Security – Page 3

View and configure sharing of files and folders Windows from the command line

I will give an example of some commands for setting up sharing of resources.

View shared resources:

net share

Deleting a shared resource:

net share <sharename> /delete

Sharing a folder:

net share sharename=C:\dir

Example of disconnecting users from the share:

net session \\pc1 /delete

To close an open network file, use the command:

net file file_id /close

An example of granting user rights to a file (N – not set, W – write, C – change, F – full access):

cacls file.txt /G User:w

To cancel user access to a share:

cacls /R User

We allow up to 5 users to simultaneously connect to a shared resource:

net share sharename /users:5

Example of caching settings from a share (manual/BranchCache/documents/programs/none):

net share myshare /cache:manual

I want to note that when opening a share to a resource in the firewall, the following ports should be opened: TCP 139, TCP 445, UDP 137, UDP 138.

Installing and using the nbtscan network scanner

Install command in Linux Ubuntu/Debian:

sudo apt-get install nbtscan

The Windows version can be downloaded from http://www.unixwiz.net/tools/nbtscan.html

Network scan example:

nbtscan 192.168.1.0/24

I will describe the possible startup keys:
-O FILENAME (output information to file)
-v (more detailed information output)
-p (port indication)
-H (generate HTTP header)
-m (MAC address indication)
-n (do not convert names to DNS, display only IP)
-t NUMBER (response time in seconds, default 1)
-v (display version nbtscan)

Blocking third-party DHCP on Cisco via DHCP Snooping

On the test, I configure DHCP Snooping on the Cisco Catalyst 6509-E to block third-party DHCP servers, on the other Cisco switches, the configuration is basically the same.

After connecting to the device immediately go to the configuration mode:

enable
configure

Continue reading “Blocking third-party DHCP on Cisco via DHCP Snooping”

How to run MySQL server on specific IP

The appropriate solution I found for running MySQL server on specific IP addresses is to run it at all and then filter the connected clients through iptables.

For the test, I used Ubuntu Server 16.04.5 LTS, which had more than 200 external white IPs and was highly loaded.

Continue reading “How to run MySQL server on specific IP”

Configuring SSH session timeout

To configure the timeout for SSH sessions, let’s see where the SSH server configuration file is located:

sudo find / -name sshd_config

Open it in any text editor, for example nano:

sudo nano /etc/ssh/sshd_config

Continue reading “Configuring SSH session timeout”

How to disconnect SSH user

Let’s say that several users are connected through SSH.

First look at the list of online users:

Suppose the following information is displayed (where test is the user’s login):

USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
test     tty1                      11:20    1:07   0.03s  0.03s -bash
test     pts/0    192.168.1.5      11:21   13.00s  0.02s  0.02s -bash
test     pts/1    192.168.1.3      11:21    0.00s  0.02s  0.00s w

tty1 – it is a client logged in locally, that is, it is located near the computer.
pts/1 – judging for example on IP and WHAT, let’s assume that it’s us, accordingly pts/0 is the client of which we want to disconnect.

See the list of processes and their PID:

ps faux |grep sshd

At me it was displayed:

root       946  0.0  0.5  65508  5368 ?        Ss   12:00   0:00 /usr/sbin/sshd -D
root      1147  0.0  0.6  92828  6920 ?        Ss   12:01   0:00  \_ sshd: test [priv]
test      1178  0.0  0.3  92828  3384 ?        S    12:01   0:00  |   \_ sshd: test@pts/0
root      1192  0.0  0.6  92828  6592 ?        Ss   12:02   0:00  \_ sshd: test [priv]
test      1223  0.0  0.3  92828  3532 ?        S    12:02   0:00      \_ sshd: test@pts/1
test      1248  0.0  0.0  15468   956 pts/1    S+   12:25   0:00              \_ grep --color=auto sshd

We find test@pts/0 and accordingly 1178 is the required PID.

We terminate the process by specifying its ID, after which the user will immediately disconnect:

sudo kill -9 1178

Installing and using ClamAV antivirus

Clam AntiVirus — a package of antivirus software running on many operating systems.

Configuring Fail2Ban for Bind9

Suppose Fail2Ban is already installed, if not, then see my article – Installing and Configuring Fail2ban.

By default, Bind9 does not write logs, so open its configuration file in any text editor:

How to find iPhone from a computer?

To see from the computer where the iPhone is located:

Installing Certbot in Ubuntu

On the test I will install ACME client Certbot in Ubuntu 16.04 (xenial), which will help to get Free SSL certificates Let’s Encrypt for 90 days and automatically update them.
For other versions of Ubuntu, the Certbot client is installed similarly.

The first step is to add the Certbot repository and perform the installation:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache

Now run Certbot to get an SSL certificate:

sudo certbot --apache

To manually change the configuration of Apache2 and Certbot did not change it, you can run the following command:

sudo certbot --apache certonly

After running the command, you must select the site for which you want to request an SSL certificate.

After receiving the certificate, the following information was displayed:

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2018-08-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew *all* of
your certificates, run “certbot renew”
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.

A separate site configuration file for HTTPS was created, but in that lines that redirected from HTTP to HTTPS were added, the general similar changes as I described in this article – Installing and Configuring Let’s Encrypt SSL.

To update automatically, run the following command:

sudo certbot renew

You can also add a command to Cron for automatic updates, see my article – Using and configuring CRON

Example of adding to Cron (every Monday at 3:15):

sudo crontab -e
15 3 * * 1 certbot renew >> /var/log/certbot-renew.log

Or to /etc/crontab:

15 7 * * 1 root certbot renew >> /var/log/certbot-renew.log

For a test update, you can run a command (configuration and certificates will not be affected):

sudo certbot renew --dry-run

If the certificate expires and the update is run, nothing will happen.
To update certificates, apache2 should also work on port 80.

To update the version of Certbot itself, run the following commands:

sudo apt update
sudo apt install certbot