Shrink LVM Volume – Ubuntu

Boot from an Ubuntu LiveCD

Locate the volume group that you wish to shrink
ubuntu@ubuntu:~$ sudo lvmdiskscan

ubuntu@ubuntu:/dev$ sudo lvmdiskscan
/dev/ram0 [ 64.00 MiB]
/dev/loop0 [ 1.41 GiB]
/dev/ubuntu-vg/root [ 460.32 GiB]

Issue the following command to shrink the file system and the volume
ubuntu@ubuntu:~$ sudo lvreduce –resizefs –size -230G /dev/ubuntu-vg/root

Reboot

Get Log Entries For a Range of Time on Linux

You need to check the logs for a problem and you know when it occurred. This will allow you to grab all of the entries for a period of time to make the search for clues easier.

sudo cat secure | awk '/^Dec  1 09:27/,/^Dec  1 09:33/'
Dec  1 09:03:09 u16532612 sshd[24297]: Failed password for root from 43.229.53.54 port 43335 ssh2
Dec  1 09:03:12 u16532612 sshd[24297]: Failed password for root from 43.229.53.54 port 43335 ssh2
Dec  1 09:03:14 u16532612 sshd[24297]: Failed password for root from 43.229.53.54 port 43335 ssh2

Beacon Attack Script

Using MDK3 to create a bunch of fake wireless networks is a neat party trick. This bash script will create a text file with a list of network names, defined in a the “networks” array, if it doesn’t already exist.

Then the script will configure the interface by putting it in monitor mode. Finally the script will fire off MDK3 using the text file created earlier. Continue reading “Beacon Attack Script”

Fake Access Point with BT5/Kali Linux

I’m not sure who to credit with the writing of the script below. It’s all over the Internet and I haven’t been able to determine with any certainty who originally wrote it.

While technically a way to attack wireless clients, I just wanted a quick way to set up and access point. This worked out well since I had a BackTrack 5 VM, a USB wireless NIC, some familiarity with the Aircrack suite, and a bit of free time.

This post assumes that you already have the Aircrack tools installed. You will also have to install and configure DHCP. Continue reading “Fake Access Point with BT5/Kali Linux”

Delegate DNS Zone in BIND

The following will delegate a zone file for a sub-domain, “sub”, under the “example.com” parent domain.

Edit the “/etc/named.conf” file on “ns1.example.com” by adding a block for the parent domain:

zone "example.com" IN {
        type master;
        file "db.example.com";
        allow-update { none; };
        notify no;
        forwarders { };

Continue reading “Delegate DNS Zone in BIND”

Configure SSHD for Security

The Secure Shell daemon should be hardened to prevent unauthorized access before being put into production.

Verify that /etc/ssh/sshd_config contains the following lines and that they are not commented out.

  • Protocol 2
  • IgnoreRhosts yes
  • HostbasedAuthentication no
  • PermitRootLogin no
  • Banner /etc/issue (See banner example below)
  • PermitEmptyPasswords no
  • AllowTcpForwarding no (unless needed)
  • X11Forwarding no
  • AllowUsers <username1> <username2> (Optional)
  • DenyUsers <username1> <username2> (Optional) Continue reading “Configure SSHD for Security”

Create and Install a Self-Signed SSL Certificate on Apache/CentOS 6

SSL is a great way to protect traffic to your website. These are the steps to create a self-signed certificate and install it on an apache web server. It is self-signed, so the user’s browser will throw an error because it doesn’t trust the certificate. It’s a start though….

Install Mod SSL

yum install mod_ssl

Continue reading “Create and Install a Self-Signed SSL Certificate on Apache/CentOS 6”