Thursday, 16 April 2015

Setting up a PXE-Boot Server WITH HTTP & FTP



you'll need to install the following packages (which ship with FC4 already, so if you did an 'everything' OS install, you should have them already. If not, you can install them easily with yum):
tftp-server
dhcp
httpd
syslinux
If you use yum to install them, then it will be generally alot easier:
yum install tftp-server dhcp httpd syslinux
answer Y to all dependency/installation questions.
DHCP Configurations:Go to  /etc/dhcpd.conf with the following contents:
ddns-update-style interim;
subnet 192.168.7.0 netmask 255.255.255.0 {
range 192.168.7.10 192.168.7.254;
default-lease-time 3600;
max-lease-time 4800;
option routers 192.168.7.1;
option domain-name-servers 192.168.7.1;
option subnet-mask 255.255.255.0;
option domain-name "abc.local";
option time-offset -8;
}
host abc.xyz.local {
hardware Ethernet 08:00:27:47:5E:03 ;
fixed-address 192.168.7.95;
option host-name " abc.xyz.local";
filename "/tftpboot/pxelinux.0";
}

 Next you need to activate tftp within xinetd. All that is neccesary is to change disable=yes to disable=no in /etc/xinetd.d/tftp . Then restart xinetd. For future reference, the tftp RPM for FC4 stores its servable content under /tftpboot.
Now we need to setup your PXE server to use a static IP on the new private subnet. Create the file /etc/sysconfig/network-scripts/ifcfg-eth0.static with the following contents:
DEVICE=eth0
BOOTPROTO=STATIC
ONBOOT=no
TYPE=Ethernet
IPADDR=192.168.7.2
NETMASK=255.255.255.0
GATEWAY=192.168.7.1

 Need to setup the PXE boot environment on the server. To do this, you need to have either the Linux distribution that you wish to install over PXE either in CD format, or all the content of the CDs available on the network.
On the first CD of every RH/FC distribution there is a subdirectory called 'isolinux'. In that directory you will find two files, vmlinuz and initrd.img. These are the kernel & initrd.img that the RH/FC bootable CDs use to get the installer (anaconda) booted for performing the installation. Copy both of those files into /tftpboot and make sure that they are world readable. If you are planning to allow more than one version/distribution to be PXE boot installable, then you should rename both files so that its clear that they are for whatever version/distribution they came from (such as vmlinuz-RHEL4, initrd-RHEL4).
Next, you need the actual pxe boot linux kernel (what is actually run immediately after your PXE boot client box gets a DHCP lease). In this case, that file is pxelinux.0, and is part of the syslinux RPM. For FC4, you can find it at /usr/lib/syslinux/pxelinux.0. Copy that file into /tftpboot and make sure that it is world readable.
Next we need to configure pxelinux. First create the directory /tftpboot/pxelinux.cfg (and make it world readable). Inside that directory you need to create a number of zero size files (use touch):
01-04-4B-80-80-80-03
C
C0
C0A
C0A8
C0A80
C0A800
C0A800F
C0A800FE
01-04-4B-80-80-80-03
The first 8 are the hex representation of the 192.168.0.254 IP address that your PXE boot client will be assigned. The permutations allow a broader IP subnet to be searched first for matches. The last entry is the MAC address of your PXE boot client's NIC (with dashes substituted for the colons), with '01' pre-pended. The "01" at the front represents a hardware type of Ethernet, so pxelinux.0 see's the configuration string as an IP address.
Now create the default pxelinux configuration inside the new file
/tftpboot/pxelinux.cfg/default:
prompt 1
default linux
timeout 100
label linux
kernel vmlinuz
append initrd=initrd.img ramdisk_size=9216 noapic
cpi=off

NFS Configurations:
Copy media @ /var/ftp/pub/RedHat
With 777 permissions on all files in RedHat Directory
Chmod 777 RedHat
Go to /etc/exports and add
/var/ftp/pub/RedHat 192.168.7.0/24(rw,sync)
:wq
Then start nfs service
FTP Configurations:
Start VSFTPD service for FTP
chkconfig vsftpd on
service vsftpd start
HTTPD Configuration:
Vi /etc/httpd.conf
Change document Root to
/var/ftp/pub/RedHat
<Directory /var/ftp/pub/RedHat>
Options Indexes
AllowOverride None
</Directory>
Alias /linux /var/ftp/pub/RedHat
Now Create a virtual Host
<virtual Host *:80>
ServerAdmin admin@system qualified name
DocumentRoot /var/ftp/pub/RedHatServerName System qualified name
Error log logs/system qualified name-error_log
Custom log logs/system qualified name-access_log common
</Virtual Host>

  Now start dhcpd & apache and activate tftp by running the following:
service dhcpd start
service xinetd restart
service httpd startand verify that they are all in your process list.

Thursday, 2 April 2015

Oracle Security at Risk




Oracle Security at Risk: 

Java.net Pwn3d By a White Hat Hacker!

Usually, Big Companies are in a Top-Level in terms of Cyber Security! Unfortunately is not the case of ORACLE, the notorious software-house of Java.


An Information Security Researcher, Christian Galeone - Italy, demonstrated how a Single BIG Security Vulnerability. May represent a Severe Threat to Big Companies and even to their Employees!.

What he has found was a Path Traversal / LFI - Local File Inclusion Vulnerability into Java JDK7 Website!.


After his Exploitation, he noticed that Important Sensible Server-Side Data(s) were contained in it.

The Vulnerability nor only allowed him to display the Web Server Credentials including the R00T Access but into his Vulnerable Source Code they have (wrongly) disclosed more than 460+ Private Email Addresses of their Employees! - is a BIG Issue if you're worried about BlackHat Hackers ;-)



After his finding, he Fastly reported it to their Security Team which fixed it in 1 Single Day and decided to Acknowledge Christian for his Ethical Behaviour by adding him into their Next CPU (Critical Patch Update) for the next roll of 14 April 2015!.

 
106 0 2615


Oracle Security at Risk: 

Java.net Pwn3d By a White Hat Hacker!

Usually, Big Companies are in a Top-Level in terms of Cyber Security! Unfortunately is not the case of ORACLE, the notorious software-house of Java.

An Information Security Researcher, Christian Galeone - Italy, demonstrated how a Single BIG Security Vulnerability. May represent a Severe Threat to Big Companies and even to their Employees!.

What he has found was a Path Traversal / LFI - Local File Inclusion Vulnerability into Java JDK7 Website!.



After his Exploitation, he noticed that Important Sensible Server-Side Data(s) were contained in it.

The Vulnerability nor only allowed him to display the Web Server Credentials including the R00T Access but into his Vulnerable Source Code they have (wrongly) disclosed more than 460+ Private Email Addresses of their Employees! - is a BIG Issue if you're worried about BlackHat Hackers ;-)




After his finding, he Fastly reported it to their Security Team which fixed it in 1 Single Day and decided to Acknowledge Christian for his Ethical Behaviour by adding him into their Next CPU (Critical Patch Update) for the next roll of 14 April 2015!.

- See more at: http://blog.hackersonlineclub.com/2015/04/oracle-security-at-risk-javanet-pwn3d.html#sthash.DaxhYTKj.dpuf

 
106 0 2615


Oracle Security at Risk: 

Java.net Pwn3d By a White Hat Hacker!

Usually, Big Companies are in a Top-Level in terms of Cyber Security! Unfortunately is not the case of ORACLE, the notorious software-house of Java.

An Information Security Researcher, Christian Galeone - Italy, demonstrated how a Single BIG Security Vulnerability. May represent a Severe Threat to Big Companies and even to their Employees!.

What he has found was a Path Traversal / LFI - Local File Inclusion Vulnerability into Java JDK7 Website!.



After his Exploitation, he noticed that Important Sensible Server-Side Data(s) were contained in it.

The Vulnerability nor only allowed him to display the Web Server Credentials including the R00T Access but into his Vulnerable Source Code they have (wrongly) disclosed more than 460+ Private Email Addresses of their Employees! - is a BIG Issue if you're worried about BlackHat Hackers ;-)




After his finding, he Fastly reported it to their Security Team which fixed it in 1 Single Day and decided to Acknowledge Christian for his Ethical Behaviour by adding him into their Next CPU (Critical Patch Update) for the next roll of 14 April 2015!.

- See more at: http://blog.hackersonlineclub.com/2015/04/oracle-security-at-risk-javanet-pwn3d.html#sthash.DaxhYTKj.dpuf