🦑more security tips by undercode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 Introduction of commonly used Linux network security tools


1) 　　Although various versions of Linux distribution comes with a lot of free open-source software, but there are still a large number of useful tools are not default.
　
2) 　Included in their installation CDs, there are in particular toolkits that can enhance Linux network security, and most of them are also open source free software.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑　security tips :
instagram.com/undercodeTesting

1) Execute #rpm -ivh sudo * to install, then edit / etc / sudoers file with / usr / sbin / visudo.

2) If the system prompts that you cannot find / usr / bin / vi but you actually have the vi program in the directory / bin, you need
ln -sf / bin / vi / usr / bin / vi creates symbolic links under / usr / bin for vi. (Note: I met on Redhat 6.1, there is no problem on Redhat 5.x)
　　
3) Also, if some other error occurs, you may also need #chmod 700 / var / run / sudo

Here is my / etc / sudoers File example:
[root @ sh-proxy / etc] # more sudoers
Host_Alias ​​SERVER = sh-proxy

# User alias specification

User_Alias ​​ADMIN = jephe, tome

# Cmnd alias specification

Cmnd_Alias ​​SHUTDOWN = / etc / halt, / etc / shutdown, / etc / reboot

🦑ADMIN SERVER = SHUTDOWN
jephe SERVER = / usr / bin / tail -f / var / log / maillog
jephe SERVER = / usr / bin / tail -f / var / log / messages

# User privilege specification
root ALL = (ALL) ALL
-----------

🦑 　Since I often need to log in to the server remotely to observe the changes in the email log file / var / log / maillog, so I added this line to / etc / sudoers, so that I do n’t need to log in frequently as root to complete my daily work, improved safety.


written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Sniffit :


1) sniffit is a well-known network port detector, you can configure it to run in the background to detect which Tcp / ip port user input / output information.

2) The most commonly used function is that an attacker can use it to detect the data transmission on your 23 (telnet) and 110 (pop3) ports to easily get your login password and mail account password. Sniffit is basically used by vandals.

3) Tools, but since you want to know how to enhance the security of your site, first of all you should know the various tools used by intruders.


4) The homepage of sniffit can be downloaded from git , the installation is very easy, just run #tar xvfz sniff * solution in the root directory Open all files to the corresponding directory.

5) You can run sniffit -i to view all input / output information on the specified network interface in an interactive graphical interface.

🦑For example: in order to get the pop3 account and password entered by all users when they receive mail through a certain interface abcd, you can run
#sniffit -p 110 -t abcd &
#sniffit -p 110 -s abcd &
record files in the directory / usr / doc / sniffit * below:

6) The log file is named according to the visitor's IP address, random high-end port number, and the network interface IP address and detection port used for detection. It takes advantage of the inherent weakness of the tcp / ip protocol, because the user name and password information transmitted by ordinary telnet and pop3 are plain text, without any encryption.

7) So for telnet / ftp. You can use ssh / scp instead. The ssh / scp information detected by sniffit is basically a bunch of garbled characters, so you do n’t need to worry about the username and password information sent by ssh being stolen by a third party.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Most oldest and most powerfull tools till nowdays :
fb.com/undercodeTesting

🦑𝕃𝔼𝕋' 𝕊 𝕊𝕋𝔸ℝ𝕋 :

A ) ttysnoop (s)

1) ttysnoop is a program that redirects all input / output of one terminal number to another terminal. At present, the website I know of is http://uscan.cjb.net , but it ca n’t be connected. From other sources, I got ttysnoop-0.12c-5 at https://linux.die.net/man/8/ttysnoop This version does not seem to support shadow password, after installation you need to manually create the directory / var / spool / ttysnoop to test this program is interesting, the following Related instructions:


2) Change the default login login procedure of in.telnetd in /etc/inetd.conf to / sbin / ttysnoops, like this:
[root @ jephe / etc] # more inetd.conf | grep in.telnetd
telnet stream tcp nowait root / usr / sbin / tcpd in.telnetd -L / sbin / ttysnoops

3) After the change, be sure to run killall -HUP inetd to make it effective, make sure not to use shadow passwords, use #pwunconv to prohibit shadow passwords.

4) Then edit the file / etc / snooptab default configuration.
[root @ jephe / etc] # more snooptab
ttyS1 / dev / tty7 login / bin / login
ttyS2 / dev / tty8 login / bin / login
* socket login / bin / login
------

5) finally, if in a terminal Someone logged in (you can use the w command to see which terminal it is on), if the terminal device is ttyp0, then you can log in to the server and type in # / bin / ttysnoop ttyp0 (prompt for the root password, again, the above mentioned This version does not support shadow passwords) to monitor the user's login window.

B) nmap

1) nmap is a tool for port scanning on a relatively large network. It can detect which tcp / ip ports are currently open on the server. You can run it to ensure that unsafe port numbers that should not be opened have been banned.

2) The nmap homepage provides a simple example below at https://nmap.org/
:
[root @ sh-proxy / etc] # / usr / local / bin / nmap public.sta.net .cn

Starting nmap V. 2.12 by Fyodor ( fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on public.sta.net.cn (202.96.199.97):
Port State Protocol Service
21 open tcp ftp
23 open tcp telnet
25 open tcp smtp
109 open tcp pop-2
110 open tcp pop-3
143 open tcp imap2
513 open tcp login
514 open tcp shell
7000 open tcp afs3-fileserver

Nmap run completed-1 IP address (1 host up) scanned in 15 seconds


C) John the ripper


1) in Linux, the password is hash The format is stored, you cannot reversely analyze the password from the hash data table, but you can compare it with a group of words hash, if the same, then guess the password. Therefore, it is very critical to create a password that is difficult to guess. In general, you can never use a word in a dictionary as a password, it is quite easy to guess. In addition, some common regular alphanumeric arrangements cannot be used as passwords, such as 123abc.

2) John the ripper is an efficient and easy-to-use password guessing program whose homepage is athttp://www.openwall.com/john/
download the tar.gz format for UNIX program, and then use tar xvfz john * .tar.gz to unzip to any directory. Enter the src directory, enter make linux-x86-any-elf (I use redhat 6.1) will generate several execution files in the run directory, including the main program john. Now if you want the Crack password, just run ./john / etc / passwd.

3) John can also crack the password generated by htpasswd to verify the apache user. If you create a user user with htpasswd -c apachepasswd user and generate a password, you can also use john apachepasswd to guess. John outputs it on the terminal when guessing the password, and stores the guessed password in the john.pot file.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 what is
> Logcheck ?

1) Logcheck is used to automatically check the system security intrusion events and abnormal activity records A tool that analyzes various Linux log files,

2) such as / var / log / messages, / var / log / secure, / var / log / maillog, etc., and then generates a problem report that may have security problems and automatically sends email to the administrator . You can set it to run automatically on an hourly or daily basis with crond.


3) The homepage of the logcheck tool is at http://logcheck.org/After downloading, use tar xvfz logcheck *

> to unzip to a temporary directory such as / tmp, and then use ./make linux to automatically generate the corresponding files to / usr / local / etc, / usr / local / bin / etc., you may Change settings such as who can send notifications to the mail account, which is sent to root by default, you can set root's mail alias account to a group of people, change the settings to ignore certain types of messages such as plug-gw in your mail log file Because plug-gw does reverse IP lookup,

4) if it can't find it, it records a warning message to / var / log / maillog, logcheck logs all these warnings to you by default, you can ignore them by setting.

5) Use the logcheck tool to analyze all your logfiles, avoiding you from manually checking them every day, saving time and improving efficiency.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 what is
> Logcheck ?

1) Logcheck is used to automatically check the system security intrusion events and abnormal activity records A tool that analyzes various Linux log files,

2) such as / var / log / messages, / var / log / secure, / var / log / maillog, etc., and then generates a problem report that may have security problems and automatically sends email to the administrator . You can set it to run automatically on an hourly or daily basis with crond.


3) The homepage of the logcheck tool is at http://logcheck.org/After downloading, use tar xvfz logcheck *

> to unzip to a temporary directory such as / tmp, and then use ./make linux to automatically generate the corresponding files to / usr / local / etc, / usr / local / bin / etc., you may Change settings such as who can send notifications to the mail account, which is sent to root by default, you can set root's mail alias account to a group of people, change the settings to ignore certain types of messages such as plug-gw in your mail log file Because plug-gw does reverse IP lookup,

4) if it can't find it, it records a warning message to / var / log / maillog, logcheck logs all these warnings to you by default, you can ignore them by setting.

5) Use the logcheck tool to analyze all your logfiles, avoiding you from manually checking them every day, saving time and improving efficiency.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Enhance network security with SYN packet features full by undercode :


1) Consider the following situation: the
internal network is 198.199.1.0, using linux as a router and firewall to connect to the Internet. On the firewall, eth0 connects to the external network and eth1 connects to the internal network.

2) For the security of the www service, set the following set of ipchains rules:

> ipchains -A input -p tcp -s 198.199.1.0/24: 1024 -d 0.0.0.0/0 www -i eth1 -j ACCEPT

> ipchains -A input -p tcp -s 0.0.0.0/0 www -d 198.199.1.0/24 1024: -i eth0 -j ACCEPT

> In the above settings, only internal users are allowed to access www hosts on the Internet through ports above 1024 (undefined port) ; In other words, allow ports greater than 1024 on the intranet host to connect to port 80 on the Internet. Imagine that this will allow hosts on the Internet to use port 80 to connect to a port on your intranet host that is greater than 1024. From this, we see that there is a security risk in the system because there are many service ports that are greater than 1024. So, how to overcome this hidden danger, we can use the characteristics of the SYN package to eliminate this hidden danger.

3) Let us first take a look at the flag bit of the TCP data segment header. There are six flag bits in TCP, namely: URG, ACK, PSH, RST, SYN and FIN. Let's focus on the ACK, SYN and FIN flags.

4) ACK: indicates whether the confirmation number is legal, 1 means legal, and 0 means the confirmation number is invalid. The acknowledgment number refers to the next byte you want to receive instead of the bytes that have been received previously. It can be seen that the ACK of the packet that initiated the connection establishment request (that is, the first packet) is always set to 0, and the subsequent packets are always set to 1.

5) SYN: used to establish a connection. In the connection request, SYN = 1, in the connection request confirmation, SYN = 1. Therefore, SYN stands for CONNECTION REQUEST and CONNECTION ACCEPTED. In subsequent TCP packets, SYN is always set to 0.
FIN: used to cancel the connection.

6) The above can be summarized with the following table:

ACK flag bit SYN flag bit The meaning of the TCP packet
0 1 connection request
1 1 connection request confirmation (accept connection request)
1 0 confirmation connection request confirmation
1 0 data packet
... ...

our so-called SYN packet is a connection request packet. As shown above, the SYN packet has the following characteristics: SYN = 1, ACK = 0, FIN = 0. Therefore, in order to filter connection request packets, it is sufficient to filter out SYN packets.

In ipchains, we can specify the SYN package like this:
-p tcp -s xxxx / x -y

7) If you can define all SYN packages from 192.168.1.0 like this:
-p tcp -s 192.168.1.0/24 -y
we can also Precede -y to define all non-SYN packets:
-P tcp -s xxxx / x! -Y

8) So, in the above example, we can enhance the security of the network like this:

ipchains -A input -p tcp -s 198.199.1.0/24: 1024 -d 0.0.0.0/0 www -i eth1 -j ACCEPT
ipchains -A input -p tcp -y -s 0.0.0.0/0 www -d 198.199.1.0/24 1024:! -i eth0 -j ACCEPT

🦑 This will prohibit the use of hosts on the Internet 80 port to connect to your internal network host A port greater than 1024, so as to achieve the purpose of enhancing network security.

Reference materials:
1. IPCHANIS-HOWTO
2. Internet firewall domain network security
3. Computer network
written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

First Name: Scout
last name: Stagge
Address: 67 Colver Ave
city: Escondido
stat: California
Zip Code: 92026
CC Type: Visa
CC Number: 4815477371374650
CVV2: 275
CC Expiration Date: 2021/07

🦑FloodCRM Invite Code :

> 3b75d14d917a80cd559222d27d44df1d | Telegram : STATUS: 200 OK| 24/04/2020
34631aa2741bf9a95994883c22fe7163 | : STATUS: 200 OK| 24/04/2020
f39c9fd902bd1c1ef71b9173ca8c9629 | Telegram : STATUS: 200 OK| 24/04/2020
36c0f14755f51b3189de2fa254f02fd9 | Telegram : STATUS: 200 OK| 24/04/2020
ec7b286f9f68c8a35dbc6b51d44da952 | Telegram : STATUS: 200 OK| 24/04/2020
17fb0c1e58cdfbe3050422d8db8d299b | Telegram : STATUS: 200 OK| 24/04/2020

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Microsoft Office 365 All Products Activation Keys :

Microsoft Office 365 Activation Key

X2YWD-NWJ42-3PGD6-M37DP-VFP9K
4HNBK-863MH-6CR6P-GQ6WP-J42C9
GPT9W-CWNJK-KB29G-8V93J-TQ429
NK8R7-8VXCQ 3M2FM-8446R-WFD6X
PBTFM-WWN3H-2GD9X-VJRMG-C9VTX
N4M7D-PD46X-TJ2HQ-RPDD7-T28P9
DJC4N-DX7PC-GM3GK-V8KKW-XWYGX
MTDNG-PDDGD-MHMV4-F2MBY-RCXKK
46DNX-B4Q98-PQVPW-Q8VM6-FVR29
GYWDG-NMV9P-746HR-Y2VQW-YPXKK
2MNJP-QY9KX-MKBKM-9VFJ2-CJ9KK
N7PXY-WR4XP-D4FGK-K66JH-CYQ6X
366NX-BQ62X-PQT9G-GPX4H-VT7TX
MH2KN-96KYR-GTRD4-KBKP4-Q9JP9
N2P94-XV8HD-W9MHF-VQHHH-M4D6X

Microsoft Office 365 Pro Plus Product Key

FBFPP-2XG5Y-FG9VH-DVQ2Z-QJRCH
P8TFP-JGFMM-XPV3X-3FQM2-8K4RP
2MHJR-V4MR2-V4Z2Y-72MQ7-KC6XK
H746C-BM4VK-TZBB8-MVZH8-FXR32
KDVQM-HMNFJ-P9PJX-96HDF-DJYGX
366NX-BQ62X-PQT9G-GPX4H-VT7TX
4HNBK-863MH-6CR6P-GQ6WP-J42C9
6KTFN-PQH9H T8MMB-YG8K4-367TX
KBDNM-R8CD9-RK366-WFM3X-C7GXK
MH2KN-96KYR-GTRD4-KBKP4-Q9JP9
2MNJP-QY9KX-MKBKM-9VFJ2-CJ9KK
N4M7D-PD46X-TJ2HQ-RPDD7-T28P9
NK8R7-8VXCQ 3M2FM-8446R-WFD6X

Product Key For Microsoft Office 365

B9GN2-DXXQC-9DHKT-GGWCR-4X6XK
N7PXY-WR4XP-D4FGK-K66JH-CYQ6X
4HNBK-863MH-6CR6P-GQ6WP-J42C9
2MNJP-QY9KX-MKBKM-9VFJ2-CJ9KK
2B8KN-FFK6J-YWMV4-J3DY2-3YF29
XRNFT-HG2FV-G74BP-7PVDC-JB29K
N4M7D-PD46X-TJ2HQ-RPDD7-T28P9
FCMXC-RDWMP-RFGVD-8TGPD-VQQ2X
PBTFM-WWN3H-2GD9X-VJRMG-C9VT
6KTFN-PQH9H T8MMB-YG8K4-367TX
DJC4N-DX7PC-GM3GK-V8KKW-XWYGX
DJD94-DFKD9-FJD94JD894-FJKD94JD
DJKSE-DFJS93-DFJKD94JD-DJKD94JD
6PMNJ-Q33T3-VJQFJ-23D3H-6XVTX
PGD67-JN23K-JGVWW-KTHP4-GXR9G
MT7YN-TMV9C-7DDX9-64W77-B7R4D

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Avast Antivirus Premium Keys :

KEY = 7CF7LL-XNEUUJ-5T46E6 | PLAN = PRODUCT.CLEANUP.CU_PRO

KEY = 5YMQPD-PHMRG2-4ZC46W | PLAN =
AVAST.PREMIUM.SECURITY.FORMER.APR

KEY = BQU8VF-RJSUG2-4ZU48N | PLAN = PRODUCT.CLEANUP.CU_PRO

KEY = JZN5ZS-UGGUBJ-42475E | PLAN = PRODUCT.CLEANUP.CU_PRO

KEY = MRHMCG-99N4BJ-4K45AS | PLAN = AVAST.PREMIUM.SECURITY.FORMER.AIS

KEY = DQ9YTF-FHGR52-5NC6X2 | PLAN = PRODUCT.CLEANUP.CU_PRO

KEY = G8HFMR-JYNLYJ-4K45CJ | PLAN = AVAST.PREMIUM.SECURITY.FORMER.AIS

KEY = DQ9YTF-FHGR52-5NC6X2 | PLAN = PRODUCT.CLEANUP.CU_PRO

KEY = G8HFMR-JYNLYJ-4K45CJ | PLAN = AVAST.PREMIUM.SECURITY.FORMER.AIS

KEY = MGSH5G-YUMUW2-5NC7LW | PLAN = AVAST.PREMIUM.SECURITY.FORMER.AIS

KEY = MCTRLK-PST5S2-4FL82E | PLAN = AVAST.PREMIUM.SECURITY.FORMER.AIS

KEY = 4CV3KU-675QZ2-4Z44TA | PLAN = pro
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁