Sunday, June 8, 2014

XEN Hypervisor & Virtual machine installation Process



Creating Domain-0 which access hardware resource

Following packages must be installed:

apt-get install xen-hypervisor-4.1-amd64
apt-get install xenwatch
apt-get install xen-tools


Now you have installed everything you need to run your dom0. Before you restart your system edit and add the following (rather uncomment)

(xend-unix-server yes)

Next restart your system and pick the xen-kernel from the grub menu (if you want you can edit /etc/default to pick the correct kernel automatically). Now you are good to go.

Simply run or , you will see your system is running.


Creating a domU

Now Here are the steps to create an Ubuntu Lucid guest (domU) using xen-create-image utility, for that follow following steps.


Step1: go to /etc/xen-tools (edit xen-tools.conf or create a new conf file)
Step 2: Configure it as follows


dir = /mnt/xen
install-method = debootstrap
size = 6Gb # Disk image size.
memory = 1024Mb # Memory size
swap = 128Mb # Swap size
# noswap = 1 # Don't use swap at all for the new system.
fs = ext3 # use the EXT3 filesystem for the disk image.
dist = lucid # Default distribution to install.
image = sparse
dhcp = 1
nameserver = IP address of DNS Server
bridge = virbr0
kernel = /boot/vmlinuz-`uname -r`
initrd = /boot/initrd.img-`uname -r`
mirror = http://archive.ubuntu.com/ubuntu
ext3_options = noatime,nodiratime,errors=remount-ro
ext2_options = noatime,nodiratime,errors=remount-ro
xfs_options = defaults
reiserfs_options = defaults
btrfs_options = defaults
boot = 1
passwd = 1
serial_device = hvc0
disk_device = xvda



Step 3: Creating image
xen-create-image –hostname=ubuntulucid

In the middle of the image creation it will ask for the root password, simply put the password you like. Your domain will start automatically”

For Logging
xm console ubuntulucid

For Terminating VM
xm destroy ubuntulucid
For Restarting VM
xm create –c /etc/ubuntulucid.cfg

Posted by at 1 comment:

Shared Resource creation using ISCSI package through LINUX

ISCSI shared storage creation:

ISCSI target:

sudo apt-get install iscsitarget

Open /etc/default/iscsitarget.

vi /etc/default/iscsitarget
... and set ISCSITARGET_ENABLE to true:
ISCSITARGET_ENABLE=true 
 We can use unused logical volumes, image files, 
hard drives (e.g. /dev/sdb), hard drive partitions 
(e.g. /dev/sdb1) or RAID devices (e.g. /dev/md0) for the storage. 
In this example, I will create a logical volume of 20GB named 
storage_lun1 in the volume group vg0:
lvcreate -L15G -n storage_lun1 vg0
(If you want to use an image file, you can create it as follows:
mkdir /storage

dd if=/dev/zero of=/storage/lun1.img bs=1024k count=20000
This creates the image file /storage/lun1.img with a size of 20GB.
)
Next we edit /etc/ietd.conf...
vi /etc/ietd.conf
... and comment out everything in that file. At the end we add the following stanza:
[...]
Target iqn.2014-05.com.example:storage.lun1
        IncomingUser someuser secret
        OutgoingUser
        Lun 0 Path=/dev/vg0/storage_lun1,Type=fileio
        Alias LUN1
        #MaxConnections  6


Now we tell the target that we want to allow connections to the device iqn.2014-05.com.example:storage.lun1 from the IP address 172.31.132.55 (server1.example.com) and 172.31.132.59 (server2.example.com)...
vi /etc/initiators.allow
[...]
iqn.2014-05.com.example:storage.lun1 172.31.132.55, 172.31.132.59
and start the target:
/etc/init.d/iscsitarget start

2.2. ISCSI initiator

sudo apt-get install open-iscsi

Next we open /etc/iscsi/iscsid.conf...
vi /etc/iscsi/iscsid.conf
... and set node.startup to automatic:
[...]
node.startup = automatic
[...]
Then we restart the initiator:
/etc/init.d/open-iscsi restart
Now we connect to the target (iscsi.example.com) and check what storage devices it has to offer:
iscsiadm -m discovery -t st -p 172.31.132.60 (shared resource IP address)
server1:~# iscsiadm -m discovery -t st -p 172.31.132.60
172.31.132.60:3260,1 iqn.2014-05.com.example:storage.lun1

The settings for the storage device iqn.2014-05.com.example:storage.lun1 on 192.168.0.102:3260,1 are stored in the file /etc/iscsi/nodes/iqn.2001-04.com.example:storage.lun1/172.31.132.60 ,3260,1/default. We need to set the username and password for the target in that file; instead of editing that file manually, we can use the iscsiadm command to do this for us:
iscsiadm -m node --targetname "iqn.2014-05com.example:storage.lun1" --portal "172.31.132.60 :3260" --op=update --name node.session.auth.authmethod --value=CHAP
iscsiadm -m node --targetname "iqn.2014-05.com.example:storage.lun1" --portal "172.31.132.60 :3260" --op=update --name node.session.auth.username --value=someuser
iscsiadm -m node --targetname "iqn.2014-05.com.example:storage.lun1" --portal "1172.31.132.60 :3260" --op=update --name node.session.auth.password --value=secret
Now we can log in by running...
sudo iscsiadm -m node --targetname "iqn.2014-05.com.example:storage.lun1" --portal "1172.31.132.60 :3260" --login
Posted by at No comments:

IPSEC Tunnel creation for LINUX using OPENSWAN package


Install Openswan

sudo apt-get install openswan ( or directly running given openswan file)

Disable ICMP send/accept redirects
Note: Look at *, this is your NIC name i.e eth0 or eth1 on which we are going to terminate the VPN.

Disable /proc/sys/net/ipv4/conf/*/send_redirects




[root@localhost ~]#echo 0 >> "/proc/sys/net/ipv4/conf/*/send_redirects"

Disable /proc/sys/net/ipv4/conf/*/accept_redirects

[root@localhost ~]#echo 0 >> "/proc/sys/net/ipv4/conf/*/accept_redirects"

Enable IP Forwarding
[root@localhost ~]#gedit /etc/sysctl.conf
Set: net/ipv4/ip_forward = 1

[root@localhost ~]#sysctl -p

Verify ipsec/openswan

Check if IPSec package is happy with your settings. Mine are copied after VPN was established.
[root@localhost ~]# ipsec verify

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                             [OK]
Linux Openswan U2.6.21/K2.6.18-194.3.1.el5 (netkey)
Checking for IPsec support in kernel                        [OK]
NETKEY detected, testing for disabled ICMP send_redirects   [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets)           [OK]
Checking that pluto is running                              [OK]
Two or more interfaces found, checking IP forwarding        [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                   [OK]
Checking for 'iptables' command                             [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: localhost.localdomain  [MISSING]
Does the machine have at least one non-private address?     [FAILED]
Ignore Opportunistic Encryption DNS Checks Failures

IPsec CONFIGURATIONS

Now we need to configure our linux-vpn, for this we need to edit the ipsec.conf file.

[root@localhost ~]#gedit /etc/ipsec.conf

Insert the following lines in that file accordingly.



config setup
conn connection
type=tunnel
authby=secret
auto=start
pfs=no
ike=aes256-sha1;modp1024!
phase2alg=aes256-sha1;modp1024
aggrmode=no
left=172.31.132.55
right=172.31.132.59
leftsubnet=172.31.128.0/17
rightsubnet=172.31.128.0/17
     

CONFIGURE  Pre Shared Key

ipsec.secrets
172.31.132.55 0.0.0.0: PSK "abcd1234"

Check Status of Tunnel :

[root@localhost ~]# ipsec auto –-status
Start-up a tunnel:
[root@localhost ~]# ipsec auto –up connection
Posted by at No comments:

Inserting tuples in MYSQL database through text file in linux


Use command to login to mysql through terminal

root@hotspot:/home/dell#  mysql -u <user-name> -p --local-infile <somedatabase>;

Enter password:


mysql>use <database-name>;
mysql>LOAD DATA LOCAL INFILE '<file path>' INTO TABLE <table-name>;


NOTE:

Data in file should be in order according to Database table.
Data in file should be separated through tab.
Posted by at No comments:

Friday, June 6, 2014

How to Protect Yourself Online From Identity Theft

The Internet is a big place, which makes it a great platform for identity thieves to get i;American victims per year, it’s important to keep your information secure while online.
But if you spend a lot of time on the Internet and do most of your banking and billing online, putting you at risk, how can you make sure your information won’t fall into the hands of a thief? Check ou the following tips to help lower your risk of falling victim to identity theft.


identity theft How to Protect Yourself Online From Identity Theft


Only Use Secure Networks

Avoid accessing personal information on unsecure networks. At your home, ensure that you’re using a trusted Internet provider and that your network is secure and password protected. If you have personal files on your computer, don’t connect it with unsecure networks in public. If you stick to secure, trusted networks, it’s more difficult for hackers to get ahold of your information.

Check That You’re Using a Trusted Site

One easy way for identity thieves to get ahold of personal information is by having you enter it on an untrustworthy site through phishing scams. Be wary when entering any personal information and make sure that the URL says https:// in the address bar instead of http:// and that you see a padlock icon on the left-hand side of the address bar. Even if you find this information in the address bar, you should research the website beforehand to make sure you can trust it with your information.

Sign Up for Identity Protection Services

Perhaps one of the best ways to protect your identity is by signing up for identity protection services. These services can help by monitoring your accounts and credit score to alert you quick if someone has stolen your identity. They can also prevent theft by scanning your Internet and monitoring your privacy. You can even insure your finances to protect yourself if someone steals your identity. Visit IdentityTheftProtection.org;for more information on different identity protection services.

Secure Your Computer

Another way identity thieves get ahold of information is through installing viruses on your computer. Sometimes these viruses can monitor keystrokes so the thief can gain access to your passwords or other information. Be sure to protect your computer against these attacks by installing anti-virus software, but since some of these programs can be viruses themselves, it’s important that you research the software to find the most trusted and effective program. You may also consider using a personal firewall, which could help keep you virtually invisible online.

Be Wise With Your Passwords

Sometimes a password is all a thief needs to launch an attack. Be wise about your passwords and follow these safety precautions:
  • Avoid writing down your passwords. If you must write them down, keep them in a difficult-to-find place and never save them on your computer.
  • Use different passwords for various accounts, especially for things like bank or credit card accounts.
  • Use complex passwords with a mixture of symbols that can’t easily be traced back to you.
  • Change your passwords often.

Be Careful With Your Email

An email account is not necessarily secure. Don’t send personal information over email, such as social security numbers or bank account numbers. Avoid opening emails from people you don’t know or sites you’re unsure you can trust. Be especially wary of downloading files from email programs since they can come with Trojan viruses, and don’t click on links within an email.

Keep Your Personal Information Personal

As much as you can, attempt to keep your personal information to yourself, even on social media sites. Avoid posting your birthdate, mother’s maiden name, billing companies, or other identifying information where others can easily find it. Even if your profile is private to only you and friends, hackers may be able to find ways around this to view your updates and get ahold of your information.
If you spend a lot of time online, you might find yourself more vulnerable to identity theft, but by following these tips, you can lower your risks.

courtsey: honeytechblog
Posted by at No comments:

What is Computer Hacking ??




What is computer hacking?
In a cyber security world, the person who is able to discover weakness in a system and managed to exploit it to accomplish his goal referred as a Hacker , and the process is referred as Hacking.

Now a days,  People started think that hacking is only hijacking Facebook accounts or defacing websites.  Yes, it is also part of hacking field but it doesn't mean that it is the main part of hacking.

So what is exactly hacking, what should i do to become a hacker?!  Don't worry, you will learn it from Break The Security. The main thing you need to become a hacker is self-interest.  You should always ready to learn something and learn to create something new.


Now , let me explain about different kind of hackers exist in the cyber security world.

Script Kiddie

Script Kiddies are the persons who use tools , scripts, methods and programs created by real hackers.  In a simple word, the one who doesn't know how a system works but still able to exploit it with previously available tools.

White Hat Hacker:
White Hat hackers are good guys who does the hacking for defensing.  The main aim of a Whitehat hacker is to improve the security of a system by finding security flaws and fixing it.  They work for an organization or individually to make the cyber space more secure.

Break The Security only concentrates on white-hat hacking and help you to learn the Ethical Hacking world.

 Black Hat Hacker:
BlackHat hackers are really bad guys , cyber criminals , who have malicious intent.  The hackers who steal money, infect systems with malware,  etc are referred as BlackHat hackers.  They use their hacking skills for illegal purposes.

GreyHat hackers:


The hackers who may work offensively or defensively, depending on the situation. Hackers who don't have malicious intentions but still like to break into third-party system for fun or just for showing the existence of vulnerability.

Hacktivists
The hackers who use their hacking skills for protesting against injustice and attack a target system and websites to bring the justice.  One of the popular hacktivists is Anonymous and RedHack.
Courtsey breakthesecurity
Posted by at No comments:
Subscribe to: Posts (Atom)