Lynis, auditing tool for *nix
Lynis is a really cool script for checking your machine for vulns. I use it on every server I deploy. It's not a one stop shop for security, but it does give a little piece of mind that you've not overlooked anything.
Writing programs, but using shared libraries? check with virustotal.com before deploying.
Virustotal allows you to check your binaries against 99% of current AV products. I wrote something with autoit recently, and had problems with it being recognised a s a virus on some client machines. I wish I'd known about this then..
Adeona – fOSS mobile IP asset tracking.
Adeona is the first Open Source system for tracking the location of your lost
or stolen laptop that does not rely on a proprietary, central service.
This means that you can install Adeona on your laptop and go — there's no
need to rely on a single third party.
What's more, Adeona addresses a critical privacy goal different from existing
commercial offerings. It is privacy-preserving.
This means that no one besides the owner (or an agent of the owner's choosing)
can use Adeona to track a laptop. Unlike other systems, users of Adeona
can rest assured that no one can abuse the system in order to track where
they use their laptop.
Flash drive security
it's unusual to hear about the loss of portable USB storage devices (thumb drives).
Lumension Security Sanctuary Device Control and Credant Mobile Guardian for External Media are two solutions that can transparently encrypt data that is copied to thumb drives -- without any special hardware or interaction from the user.
Cpanel & WHM Ports
Inbound ports
TCP
20 FTP
21 FTP
22 SSH
25 SMTP
26 SMTP
53 DNS
80 HTTP
110 POP3
143 IMAP4
443 HTTPS
465 SMTP (TLS/SSL)
993 IMAP4 (SSL)
995 POP3 (SSL)
2082 CPANEL
2083 CPANEL (SSL)
2086 WHM (Web Host Manager)
2087 WHM (SSL)
2095 WEBMAIL
2096 WEBMAIL (SSL)
3306 MYSQL (ONLY IF YOU WANT TO ALLOW INCOMING MYSQL CONNECTIONS)
6666 - CHAT
UDP
21 FTP
53 DNS
465 SMTP (TLS/SSL)
Outbound ports
TCP
20 FTP
21 FTP
25 SMTP
26 SMTP
37 RDATE
43 WHOIS
53 DNS
80 HTTP
113 IDNET
465 SMTP (TLS/SSL)
873 RSYNC
2089 CPANEL LICENSE
3306 MYSQL (ONLY IF YOU NEED TO CONNECT TO REMOTE MYSQL SERVER)
UDP
21 FTP
53 DNS
465 SMTP (TLS/SSL)
873 RSYNC
PHP Tor Wrapper
Shamelessly stolen from 0x000000.com. This PHP
function creates a socket connection through Tor and is able to make a
perfect HTTP request that goes through the Tor network. Usually people
use Firefox with FoxyProxy or the Torbutton, but sometimes you'll need
scripts that can access other sites through the Tor router, and this is
a PHP script that does just that. Pretty simple, but effective.
What you need further:
- Install Tor and Privoxy bundle.
- Have PHP, like the WAMP server.
That's it, plug it into your exploits or test scripts and you can call
all your scripts through the Tor router now, and thereby be a little
safer instead of using bad proxies.
<?phpfunction tor_wrapper($url){
$ua = array('Mozilla','Opera','Microsoft Internet Explorer','ia_archiver');
$op = array('Windows','Windows XP','Linux','Windows NT','Windows 2000','OSX');
$agent = $ua[rand(0,3)].'/'.rand(1,8).'.'.rand(0,9).' ('.$op[rand(0,5)].' '.rand(1,7).'.'.rand(0,9).'; en-US;)';
# Tor address & port
$tor = '127.0.0.1:9050';
# set a timeout.
$timeout = '300';
$ack = curl_init();
curl_setopt ($ack, CURLOPT_PROXY, $tor);
curl_setopt ($ack, CURLOPT_URL, $url);
curl_setopt ($ack, CURLOPT_HEADER, 1);
curl_setopt ($ack, CURLOPT_USERAGENT, $agent);
curl_setopt ($ack, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ack, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ack, CURLOPT_TIMEOUT, $timeout);
$syn = curl_exec($ack);
# $info = curl_getinfo($ack);
curl_close($ack);
# $info['http_code'];
return $syn;}
# example:
$wrapped = tor_wrapper("http://www.sillysite.com?page=1' OR 1=1");
echo $wrapped;?>
Bebox root access
Rory Allford has had a little poke around the bebox. He makes reference to a securiteam.com post which is cause for concern.
Update: It would seem that (on my box anyway) they have patched the hole.
iptables refresher
iptables is the packet filtering technology that's built
into the 2.4 Linux kernel. It's what allows one to do firewalling,
nating, and other cool stuff to packets from within Linux. Actually,
that's not quite right -- iptables is just the command used to control netfilter,
which is the real underlying technology. We'll just call it iptables
though, since that's how the whole system is usually referred to.
A nice refresher...