Security – openSUSE Lizards https://lizards.opensuse.org Blogs and Ramblings of the openSUSE Members Fri, 06 Mar 2020 11:29:40 +0000 en-US hourly 1 Encrypted installation media https://lizards.opensuse.org/2017/11/17/encrypted-installation-media/ Fri, 17 Nov 2017 14:21:57 +0000 http://lizards.opensuse.org/?p=12886 Hackweek project: create encrypted installation media
  • You’re still carrying around your precious autoyast config files on an unencrypted usb stick?
  • You have a customized installation disk that could reveal lots of personal details?
  • You use ad blockers, private browser tabs, or even tor but still carry around your install or rescue disk unencrypted for everyone to see?
  • You have your personal files and an openSUSE installation tree on the same partition just because you are lazy and can’t be bothered to tidy things up?
  • A simple Linux install stick is just not geekish enough for you?

Not any longer!

mksusecd can now (well, once this pull request has been merged) create fully encrypted installation media (both UEFI and legacy BIOS bootable).

Everything (but the plain grub) is on a LUKS-encrypted partition. If you’re creating a customized boot image and add sensitive data via --boot or add an add-on repo or autoyast config or some secret driver update – this is all safe now!

You can get the latest mksusecd-1.54 already here to try it out! (Or visit software.opensuse.org and look for (at least) version 1.54 under ‘Show other versions’.

It’s as easy as

mksusecd --create crypto.img --crypto --password=xxx some_tumbleweed.iso

And then dd the image to your usb stick.

But if your Tumbleweed or SLE/Leap 15 install media are a bit old (well, as of now they are) check the ‘Crypto notes’ in mksusecd --help first! – You will need to add two extra options.

This is how the first screen looks then

]]>
Securing SSH (Secure Shell) from attacker https://lizards.opensuse.org/2011/03/22/securing-ssh-secure-shell-from-brute-force-attempts/ Tue, 22 Mar 2011 17:11:04 +0000 http://lizards.opensuse.org/?p=6847 Secure Shell or SSH is a network protocol that allows exchange of data through secure channels between two network devices.

Particularly widely used on Linux and Unix-based system to access your shell, SSHwas designed as a substitute for Telnet and other insecure remote shells, which sentinformation, especially passwords, in the form of simple text that makes it easy to be intercepted. Encryption used by SSH provides confidentiality and integrity of dataover an insecure network like the Internet.

For the Security Server We From Attacks The attacker who usually Always Use SSHAs a door Early Entry Into System To us, of course, become an admin obligation todispel various Efforts That.

There are several ways which ordinary people do to secure SSH from a variety ofattacks which one of them is by editing the file / etc / ssh / sshd_config.

before doing the configuration in the file / etc / ssh / sshd_config make sure SSH isinstalled on your linux distribution, and for openSUSE that I use it already automatically installed.

#vim /etc/ssh/sshd_config

change options, as below :

LoginGraceTime 2m
PermitRootLogin no
MaxAuthTries 3

LoginGraceTime which option is used to give a time limit of user logins, so please change these options according to your wishes.

PermitRootLogin is no option to allow the root user can login to ssh or not to give yes or no value on the options tersebut.sebaiknya give no value, so that users can not loginas root into your ssh.

MaxAuthTries 3 to give the limit on the number of errors allowed when the user logs in,this is very useful to avoid attackers do brute force on the server anda.dimana usersonly allowed to make a mistake typing the password in accordance with that alreadyset on the options.

If you want only certain users who may log into your ssh add AllowUsers option at the end of the line followed by a distinguished user name in the allowed login.

otherwise, you can install software, denyhost, for your ssh security

NB:do not enable the root user, for ssh login

Similarly, a fairly simple tutorial .. hopefully this can be useful.

Best Regards
Saydul Akram
Email : idulk@opensuse.org
]]>
New Package: kpassgen https://lizards.opensuse.org/2009/07/20/new-package-kpassgen/ https://lizards.opensuse.org/2009/07/20/new-package-kpassgen/#comments Mon, 20 Jul 2009 15:20:24 +0000 http://lizards.opensuse.org/?p=1572 Today i’ve released the kpassgen Package in KDE:KDE4:Community. It is planned to publish in Contrib too.Generates a set of random passwords of any length that can include the letter a-z, A-Z any number and symbols.

WARNING: I cannot guarantee the strength of the passwords generated by this program.

TODO:
– Implement drag and droping
– Allow lower case letter to be unselected
– Simple password mode (favours lower case letters)

]]>
https://lizards.opensuse.org/2009/07/20/new-package-kpassgen/feed/ 1
Saschas Backtrace: Interview with Petko D. Petkov on Netsecurify https://lizards.opensuse.org/2008/12/24/saschas-backtrace-interview-with-petko-d-petkov-on-netsecurify/ Wed, 24 Dec 2008 12:13:41 +0000 http://lizards.opensuse.org/?p=329

Petko D. Petkov is one of the founding-members of the Gnucitizen-hacker-network. They work inbetween internet, computers and security and always have very interesting projects going on, for example the “House of Hackers” a social-network for hackers and security experts. The Gnucitizen define themself as “a leading information security think tank, delivering solutions to local, national and international clients“.

Thier latest project is Netsecurify, an automated, webbased, remote testing tool, that enables security-testings of applications. One of the primary goal of the projects is not only to have a pioneering sort-of feeling, but foremost to support low-profit or non-profit organisations to have a robust and stable security-testing tools for free. They think of organisations, that otherwise would not be able to affort security experts and testing. We had a short interview with Petko D. Petkov on Netsecurify, their motivation, software design and overall goals.

What does the tool Netsecurify exactly do?

Netsecurify is a remote, automated, vulnerability assessment tool. The tool follows the SaaS (Software as a Service) model, i.e. it is a service which runs from Amazon’s scalable computing infrastructure. In it’s core, the tool performs several assessments, all based on open source technologies, and also provides recommendations through a flexible recommendation engine. The tool also allows 3rd-party organizations to enhance the reports.

Netsecurify is very simple to use. All the user has to do is to login and schedule a test for a particular network range. Once we approach the specified scheduled data, we run the test. When the test is done, the user is notified via email or by other means which we are working on at the moment. The user then logs in and downloads a copy of the report. For security reasons, the report is destroyed 30 days after it has been completed.

What was your motivation for starting the project?

The primarily motivation for starting this project is to provide free, quality, flexible, automated information security testing tool which can be employed by charity organizations, 3rd world countries, and in general, organizations and companies who cannot afford to spend money on security. Also, a huge motivational factor is the fact that no one has done a project like this. We are the first to do it. 🙂 This is pretty cool.

Who are the people behind the project and how is the project organized (agency, virtual, decentralized)?

Technically speaking, the people behind Netsecurify are GNUCITIZEN. However, we welcome anyone who is interested to join us and help us improve it. Because the testing engine is based on open source technologies which we have glued together and we are continually enhancing, we are planning to contribute back to the community everything that we do and as such close the circle of energy. In theory, this makes the entire security community part of the Netsecurify project.

What is the basic design concept and how do you think will the project develop and evolve?

We have a scalable backend and very easy to use and flexible frontend. In between we have several APIs which allow us to expand the service as we go. The tool hasn’t been just built from scratch. There was a lot of thought and design considerations put into this project before the actual code. We follow the KISS (Keep it Simple Stupid) principle. We find that this approach works quite well for us. In the future we are planning to continue simplifying and enhancing the product.

Do you have other projects planned, that will be coming at us in the future?

We always have. Expect to see more from the GNUCITIZEN team soon.

Thanks to Martin Wisniowsky (mw@node300.com)

Original Link to this Interview: http://digitaltools.node3000.com/5minutes/interview_with_petko_d_petkov_on_netsecurify_testing_tool.php

]]>