After being awakened much earlier than I had desired this morning, I decided to make the best of the situation and sit down to install VirtualBox in Ubuntu Netbook Edition on my Eee PC 1000H. My main reason for wanting to install VirtualBox on my netbook was simply so I could install BackTrack 4 in a virtual machine running on my netbook for the ultimate portable pentest/security monitoring setup. Of course, running VirtualBox will allow me to create VMs for anything I need going forward. The process I followed to install VirtualBox on my Eee PC is outlined in detail below.
In order to be able to install VirtualBox via my preferred method of using aptitude at the command line, I had to first add the proper repository to my /etc/apt/sources.list. For my particular installation (Ubuntu Maverick), the repository to be added is:
deb http://download.virtualbox.org/virtualbox/debian maverick non-free
Once the repository has been added, the next step is to download and add the Oracle public key via the following command:
ken@hostname:~$ wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc - O- | sudo apt-key add -
The above command will simply return OK if it has completed successfully.
The next step is to update the software repositories, since we added the virtualbox download repository to our sources.list file earlier:
ken@hostname:~$ sudo aptitude update
The final step is to install VirtualBox via aptitude. One note here: I first installed virtualbox-3.2, as directed on the VirtualBox website. It installed successfully, however, when I looked for the VirtualBox application in my applications list, it was nowhere to be found. Curious, I typed 'virtualbox' at the command line and it advised that VirtualBox was not installed, but, I could install virtualbox-ose-qt if I desired. So, I followed the prompt and did just that:
ken@hostname:~$ sudo aptitude install virtualbox-ose-qt
This successfully installed VirtualBox and there was now an application icon for VirtualBox in my applications list. Plus, I could now start VirtualBox from the command line via the 'virtualbox' command.
That's all there is to it! In my next post I'll discuss the process of creating a virtual machine in VirtualBox and installing BackTrack 4 on it for the ultimate in portable pentesting and security auditing.
Monday, December 20, 2010
Tuesday, December 7, 2010
Geeking Out with PortSentry
I have been super busy over the past few months! Thankfully, life seems to be slowing down a bit, but not much. Yesterday, I interviewed for a position as a Support Engineer with FireHost in Plano, TX. The interview went well and the opportunity is a ground-floor opportunity, which is absolutely awesome.
Aside from that, I have been dusting off some of my rusty old Linux sysadmin skills and rebuilding my knowledge and skills in that arena. In addition, I am also dipping my toe into the IT security realm a bit. For now, I am familiarizing myself with some of the more common tools for Intrusion Detection and Forensics. Once I'm comfortable with those tools I'll explore exploitation and cracking.
The first tool I got my hands dirty with is PortSentry. I installed it from the Official Ubuntu Repositories yesterday evening and settled in for what I expected to be a long process of learning how to configure and optimize the portsentry.conf file. As usual, I installed via command line, using the following command:
ken@hostname:~$ sudo aptitude install portsentry
I backed up the default configuration file by running the following commands:
ken@hostname:~$ cd /etc/portsentry/
ken@hostname:~$ sudo cp portsentry.conf portsentry.conf.bak
*Note: I always leave the .bak files I create in place in the event that my custom configuration file ever becomes corrupted, deleted, or otherwise tampered with, thus providing a simple file to restore from.
Then, using an archived article from Linux.com, found at this link: http://linux.omnipotent.net/article.php?article_id=12540&page=-1 I began going through the configuration file one section at a time. To my pleasant surprise, I noticed that during the install, the configuration file was configured automatically. I only had to change two sections, one of which was optional. The first change was as follows.
In the IGNORE OPTIONS section, I changed the default:
BLOCK_TCP="0"
BLOCK_UDP="0"
to the more preferred setting of:
BLOCK_TCP="1"
BLOCK_UDP="1"
The final change I made to the configuration file was to uncomment the message in the PORT BANNER section. It's advised to leave it commented, but I felt better having a warning message display to anyone trying to gain unauthorized access to my home network.
Overall, the installation and configuration for PortSentry was completely painless, and I highly recommend that anyone interested in running a secure Linux system install PortSentry and utilize it as part of their security scheme.
Aside from that, I have been dusting off some of my rusty old Linux sysadmin skills and rebuilding my knowledge and skills in that arena. In addition, I am also dipping my toe into the IT security realm a bit. For now, I am familiarizing myself with some of the more common tools for Intrusion Detection and Forensics. Once I'm comfortable with those tools I'll explore exploitation and cracking.
The first tool I got my hands dirty with is PortSentry. I installed it from the Official Ubuntu Repositories yesterday evening and settled in for what I expected to be a long process of learning how to configure and optimize the portsentry.conf file. As usual, I installed via command line, using the following command:
ken@hostname:~$ sudo aptitude install portsentry
I backed up the default configuration file by running the following commands:
ken@hostname:~$ cd /etc/portsentry/
ken@hostname:~$ sudo cp portsentry.conf portsentry.conf.bak
*Note: I always leave the .bak files I create in place in the event that my custom configuration file ever becomes corrupted, deleted, or otherwise tampered with, thus providing a simple file to restore from.
Then, using an archived article from Linux.com, found at this link: http://linux.omnipotent.net/article.php?article_id=12540&page=-1 I began going through the configuration file one section at a time. To my pleasant surprise, I noticed that during the install, the configuration file was configured automatically. I only had to change two sections, one of which was optional. The first change was as follows.
In the IGNORE OPTIONS section, I changed the default:
BLOCK_TCP="0"
BLOCK_UDP="0"
to the more preferred setting of:
BLOCK_TCP="1"
BLOCK_UDP="1"
The final change I made to the configuration file was to uncomment the message in the PORT BANNER section. It's advised to leave it commented, but I felt better having a warning message display to anyone trying to gain unauthorized access to my home network.
Overall, the installation and configuration for PortSentry was completely painless, and I highly recommend that anyone interested in running a secure Linux system install PortSentry and utilize it as part of their security scheme.
Subscribe to:
Posts (Atom)