Affix Fedora and EPEL Repos

As you are possibly aware I used to have my own repos where I had various security Tools. I am in the process of rebuilding these and have 2 packages for Fedora and 4 for EPEL at the moment.

Fedora Users :

[affix-fedora]
name=Affix Fedora $releasever - $basearch
baseurl=https://repo.affix.me/Fedora/$releasever/$basearch
enabled=1
gpgcheck=0

EL 6 & 7 Users :

[affix-EPEL]
name=Affix EPEL $releasever - $basearch
baseurl=https://repo.affix.me/EPEL/$releasever/$basearch
enabled=1
gpgcheck=0

I plan in the near future to gpg sign these packages and will update when I have done so. If you have any package requests let me know.

Repoview

EPEL 6 – x86_64i686

EPEL 7 – x86_64

Fedora 20 – x84_64i686

Fedora 21 – x86_64i686

Buffer Overflow: Overwriting the Return Value

In this tutorial I will walk you through the process of overwriting the return value of an application using a Buffer Overflow.

Requirements :

– A Linux System (i686 or x64) [Disable Kernel Buffer Overflow Protection]

A basic understanding of the stack

– A willingness to learn

Why would we do this?

As far as I am concerned there is no legitimate use for this technique however it is a useful skill to possess and understand how a Buffer Overflow works. Understanding these concepts will help you develop more secure applications.

What is a “Buffer Overflow”?

Well put simply a buffer overflow is an attack vector where you attack an application by overflowing the memory location of a buffer leading to code leaking into the next memory location. This usually causes a Segmentation Fault (SIGSEGV in linux).

Using this we can execute arbitrary code or cause the application to execute another piece of code within the application by overwriting the return value.

Will this harm my computer?

Using this guide will not harm your computer unless you do something terribly wrong. Feel free to use a virtual machine. Continue reading Buffer Overflow: Overwriting the Return Value

Block Basic Web Attacks with NginX

Here is a quick snippet that will block and return a Forbidden error if nginx detects request related vulnerabilities.

 

    ## Block SQL injections
    set $block_sql_injections 0;
    if ($query_string ~ "union.*select.*\(") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "union.*all.*select.*") {
        set $block_sql_injections 1;
    }
    if ($query_string ~ "concat.*\(") {
        set $block_sql_injections 1;
    }
    if ($block_sql_injections = 1) {
        return 403;
    }

    ## Block file injections
    set $block_file_injections 0;
    if ($query_string ~ "[a-zA-Z0-9_]=http://") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") {
        set $block_file_injections 1;
    }
    if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") {
        set $block_file_injections 1;
    }
    if ($block_file_injections = 1) {
        return 403;
    }

    ## Block common exploits
    set $block_common_exploits 0;
    if ($query_string ~ "(<|%3C).*script.*(>|%3E)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "proc/self/environ") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") {
        set $block_common_exploits 1;
    }
    if ($query_string ~ "base64_(en|de)code\(.*\)") {
        set $block_common_exploits 1;
    }
    if ($block_common_exploits = 1) {
        return 403;
    }

    ## Block spam
    set $block_spam 0;
    if ($query_string ~ "\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b") {
        set $block_spam 1;
    }
    if ($query_string ~ "\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b") {
        set $block_spam 1;
    }
    if ($block_spam = 1) {
        return 403;
    }

    ## Block user agents
    set $block_user_agents 0;

    # Don't disable wget if you need it to run cron jobs!
    #if ($http_user_agent ~ "Wget") {
    #    set $block_user_agents 1;
    #}

    # Disable Akeeba Remote Control 2.5 and earlier
    if ($http_user_agent ~ "Indy Library") {
        set $block_user_agents 1;
    }

    # Common bandwidth hoggers and hacking tools.
    if ($http_user_agent ~ "libwww-perl") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetRight") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GetWeb!") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go!Zilla") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Download Demon") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "Go-Ahead-Got-It") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "TurnitinBot") {
        set $block_user_agents 1;
    }
    if ($http_user_agent ~ "GrabNet") {
        set $block_user_agents 1;
    }

    if ($block_user_agents = 1) {
        return 403;
    }

Before the flame war starts I know this is basic, But it works!

Setting up NginX, MariaDB and PHP with EL6

I decided to port this over from one of my Previous posts to give myself some content worth reading. Its a guide I wrote that walks you through the process of setting up MariaDB, NginX and PHP on CentOS 6. This is now the default “lamp” (I suppose its now LNMP) stack of EL7.

 

Pre-Requisites :

An EL6 Server (A VPS Will do)
15-20 Minutes of Spare Time

Initial Setup

First we need to install the EPEL Package source.

# rpm -Uivh http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

PHP and php-fpm

What is php-fpm?
PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.

To install via yum you can simply do

# yum -y install php php-fpm php-mysql

MariaDB

What is MariaDB?
MariaDB is a drop in replacement for mySQL (i.e its entirely compatible with mySQL)

To install it you need to add a file called mariadb.repo to /etc/yum/repos.d the file should contain

# MariaDB 10.0 CentOS repository list - created 2014-04-28 00:16 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Once you have this simply install with

# yum -y install MariaDB-* --skip-broken --exclude=MariaDB-Galera-server

The above will install all you need unless you wish to setup a MariaDB Cluster (Stay Tuned for another tut)

You can access the MariaDB Console from

# mysql

NginX

Nginx (pronounced engine-x) is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Igor Sysoev started development of Nginx in 2002, with the first public release in 2004. Nginx now hosts nearly 12.18% (22.2M) of active sites across all domains. Nginx is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.

Installing NginX is pretty simple its just

# yum -y install nginx

Setting up your vhost
Create a file in /etc/nginx/conf.d called example.com

The file should contain the following (I have commented)

server {
    listen       80; # Use port 80 as listening port
    server_name  example.com www.example.com; # Serve both www.example.com and example.com
    root /var/www/example/; # Absolute Path to webroot
    index index.php index.htm index.html; # index file names

    # This block denies access to common config files
    location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|store) {
        deny all;
        return 403;
    }

    # Cache configuration for image files
    location ~* \.(gif|jpe?g|png|css)$ {
        expires   30d;
    }

    # Handle PHP File
    location ~ \.php$ {
        try_files $uri =404; # If the file does not exist return a 404 error
        fastcgi_pass   unix:/var/run/php-fpm/php-fpm.sock; # Use a unix socket for fast-cgi
        fastcgi_index  index.php; # Indec files for fast_cgi
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name; # Fast CGI Script Location
        include fastcgi_params;  # Include Fast CGI Defaults
    }
}

Starting Up

# service php-fpm start
# chkconfig php-fpm on
# service nginx start
# chkconfig nginx on
# service mysqld start  # NOTE: MariaDB uses mysqld as daemon name
# chkconfig mysqld on

A Blog Refresh!

Recently I had a Multi-Disk failure in a RAID6 Array. I didn’t expect that to happen but I suppose it did.

Instead of restoring a backup I have decided to start my blog from scratch. I loose a few posts but I suppose that happens.

Its not all bad news though, This allowed me to rebuild my infrastructure and have a play around with oVirt and I must say I genuinely love it.

I will be posting a guide in the near future on how to setup and configure your own oVirt Virtualisation Platform on CentOS and Fedora!