fedora 9
Gentoo 2008.0
Ubuntu 7.10 (gutsy)
Ubuntu 8.04.1 LTS (hardy)

My Ubuntu install was only about half a gig, so I had plenty of space for the carnal0wnage site even though the blog really takes all the traffic. I'm not going to do a lockdown guide, there are so many on the net, but you basically SSH in (also has a web console if you get locked out) and start "apt-getting" what you need to set up your box they way YOU want it. You also have full reboot privileges or if you really hose up your install you can just reformat.

Things I did:

installed stuff I probably don't need :-)
locked down sshd
installed apache2 and modsecurity
configured DNS for web and google mail
installed and configured denyhosts
started tweaking iptables rules

You can't beat 20 bucks a month for an IP and root on your own box ;-)

They also have an API so you can script management and status tasks
http://articles.slicehost.com/2008/5/13/slicemanager-api-documentation

Extra Help
http://cactuswax.net/articles/slicehost-configuration/
http://www.usefuljaja.com/2007/4/setting-up-your-domain
http://www.vinno.net/linux/server/how-to-install-mod-security-2

Reliable Local Root since 2006?

now that's just friggin sweet...

http://blog.eonsec.com/2008/02/reliable-root-since-2006.html

Windows Vista One Year Vulnerability Report

If you haven't read the Windows Vista One Year Vulnerability Report its worth taking a look at only if to solidify what Andrew Jaquith talks about with security metrics and graphs and how they can say whatever you want them to say.

Original Post here:
http://blogs.technet.com/security/archive/2008/01/23/download-windows-vista-one-year-vulnerability-report.aspx

Here are my comments after a quick read of the paper.

Interesting paper. I'm not convinced that because there were more vulnerabilities by number in RH/Ubuntu versus Vista is "necessarily a better OS or the fact that there were far less vulnerabilities by number between XP and Vista that deserves a ton of praise. Good, in 5 years MS got better at creating and rolling out a secure product...kudos. Isn't that what everyone expected and MS said they would do? Also, I cant imagine anyone dropping a remote code execution exploit for Vista on bugtraq/FD/milw0rm/whatever right now for free, a working exploit for Vista or XP SP2 is far too valuable to give away for the sake of "making the internet a safer place" especially with all the companies paying big bucks for those exploits or how valuable they would be for the underground or for the sake of having an 0day.

It would have been interesting to compare all those open source vulnerabilities not by number but by remote code execution possibility. I didn't go and check every MS # or every vuln listed for RH/Ubuntu but i am going to guess that if it got a critical or was made mention for Vista it was because there was code execution possible(either client side, i send you a link, click on this, or full old school remote). I'm going to go out on a limb and say that not every vulnerability that was released for open source was code execution. I wouldn't put a bugfix in some obscure library that did get pulled down as an update in Ubuntu (and added to that 100+ updates) in the same category as a code execution vulnerability.

Just goes to show you that I can make up become down and left become right with the right wording and some excel graphs...

-CG

BackTrack2 is NOT an operating system!!!

ok over on EH.net there are a couple of running threads on installing backtrack to Hard Disk/Drive so people can use BackTrack2 as their Operation System.

here is one of them link; i dont feel like looking up the rest (really not the point) but this has been going on for some time now (really since BT1).

OK i am going to vent for just a sec but i do have a point...

BACKTRACK IS NOT AN OPERATING SYSTEM! it is a TOOL!!

yes obviously you can run it as an operating system (hence the whole point of the rant) but why do your NEED to do that?

frankly the best education comes from building your own attack platform on the linux distro you installed, configured, and hardened yourself. You install, configure and mess with the tools YOU need to do your pentesting (or scanning your local ISP subnet) and dont have a bunch of extra crap you dont need. You get to work through library issues and crap breaking and getting so pissed at your box that you want to dropkick it out the window but guess what, you LEARN doing all that.

one of the biggest things i see over at LSO and during the rootwars is people having weak linux skills and not being able to compile and use their own tools, so naturally we ask what distro the run and mos of the time i get backtrack for an answer :-(

Dont get me wrong, i like backtrack2 as a TOOL, i boot the ISO in VMware i do what i need to do then i go back to my linux distro to read email and everything else. I have a couple of personal reasons for that one of them being denialability with the non-persistent option :-) but mostly for the reasons above; if i am going to go thru the trouble of installing a distro I might as well get something out of the install (linux knowledge-wise) instead of letting someone else do all the work for me.

just my thoughts on it. spend that effort installing that great set of tools that backtrack comes with on your own, you'll learn more and really get an idea if you actually NEED all of those tools and you get satisfaction of having control over your linux install.

-CG

scping files with spaces in them

nothing l33t...

but if you have to scp files with spaces in them and you dont do it right you can get a stupid

scp: ambiguous target

error, which can be quite unfun.

example:

scp "Other Linux 2.6.x kernel-cl1.vmdk" root@192.168.0.1:"Other Linux 2.6.x kernel-cl1.vmdk"
root@192.168.0.1's password:
scp: ambiguous target

The issue is that even though its in quotes scp is looking at it as "Other" as a file and "Linux" as a file..

here's the fix

scp Other\ Linux\ 2.6.x\ kernel-cl1.vmdk root@192.168.0.1:"Other\ Linux\ 2.6.x\ kernel-cl1.vmdk"
root@192.168.0.1's password:
Other Linux 2.6.x kernel-cl1.vmdk 100% 2043MB 10.9MB/s 03:07

you can also leave out the escape characters in the source files and just put the source file in quotes, but you'll need them on the destination file.

scp "Other Linux 2.6.x kernel-cl1.vmdk" root@192.168.0.1:"Other\ Linux\ 2.6.x\ kernel-cl1.vmdk"
root@192.168.0.1's password:
Other Linux 2.6.x kernel-cl1.vmdk 100% 2043MB 10.9MB/s 03:07

hope that helps someone :-)