NetScreen Snooping

1- Increase the size of the dbuf buffer from the default of 32k

set dbuf size 4096

2- By default, snoop will only capture the headers of packets, i.e. 96 bytes. It won't capture the entire packet. If you want to capture the entire packet, you will need to use snoop detail len, where len specifies the amount of data in bytes you wish to capture for each packet, e.g., snoop detail len 256 to capture the first 256 bytes of packets

snoop detail len 256

3- To create a filter so that you see only the pertinent data, unless you want to see everything.
snoop filter ip 10.10.10.10

4- Before starting snoop, make sure that the buffer is empty:

clear dbuf

5- Start snooping:

snoop

6- Make sure to close snoop, as it's resource intensive:

snoop off

7- You can send the captured data to an external tftp server:

get dbuf stream > tftp 10.10.10.11 capture.pcap

Reference: http://support.moonpoint.com/security/firewalls/netscreen/snoop.php 

How to disable SSL v2 on IIS 7.0/7.5 on Windows 2008

SSL v2 is weak and outdated protocol. All modern browsers support SSL v3 and it's enabled by default on Windows 2008 (IIS 7 / IIS 7.5). To make sure all clients are using SSL v3 we must disable SSL v2.

This is what needs to be done to disable SSL v2:

1. Start - Run
2. Type "regedit" and click OK
3. Locate the following key: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0
4. Right click the "SSL 2.0" key and select Edit > Add key
5. Type "Server" and click Enter
6. Right click Server and select New > Add DWORD (32 bit) value
7. Type "Enabled" as the name and make sure the value is "0"
8. Restart the server

You can test your web server if it still supports SSL v2 or not using http://www.serversniff.net/content.php?do=ssl or http://foundeo.com/products/iis-weak-ssl-ciphers/

Reference: http://www.aip.im/2012/03/how-to-disable-ssl-v2-enable-ssl-v3-on-windows-2008/

Schedule Task for NPS Config Backup [Server 2008]

On Windows Server 2008

1- Create a text file and modify extension to PS1

C:\Config_Backup_Script\nps_radius_config_bk.PS1

2- Enter the powershell command in the

netsh nps export filename="C:\NPS Configration Backup\nps_config_$(get-date -f yyyy-MM-dd).xml" exportPSK=YES

3- Open Task Scheduler, "Create Basic Task", follow the wizard.
4- Under the action, choose "Start program" and enter
powershell.exe "&'C:\Config_Backup_Script\nps_radius_config_bk.PS1'"
5- Right click the task and open properties.

• "Change User or Group", choose "administrator" or any privileged user.
• Tick "Run whether user is logged on or not".
• Tick "Run with highest privileges".
• Click Ok and provide the administrator password.

Enjoy

Nagios Log File Time Conversion [Human Readable]

To tail the file online:

tail -f /var/log/nagios3/nagios.log | perl -pe 's/(\d+)/localtime($1)/e'

To convert certain time stamp:

echo 1376930831 | perl -pe 's/(\d+)/localtime($1)/e'
Mon Aug 19 19:47:11 2013

Ubuntu APT Proxy Settings

Open apt configuration file

vim /etc/apt/apt.conf

and add the following:

Acquire::http::Proxy "http://username:password@proxyhostname:port";

The syntax shown above should be strictly followed.

This configuration may fail if your username or password has an '@' in it. You can also add proxy configuration for other protocols such as FTP. 

Installing Active Directory Users and Computers for Windows 2008

From server manager, go to Features, then add

Expand:

• Remote Server Administration Tools
• Role Administration Tools
• Active Directory Domain Services Tools

and then check Active Directory Domain Controller Tools

it includes:

• Active Directory Users and Computers
• Active Directory Domains and Trusts
• Active Directory Sites and Services
• ...

Server 2008 R2 Instructions:

Under Role Administration Tools, expand

• AD DS and AD LDS Tools
• AD DS Tools
• AD DS Snap-Ins and Command-Line Tools.

Reference: http://serverfault.com/questions/108866/how-to-install-active-directory-users-and-computers-for-windows-2008

Creating Root Certificate Authority using Debian to implement PEAP authentication on Microsoft NPS Radius

############# Creating Root Certificate Authority over Debian #############

By default - CA.pl (and CA.sh for that matter) together with openssl.cnf are set up so that everything happens in the local directory - with the CA store in ./demoCA. This isn't so very useful. So - let's make some decisions.

Our CA certificate will have a life of 10 years
Our SSL certificates will have a life of 2 years
We will store the CA information in /etc/ssl/ca (alongside the other ssl files).

#############  Changes to CA.pl
Locate the variables at the top - DAYS and CADAYS. Change these lines to look like:

    $DAYS="-days 730";     # 2 year
    $CADAYS="-days 3650";  # 10 years
$CATOP="/etc/ssl/ca";

############# Changes to openssl.cnf
The first change must match the $CATOP variable from CA.pl - we need to change the dir variable so that it looks like

dir = /etc/ssl/ca

We should also set the default number of days to match $DAYS:

default_days = 730

Generating the CA certificate and storage area
cd testCA/
 /usr/lib/ssl/misc/CA.pl -newca

HINT: Your new cacert.pem file is now in /etc/ssl/ca/cacert.pem and can be distributed for installation in browsers etc.

############# Generating a certificate request
To create any server certificate for any reason, like PEAP or WEB servers

/usr/lib/ssl/misc/CA.pl -newreq

HINT:  The vital point is that the CN of the certificate must be the domain name of the site you wish to secure. You can use *.example.com for a wildcard certificate
HINT: This will generate a newkey.pem and a newreq.pem. newkey.pem you need to keep for later - newreq.pem you would send off for signing - in this case to yourself - but you could also use it for purchasing a real certificate.

############# Signing a certificate request
Given a newreq.pem in the current working directory run
/usr/lib/ssl/misc/CA.pl -sign

HINT: This will sign the request and generate a newcert.pem with the signed certificate. You will have to enter the password for your CA key which you supplied when creating the CA key, certificate and store.
HINT: It's better to rename those files to something useful:

mv newcert.pem NPS_RADIUS_04.cert
mv newkey.pem NPS_RADIUS_04.key

############# Removing passphrase
Note - your certicate's key has a passphrase assigned during the -newreq phase. If you want your software to autostart this won't work - since it prompts for the password. To remove a passphrase:
openssl rsa -in NPS_RADIUS_04.key -out NPS_RADIUS_04.nopass.key

############# Installing the issued certificate in Windows 2008
openssl pkcs12 -export -out cert+key.nopass.p12 -in NPS_RADIUS_04.cert -inkey NPS_RADIUS_04.nopass.key

should convert the cert and key into a PKCS#12 file, which Windows will probably have an easier time dealing with.


References:
http://www.debian-administration.org/articles/618