Generating keystore

To generate keystore file, a tool called keytool by Java is used to generate certificates. Make sure to use the latest java release to use the latest security library.

Check Java version:

#java -version

Generating keystore:

keytool -genkey -alias -keyalg -keysize -keystore keystorefile

Example:

#keytool -genkey -alias myalias -keyalg RSA -keysize 2048 -keystore mykeystore.

Note: it will ask for the password to the keystore and alias. It can be the same.

Generate CSR:

keytool -certreq -alias -keystore -file

Example:

#keytool -certreq -alias myalias -keystore mykeystore -file mycsr.csr.

Note: it will prompt you for the keystore password specified above procedure.

Send the CSR to Public CA like TPP Internet, Thawte, etc. . After sending the file, download the corresponding CRT file for the domain created.

Importing CRT:

#keytool -import -trustcacerts -alias -file -keystore

Example:

keytool -import -trustcacerts -alias myalias -file certfromca.crt -keystore mykeystore

Redhat - Reduce size of root file system

The default file system layout from the Red Hat Enterprise Linux 5 installation process includes a special space for /boot and swap space then gives all left space to one logical volume and used the logical volume as root / volume.

Integrating all data files and system files in one file system is not always an ideal choice for production systems. If the system cannot be reinstalled, it is possible to reduce the size of the root file system and the logical volume on which it resides.

Reducing the logical volume on the root / volume must be done in rescue mode.

First, boot the system from Red Hat Enterprise Linux 5 Disc 1, and at the prompt, type linux rescue and press enter. When prompted for language, and keyboard, provide the pertinent information for the system. When prompted to enable the network devices on the system, select "No." Finally, select "Skip" when prompted to allow the rescue environment to mount Red Hat Enterprise Linux installation under the /mnt/sysimage directory. The filesystems MUST NOT be mounted to carry out the following steps.

Next run following commands to scan all disks LVM2 volume groups:

# lvm.static vgscan

Next, activate the logical volume to reduce. In this example, /dev/VolGroup00/LogVol00 was made available with the following command:

 # lvm.static lvchange -ay /dev/VolGroup00/LogVol00  

Next, reduce the size of file system and logical volume on /dev/VolGroup00/LogVol00. Please make sure there is enough space left on the root / file system and that the logical volume is large enough to contain all the data that was previously present. If the file system is at close to being full, for example, this may not work. Before resizing file system, run e2fsck to check file system first.

 # e2fsck -f /dev/VolGroup00/LogVol00 # resize2fs /dev/VolGroup00/LogVol00 3000M # lvm.static lvreduce -L 3000M /dev/VolGroup00/LogVol00  

Please note that this is done on /dev/VolGroup00/LogVol00. The number at the end is the final size of the file system, not the amount it is reduced by.

Finally, verify the modification then reboot the system.

 # lvm.static vgdisplay VolGroup00 # exit  

Mobile Device Management & Wireless Expense Management | MobileIron

People nowadays are using their mobile phone to access their corporate emails but the concern is how they could provide security for both end-user as well as the company.

Now the company can put into their own infrastructure or hosted one to provide this kinda of security. The product is called MobileIron.

Mobile Device Management & Wireless Expense Management | MobileIron

The company based in Sydney Australia called ManageNET can provide this kinda of service. link: http://www.managenet.com.au/solutions/mobile_device_management

Manual: CIS benchmark tests

This is a great tool to use if you want to benchmark your Linux box prior to deployment or audit the system against CIS Security benchmarks. Aside from this rootcheck, OSSEC can provide a server-client setup to run the file system integrity check (or other HIDS) to comply with PCI Compliance.

Reference: Manual: CIS benchmark tests

Manual: CIS benchmark tests

We just included support in the OSSEC Policy monitor to audit if a system is in compliance with the CIS Security Benchmarks (as of right now, only RHEL2-5, Fedora 1-5 and Debian/Ubuntu are supported - the other versions will be soon).

If you want to try it out manually and provide some feedback to us, please follow the instructions bellow to test:

First, grab the latest CVS snapshot and compile it (it will be included on v1.6 and above):

# wget http://www.ossec.net/files/snapshots/ossec-hids-080710.tar.gz
# tar -zxvf ossec-hids-080710.tar.gz
# cd ossec-hids-080710/src/
# make clean
# make libs
# cd rootcheck
# make binary

The binary ossec-rootcheck will be created on the current directory and we can start using it. A simple scan on my Ubuntu box looked like this: (note, that it will do all the normal rootcheck tests plus the CIS scans — just grep for CIS if you don’t want to see the rest):

# ./ossec-rootcheck
..

[INFO]: System Audit: CIS - Testing against the CIS Debian Linux Benchmark v1.0. File: /proc/sys/kernel/ostype. Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux .

[INFO]: System Audit: CIS - Debian Linux 1.4 - Robust partition scheme - /tmp is not on its own partition. File: /etc/fstab. Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux .

[INFO]: System Audit: CIS - Debian Linux 1.4 - Robust partition scheme - /var is not on its own partition. File: /etc/fstab. Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux .

[INFO]: System Audit: CIS - Debian Linux 2.3 - SSH Configuration - Root login allowed. File: /etc/ssh/sshd_config. Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux .

[INFO]: System Audit: CIS - Debian Linux 2.4 - System Accounting - Sysstat not enabled. File: /etc/default/sysstat. Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux .

[INFO]: System Audit: CIS - Debian Linux 4.18 - Disable standard boot services - Squid Enabled. File: /etc/init.d/squid. Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux .

[INFO]: System Audit: CIS - Debian Linux 7.2 - Removable partition /media without ‘nodev’ set. File: /etc/fstab. Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux .

[INFO]: System Audit: CIS - Debian Linux 7.2 - Removable partition /media without ‘nosuid’ set. File: /etc/fstab. Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux .

[INFO]: System Audit: CIS - Debian Linux 7.3 - User-mounted removable partition /media. File: /etc/fstab. Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux .

[INFO]: System Audit: CIS - Debian Linux 8.8 - GRUB Password not set. File: /boot/grub/menu.lst. Reference: http://www.ossec.net/wiki/index.php/CIS_DebianLinux .

..

Creating bootable USB using UNetbootin

This is a cool tool in creating a bootable USB drive

Reference: UNetbootin - Homepage and Downloads

MCITP: Enterprise Administrator certified

Finally passed my last exam to become an MCITP: Enterprise Administrator certified..

How do I use Problem Steps Recorder?

This is a very cool tool called Problem Steps Recorder for a Call support to see what is happening on their client's PCs during troubleshooting. Basically what it does is it takes a screenshots of every steps the client made on the PC. After it record, a zip file will be generated and can be send out to support for troubleshooting.

Here is the link to the Microsoft Website: How do I use Problem Steps Recorder?

To record and save steps on your computer

1. Open Problem Steps Recorder by clicking the Start button , and then typingpsr. In the list of results, click psr.

2. Click Start Record. On your computer, go through the steps on your computer to reproduce the problem. You can pause the recording at any time, and then resume it later.

3. Click Stop Record.

4. In the Save As dialog box, type a name for the file, and then click Save (the file is saved with the .zip file name extension).

   To view the record of the steps you recorded, open the .zip file you just saved, and then double-click the file. The document will open in your browser.

To send the problem steps in e‑mail

• After recording and saving a .zip file, click the help down arrow , and then click Send to E‑mail recipient. This will open an e‑mail message in your default e‑mail program with the last recorded file attached to it.

  

  Note

  You won't be able to click the Send to e‑mail recipient option until you've recorded and saved a file.

To annotate problem steps

1. Open Problem Steps Recorder by clicking the Start button , and then typingpsr. In the list of results, click psr.

2. Click Start Record.

3. When you want to add a comment, click Add Comment.

4. Use your mouse to highlight the part of the screen that you want to comment on, type your text in the Highlight Problem and Comment box, and then click OK.

5. Click Stop Record.

6. In the Save As dialog box, type a name for the file, and then click Save.

   To view the record of the steps you recorded, open the .zip file you just saved, and then double-click the file. The document will open in your browser.

To adjust settings

When you adjust settings for Problem Steps Recorder, they're only saved for your current session. After you close and reopen Problem Steps Recorder, it will return to the regular settings.

1. Open Problem Steps Recorder by clicking the Start button , and then typingpsr. In the list of results, click psr.

2. Click the help down arrow , and then click Settings.

3. You can change the following settings for Problem Steps Recorder:

   • Output Location. If you don't want to be prompted to save a file after recording, click the Browse button to set a default output file name.

   • Enable screen capture. If you don't want to capture the screen shots along with the click information, select No. This might be a consideration if you are taking screen shots of a program that contains personal information, such as bank statements, and you are sharing the screen shots with someone else.

   • Number of recent screen captures to store. While the default is 25 screens, you can increase or decrease the number of screen shots. Problem Steps Recorder only records the default number of screen shots. For example, if you took 30 screen shots during a recording but only had 25 screen shots as the default, you would be missing the first five screen shots. In this case, you would want to increase the number of default screen shots.

Linux Hardening - Password

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so

auth required pam_unix.so nullok try_first_pass

#Deny 5 failed logins and lockout for 30 minutes

auth required pam_tally2.so deny=5 onerr=fail unlock_time=1800

account required pam_unix.so

account sufficient pam_succeed_if.so uid <>

account required pam_permit.so

#Don't forget this line

account required pam_tally2.so

#Password Complexity.Please read pam_passwdqc for options

password requisite pam_passwdqc.so min=disabled,disabled,disabled,12,8

#Password History. User cannot use 4 previous passwords

password sufficient pam_unix.so md5 shadow nullok use_authtok remember=4

password required pam_deny.so

session optional pam_keyinit.so revoke

session required pam_limits.so

session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session required pam_unix.so

K9 Web Protection - Free Internet Filtering and Parental Controls Software

Free web protection for your PC from BlueCoat

K9 Web Protection - Free Internet Filtering and Parental Controls Software