LightSaber

Python-ldap on OS X

2016-08-04T00:00:00-07:00

python-ldap is supporting the Python2 and Python3. But I never tried to install on OS X.

I got error message, when I try to install the python-ldap via pip

pip install python-ldap
...
Modules/LDAPObject.c:18:10: fatal error: 'sasl.h' file not found
#include <sasl.h>
         ^
1 error generated.
error: command 'cc' failed with exit status 1

The official python-ldap site(https://www.python-ldap.org/download.html) is having the guide to install on OS X

Set up a suitable development environment by running xcode-select --install. After that you can install directly from PyPI.

xcode-select --install xcode-select: note: install requested for command line developer tools sudo pip install python-ldap Password: Collecting python-ldap Downloading python-ldap-2.4.27.tar.gz (125kB) 100% |████████████████████████████████| 133kB 175kB/s Requirement already satisfied (use --upgrade to upgrade): setuptools in /Library/Python/2.7/site-packages (from python-ldap) Installing collected packages: python-ldap Running setup.py install for python-ldap ... done Successfully installed python-ldap-2.4.27 python -c "import ldap; print(ldap)" ```

Removing the BOM characters using python

2016-07-21T16:03:00-07:00

I exported the one of the csv file I wan to get some information using csvkit. but csvkit return the error like below:

'cp949' codec can't encode character u'\ufeff' in position 5: illegal multibyte sequence

BOM(https://en.wikipedia.org/wiki/Byte_order_mark) characters in the exported files. and I wrote the script to remove the BOM characters

import codecs
import sys
import os

try:
    with open("%s.new" % sys.argv[1], 'w') as new:
        with open(sys.argv[1], 'r') as f:
            for line in f:
                new.write(unicode(line.replace(codecs.BOM_UTF8, ''), 'utf-8'))
    os.rename(sys.argv[1], "%s.bak" % sys.argv[1])
    os.rename("%s.new" % sys.argv[1], sys.argv[1])
except Exception as e:
    print(e)

How to make a Simple .deb file

2016-07-06T12:09:00-07:00

References

http://packaging.ubuntu.com/html/packaging-new-software.html
http://packaging.ubuntu.com/html/debian-dir-overview.html
http://tldp.org/HOWTO/html_single/Debian-Binary-Package-Building-HOWTO/#AEN66
https://raphaelhertzog.com/2010/12/17/do-not-build-a-debian-package-with-dpkg-b/
https://raphaelhertzog.com/debian-packaging/

Standard debian notation is all lowercase in the following format

<project>_<major_version>.<minor_version>-<package revision>

Example:

helloworld_1.0-1

Step by Step

create a directory to make my package in. the name should be same as the package name mkdir helloword_1.0-1
Pretend that the packaging directory is actually that root of the file system. Put the files of your program where they would be installed to on a system.

mkdir helloworld_1.0-1/user
mkdir helloworld_1.0-1/user/local
mkdir helloworld_1.0-1/user/local/bin
cp "~/Projects/Hello World/helloworld" helloworld_1.0-1/usr/local/bin

Create a special metadata file with which the package manager will install your program

mkdir helloword_1.0-1/DEBIAN
touch helloword_1.0-1/DEBIAN/control
Put something like this in that file
Package: helloworld
Version: 1.0-1
Section: base
Priority: optional
Architecture: i386
Depends: libsomethingorrather (>= 1.2.13), anotherDependency (>= 1.2.6)
Maintainer: Your Name <you@email.com>
Description: Hello World
 When you need some sunshine, just run this
 small program!

 (the space before each line in the description is important)

You just need to make the package

dpkg-deb --build helloworld_1.0-1

Install Asus PCE-N53 Driver for Ubuntu 14.04

2016-07-05T00:00:00-07:00

When I bought the asus wireless NIC, My dekstop was using the Windows. but recently I changed to Ubuntu 14.04 Dekstop. The hell of the WIRELESS was started from that time.

The driver which provided by Asus is not supported to Kernel 3.x version. I found the patched version from the github.com

https://github.com/unused/patched-Asus-PCE-N53-linux-driver

Download the files, and run command.

sudo make && sudo make instal

This commands are only accepted to current session. After reboot the computer, you will have to enabled the driver again.

Add the ifconfig ra0 up to the /etc/rc.local and add rt5592sta to the /etc/modules

Suricata IDS on Ubuntu Server

2016-07-05T00:00:00-07:00

Suricata 설치하기

suricata repository 종류

Stable

sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt-get update && sudo apt-get install suricata

Beta

sudo add-apt-repository ppa:oisf/suricata-beta
sudo apt-get update && sudo apt-get install suricata

Daily Release

sudo add-apt-repository ppa:oisf/suricata-daily
sudo apt-get update && sudo apt-get install suricata

Interface card 설정 하기

Network interface file

sudo vim /etc/network/interfaces

아래 내용을 추가한다.

auto eth1
iface eth1 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down

로그 종류

eve.json
fast.log
http.log
stats.log
unified2.alert.1437460553

Suricata 관리하기

oinkmaster

pulledpork

py-idstools

Sample Command

sudo idstools-rulecat --rules-dir /etc/suricata/rules/ --sid-msg-map /etc/suricata/rules/sid-msg.map --disable disable.conf --post-hook "/etc/init.d/suricata restart"

인자 설명

rules-dir : 룰 폴더의 경로
sid-msg-map: sid-msg.map 파일의 경로
disable: 사용하지 않을 룰의 sid를 가지고 있는 파일
disable 파일의 경우 룰번호/n 형태로 파일을 작성 할 수 있다.
post-hook: 룰이 변경됬을 경우 실행할 명렁

해당 명령은 cronjob에 추가 할수 있다.

sudo vim /etc/cron.hourly/rulecat.hourly
### Adding the command to rulecat.houly file
#!/bin/bash

/usr/local/bin/idstools-rulecat  --rules-dir /etc/suricata/rules/ --sid-msg-map /etc/suricata/rules/sid-msg.map --disable disable.conf --post-hook "/etc/init.d/suricata restart"

### Adding the execution permission to this file
sudo chmod 755 /etc/cron.hourly/rulecat.hourly

Result

Last download less than 15 minutes ago. Not fetching.
Loaded 21320 rules.
Disabled 48 rules.
Enabled 0 rules.
Modified 0 rules.
Enabled 86 rules for flowbit dependencies.
Writing rule files to /etc/suricata/rules/.
Writing /etc/suricata/rules/sid-msg.map.
Running post-hook as output has been modified.
Running /etc/init.d/suricata restart.
Stopping suricata:  done.
Starting suricata in IDS (af-packet) mode... done.
Done.

Using the let's encrypt for Nginx

2016-07-01T00:00:00-07:00

사전 정보

Web Service: Nginx
Service port: 80(http) / 443(https)
letsencrypt folder: /opt/letsencrypt

인증서 얻기

Client 다운로드

인증서를 얻기 위하여 별도의 letsencyrpt 클라이언트 프로그램을 다운 받아야 한다. 해당 클라이언트는 웹서비스를 하고 있는 대상 서버에 다운을 받는다.

cd /opt
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

사용하고 있는 웹서비스 종료 후 인증서 받기

인증서를 받기 위하여 자체적으로 혹은 기존 사용하고 있는 웹서비스를 이용하여 인증서를 받는다. 여기서는 기존 서비스를 이용하지않고 클라이언트에서 자체 지원하는 standalone 방식으로 인증서를 받을 예정이다.

sudo service nginx stop

letsencrypt-auto 이용하여 인증서 얻기

./letsencrypt-auto certonly --standalone -d www.haginara.net -d cloud.haginara.net -d blog.haginara.net -d wiki.haginara.net -d kanban.haginara.net -d git.haginara.net

인증서를 받은 후에는 아래와 같은 축하 메시지를 받게 된다.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/www.haginara.net/fullchain.pem. Your cert
   will expire on 2016-03-02. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.
 - If like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

위 안내문에서 보듯이 /etc/letsencrypt/live 하위 폴더에 인증서가 위치하게 된다.

설정 파일 사용하여 인증서 얻기

위와 같이 파라미터를 이용하여 인증서를 받을수도 있지만 별도의 설장파일을 만들어 두고 사용 하여도된다.

cli.ini

rsa-key-size = 4096
domains = www.haginara.net, blog.haginara.net, wiki.haginara.net, git.haginara.net, git.haginara.net, cloud.haginara.net
authenticator = standalone

./letsencrypt-auto certonly --config cli.ini

Nginx 서비스에 인증서 적용

ssl_certificate     /etc/letsencrypt/live/www.haginara.net/fullchain.pem
ssl_certificate_ke  /etc/letsencrypt/live/www.haginara.net/privkey.pem

기존 웹서비스 실행

sudo service nginx start

정리

위 작업을 하나의 스크립트로 만들어 보았다.

#!/bin/bash

INI_PATH=/opt/letsencrypt/cli.ini
NGINX_PID=/var/run/nginx.pid

service nginx stop
sleep 2
if [ -f $NGINX_PID ]; then
    service nginx restart
else
    cd /opt/letsencrypt
    ./letsencrypt-auto certonly --config $INI_PATH
    service nginx start
fi

위 스크립트는 이후 인증서 갱신시 크론잡에서 호출 할 예정이다.

인증서 갱신

Let's Encrypt 인증서의 경우 만료기간이 90일이다. 따라서 매 90일 마다 인증서 갱신을 해주어야 한다.

인증서 갱신은 기존 인증서를 새로 발급 받는 절차와 동일하다 단지 이 작업을 90일마다(인증서 만료전) 실행 해 주기위하여 Cronjob으로 설정할 에정이다.

Cron-job

sudo crontab -e

아래와 같이 크론잡을 설정 해준다.

30 03 01 */3 * /opt/letsencrypt/letsencrypt-cron

Welcome