Contents:
FreeRADIUS Installation
Environment:
One Ubuntu 16.04 server running on VirtualBox and at least one other machine with freeradius-utils installed.
sudo apt install freeradius
sudo systemctl status freeradius
sudo su
cd /etc/freeradius
less radiusd.conf
cd /var/log
cd freeradius
less radius.log
sudo freeradius -X
systemctl stop freeradius
freeradius -X
systemctl stop freeradius
nano /etc/freeradius/users
testing Cleartext-Password := "secret"
freeradius -X
radtest testing secret 127.0.0.1 0 testing123 #from new shell
nano /etc/freeradius/clients.conf
client new {
ipaddr = 192.168.0.100
secret = testing123
}
apt install freeradius-utils #on remote client
radtest testing secret 192.168.0.114 0 testing123 #on remote client
FreRADIUS Tools
sudo su
radmin
cd /etc/freeradius/sites-available
ls
ln -s /etc/freeradius/sites-available/control-socket /etc/freeradius/sites-enabled/control-socket
nano /etc/freeradius/sites-enabled/control-socket
mode = rw
# stop debug mode - ctrl-c
systemctl start freeradius
radmin
radmin> show client list
radmin> debug file bugfilename
radmin> show debug file
radmin> debug condition '(User-Name == harry)'
radmin> debug file
echo "Message-Authenticator = 0x00" | radclient localhost status testing123
radlast
/var/log/freeradius/radwtmp
radwho
nmap
sudo apt install nmap
nmap bootstrap-it.com
nmap -sA bootstrap-it.com
nmap 192.168.0.0/24
nmap -p T:80 bootstrap-it.com
nmap -p T:20-25 bootstrap-it.com
nano /home/ubuntu/networks.txt
bootstrap-it.com
192.168.0.0/24
10.0.3.0/24
localhost
nmap -iL /home/ubuntu/networks.txt
sudo nmap -v -O --osscan-guess 192.168.0.110
NDPMon
sudo apt install ndpmon
sudo ndpmon
sudo ndpmon -L
cd /var/lib/ndpmon
ls
cd /etc/ndpmon
ls
less config_ndpmon.xml
sudo ndpmon
Wireshark and tcpdump
Environment:
Although I demonstrated installing Wireshark from a VM, I actually launched it from on my local workstation as it launches its own GUI
sudo apt install wireshark
sudo dpkg-reconfigure wireshark-common
sudo nano /etc/group
exit
ssh
wireshark # launch in workstation
tshark -i eth0
tshark -i eth0 -w newstream.pcap
tshark -r newstream.pcap
tcpdump -r newstream.pcap
tshark -i eth0 -Y http.request -T fields -e http.host -e http.user_agent -e ip.dst
wget google.com
sudo tcpdump host 192.168.0.100
sudo tcpdump dst 192.168.0.100
sudo tcpdump net 192.168.0.0/24
sudo tcpdump icmp
sudo tcpdump port 80
ntop
apt install ntop
sudo systemctl status ntop
ps aux | grep ntop
sudo chown -R ntop:ntop /var/lib/ntop/
sudo chown -R ntop:ntop /usr/share/ntop/
sudo ln -s /usr/share/ntop/html /var/lib/ntop/
sudo nano /etc/default/ntop
sudo systemctl status apache2
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3000 -j DNAT --to 10.0.4.235:3000
192.168.1.4:3000 # from browser
sudo systemctl stop ntop
sudo ntop -B "src host 192.168.0.100"
sudo su
cd /var/lib/ntop
ls
cd rrd
Snort
sudo apt install snort
ls /etc/snort/
nano /etc/snort/snort.conf
snort -T -i enp0s3 -c /etc/snort/snort.conf
snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i enp0s3
ls /var/log/snort
which snort-stat
cat /var/log/auth.log | /usr/sbin/snort-stat | sendmail root
cd /var/log/snort
cat snort.log.1464985037 | /usr/sbin/snort-stat | sendmail root [type in...and tab for log #
OpenVAS - CentOS 7
yum install wget bzip2
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum install openvas
openvas-setup
systemctl stop iptables
nano /etc/selinux/config
SELINUX=disabled
openvas-mkcert -n om -i
cd /var/lib/openvas/CA
/var/lib/openvas/private/CA
openvasmd --rebuild
openvasmd
ip addr
OpenVAS - Ubuntu
add-apt-repository ppa:mrazavi/openvas
apt update
sudo apt install openvas
openvas-nvt-sync
openvas-scapdata-sync
openvas-certdata-sync
systemctl restart openvas-scanner
systemctl restart openvas-manager
openvasmd --rebuild --progress
openvasmd --get-users
openvasmd --create-user=steve --role=Admin
openvasmd --get-users
openvasmd --delete-user=steve
openvasmd --get-scanners
openvasmd --create-scanner=myscanner
openvasmd --get-scanners
cd /etc/openvas
less openvassd.conf
openvassd -a x.x.x.x
iptables
iptables -L
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -L
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -L
iptables-save
iptables-save > /etc/myiptables.rules
iptables-restore < /etc/myiptables.rules
NAT Port Forwarding
Environment:
Two VMs - use VirtualBox to configure a second network interface for one of the machines and leave the interface unconnected.
# /etc/network/interfaces (on server)
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto enp0s3
iface enp0s3 inet dhcp
# Secondary network interface
auto enp0s8
iface enp0s8 inet static
address 192.168.1.246
netmask 255.255.255.0
network 192.168.1.0
gateway 192.168.1.1
#==============================
iptables -A FORWARD -i enp0s3 -o enp0s8 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -i enp0s3 -o enp0s8 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i enp0s8 -o enp0s3 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.4
iptables -t nat -A POSTROUTING -o enp0s8 -p tcp --dport 80 -d 192.168.1.4 -j SNAT --to-source 192.160.0.130
IPSET
apt install ipset
iptables -A INPUT -s 192.168.0.0/24 -p TCP -j REJECT
ipset create mynewlist hash:ip hashsize 4096
ipset add mynewlist 192.168.0.23
ipset add mynewlist 192.168.0.24
ipset add mynewlist 192.168.0.25
iptables -I INPUT -m set --match-set mynewlist src -p TCP --destination-port 80 -j REJECT
iptables -D INPUT -m set --match-set mynewlist src -p TCP --destination-port 80 -j REJECT
ipset destroy mynewlist
Other Packet Filtering Tools
ip6tables -L
nano /etc/sysctl.conf
net.ipv6.conf.all.forwarding=1 [uncomment]
sysctl -p
apt install ebtables
ebtables -L
ebtables -t nat -A POSTROUTING -o enp0s3 -j snat --to-source 08:00:27:6a:ca:88
apt install nftables
nft -f /usr/share/doc/nftables/examples/ipv4-filter
nft list table filter
nft add rule ip filter output ip daddr 10.0.3.234 drop
nft list table filter
VPN Tunnels
Environment:
I used an EC2 server running Ubuntu 14.04 and a local laptop running Ubuntu 16.04 as a client.
ssh -i plural.pem ubuntu@x.x.x.x # log into EC2 instance
sudo su
apt update
apt install apache2
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key add -
echo "deb http://swupdate.openvpn.net/apt trusty main" > /etc/apt/sources.list.d/swupdate.openvpn.net.list
apt update
apt install openvpn easy-rsa
zcat /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
cd /etc/openvpn/
nano server.conf
nano /etc/sysctl.conf
sysctl -p
service openvpn start
cp -r /usr/share/easy-rsa/ /etc/openvpn
mkdir easy-rsa/keys
cd easy-rsa
. ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
cd keys
cp server* /etc/openvpn
cp dh2048.pem /etc/openvpn
cp ca.crt /etc/openvpn
cd ..
./pkitool client3
cd keys
# On client:
sudo su
apt install openvpn
cd /etc/openvpn
# you may notice that, in the demo, I didn't actually copy these files from their original directory, but from /home/ubuntu
# this was to accommodate their restricted permissions
scp -i /home/studio/plural.pem ubuntu@x.x.x.x:/etc/openvpn/easy-rsa/keys/client3.key .
scp -i /home/studio/plural.pem ubuntu@x.x.x.x:/etc/openvpn/easy-rsa/keys/client3.crt .
scp -i /home/studio/plural.pem ubuntu@x.x.x.x:/etc/openvpn/easy-rsa/ca.crt .
nano /etc/openvpn/client.conf
sudo openvpn --tls-client --config client.conf
# client.conf file:
dev tun
proto tcp-client
# proto udp
remote 54.172.23.214 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
VPN Bridges
sudo su
apt install openvpn easy-rsa bridge-utils
nano /etc/network/interfaces
auto enp0s3
iface enp0s3 inet dhcp
auto enp0s8
iface enp0s8 inet manual
up ip link set $IFACE up promisc on
auto br0
iface br0 inet static
address 10.0.0.4
netmask 255.255.255.0
bridge_ports enp0s8
ifup -a
route
nano /etc/sysctl.conf
sysctl -p
cp -r /usr/share/easy-rsa/ /etc/openvpn
mkdir /etc/openvpn/easy-rsa/keys
cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
./build-ca
./build-key-server bridge-server
./build-dh
cd keys
cp bridge-server* /etc/openvpn
cp dh2048.pem /etc/openvpn
cp ca.crt /etc/openvpn
zcat /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
nano /etc/openvpn/server.conf
;dev tun
dev tap
up "/etc/openvpn/up.sh br0 enp0s8"
cert bridge-server.crt
key bridge-server.key
;server 10.8.0.0 255.255.255.0
;server 10.8.0.0 255.255.255.0
server-bridge 10.0.0.4 255.255.255.0 10.0.0.128 10.0.0.254
nano up.sh
chmod +x up.sh
#!/bin/sh
BR=$1
ETHDEV=$2
TAPDEV=$3
/sbin/ip link set "$TAPDEV" up
/sbin/ip link set "$ETHDEV" promisc on
/sbin/brctl addif $BR $TAPDEV
chmod +x up.sh
systemctl status openvpn
openvpn --script-security 3 --config server.conf
systemctl status openvpn
cd /etc/openvpn/easy-rsa
./pkitool client4
# On client:
apt install openvpn
ls
cp * /etc/openvpn
cd /etc/openvpn
ls
chmod 600 client4.key
nano /etc/openvpn/client.conf
#proto tcp-client
proto udp
dev tap
;dev tun
remote 192.168.0.119 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
log openvpn.log
comp-lzo
verb 4
ca ca.crt
cert client4.crt
key client4.key
dh dh2048.pem
sudo openvpn --tls-client --config client.conf &
cat openvpn.log
IPsec
sudo su
apt install racoon
nano /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 192.168.0.119 192.168.0.145 any -P out ipsec
esp/transport//require;
spdadd 192.168.0.145 192.168.0.119 any -P in ipsec
esp/transport//require;
systemctl start setkey
systemctl status setkey
nano /etc/racoon/racoon.conf
log notify;
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
remote anonymous {
exchange_mode main,aggressive;
proposal {
encryption_algorithm aes_256;
hash_algorithm sha256;
authentication_method pre_shared_key;
dh_group modp1024;
}
generate_policy off;
}
sainfo anonymous{
pfs_group 2;
encryption_algorithm aes_256;
authentication_algorithm hmac_sha256;
compression_algorithm deflate;
}
openssl rand -hex 15
nano psk.txt
192.168.0.119 71d224d601368b77bb04
systemctl restart racoon