Updating To OpenSSL 1.0.2g On Ubuntu Server 12.04 & 14.04 LTS To Stop CVE-2016-0800 (DROWN attack)

It was a bit difficult to find any real information on fixing the latest openSSL CVE-2016-0800 (DROWN attack) so I decided to write this quick post on how to update your Ubuntu Server 12.04/14.04 OpenSSL (or any debian-based distro with apache2) to the latest 1.0.2g build to avoid the DROWN/Heartbleed attacks. I’m not going to go into the details of how the exploit works and how it’s exploited as there are many blogs/sites that already go over this. Instead I will only focus on the fix, I have provided 2 methods, a method using cURL or wget.

cURL Method

  1. sudo apt-get install php5-curl (Install cURL library)
  2. sudo apt-get install make (Install compiling library Make)
  3. curl https://www.openssl.org/source/openssl-1.0.2g.tar.gz | tar xz && cd openssl-1.0.2g && sudo ./config && sudo make && sudo make install (single command that will download latest binaries, extract them, cd into the directory, compile configuration and then install the files)
  4. sudo ln -sf /usr/local/ssl/bin/openssl ‘which openssl’ (This will create a sym link to the new binaries)
  5. openssl version -v (Used to check the version of the Current OpenSSL binaries)

wget method

  1. sudo apt-get install make (Install compiling library Make)
  2. wget https://www.openssl.org/source/openssl-1.0.2g.tar.gz (Download the latest OpenSSL 1.0.2g binaries)
  3. tar -xzvf openssl-1.0.2g.tar.gz (Extract the tar ball to the local directory)
  4. cd openssl-1.0.2g (Enter extracted OpenSSL directory)
  5. sudo ./config (Configure binaries for compiling)
  6. sudo make install (install configured binaries)
  7. sudo ln -sf /usr/local/ssl/bin/openssl `which openssl` (This will create a sym link to the new binaries)
  8. openssl version -v (Used to check the version of the Current OpenSSL binaries)

This was tested on both Ubuntu Server 12.04 & 14.04 LTS versions. Questions? Comments?

Updating To PHP 5.4 On Ubuntu Server 12.04 LTS

If you use php web applications then your know a lot are now demanding to be updated to php 5.4 or higher. To do this in Ubuntu 12.04LTS simply do the following…

If you haven’t already used ppa then you will have to first install python software properties, make sure you’re the root user… ( sudo bash )

apt-get install python-software-properties

PHP 5.4.x run:

add-apt-repository ppa:ondrej/php5-oldstable

PHP 5.5.x run:

add-apt-repository ppa:ondrej/php5

Once you’ve added the repo simply update and upgrade current packages & distribution packages with one simple command :)

apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

Checking Total Disk Usage in Ubuntu Or Debian From Terminal

If you need to check how much space is used up on all Filesystems/Drives You can simply run

df -h

Don’t forget to sudo or be root.

Adding “client denied by server configuration” Filter To Fail2Ban: Ubuntu 12.04 LTS

Ok so here is another useful filter for fail2ban. Once this plugin is installed it will prevent malicious visitors from trying to brute-force folder and file discovery. After 5 attempts to visit a non existing file/folder the visitor is banned…

like always… BASH IN! :D

sudo bash

First Lets create a new entry in our jail.local file…

vim /etc/fail2ban/jail.local

 

copy the following text after the last apache entry…

[apache-clientd]
enabled = true
port = http,https
filter = apache-client-denied
logpath = /var/log/apache*/*error.log
maxretry = 5

 

Now that we have added the entry into our jail.local we proceed, change to the filter.d directory, in this folder you will see lots of other pre-configured filters

cd /etc/fail2ban/filter.d

 

instead of creating a new filter file simply copy another, this will make the next step easier…

cp /etc/fail2ban/filter.d/apache-auth.conf /etc/fail2ban/filter.d/apache-client-denied.conf

 

find the line identical to the one below (Line 23)

failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$

 

replace it with the following one.

failregex = [[]client <HOST>[]] client denied by server configuration:

 

At this point your pretty much done, close the file and restart fail2ban

service fail2ban restart

 

Comment if you have questions, like my post if you find it helpful :)

 

 

 

 

Adding “File Does Not Exist” Filter To Fail2Ban: Ubuntu 12.04 LTS

Ok so here is a quick post to a common question… adding a filter to fail2ban for bot/scanners searching for files, folders or simply doing recon which can result in exploit discovery, this filter will automatically block a visitor/bot after 4 attempts to scan for a file that does not exist on your domain/server.

like always… BASH IN! (lol…)

sudo bash

First Lets create a new entry in our jail.local file…

vim /etc/fail2ban/jail.local

 

copy the following text after the last apache entry…

[apache-nofile]
enabled = true
port = http,https
filter = apache-nofile
logpath = /var/log/apache*/*error.log
maxretry = 4

 

Now that we have added the entry into our jail.local we proceed, change to the filter.d directory, in this folder you will see lots of other pre-configured filters

cd /etc/fail2ban/filter.d

 

instead of creating a new filter file simply copy another, this will make the next step easier…

cp /etc/fail2ban/filter.d/apache-auth.conf /etc/fail2ban/filter.d/apache-nofile.conf

 

find the line identical to the one below (Line 23)

failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$

 

replace it with the following one.

failregex = [[]client <HOST>[]] File does not exist:

 

At this point your pretty much done, close the file and restart fail2ban

service fail2ban restart

 

Comment if you have questions, like my post if you find it helpful :)

 

 

 

 

Installing OwnCloud On Ubuntu Server 12.04 With SSL Support

Tired of paying for dropbox services? Why not use owncloud to setup your own personal and secure dropbox for free :)

 

Follow the steps below as root:

 

  1. Bash in to get root access… ( sudo bash ).
  2. Install server dependances ( apt-get install apache2 php5 php5-gd php-xml-parser php5-intl vim-nox ).
  3. Install more server dependances ( apt-get install php5-sqlite php5-mysql php5-pgsql smbclient curl libcurl3 php5-curl ).
  4. Download owncloud source files from http://owncloud.org/sync-clients/#linux
  5. Upload extracted files to your apache root ( default is located at /var/www ), you can install vsftpd server( apt-get install vsftpd )or any other type of ftp server service.
  6. Inside your owncloud root directory create a new folder called “data” ( mkdir data )
  7. For owncloud to configure & work correctly apache needs to be given ownership of certain folders so their is no problem for apache to read and write data inside your website.Run the following commands.
    ( chown -R www-data:www-data /var/www/apps )
    chown -R www-data:www-data /var/www/config )
    chown -R www-data:www-data /var/www/data )Note: Keep in mind that /var/www is just the default root folder of apache yours might be different, just make sure you make the appropriate changes so they point to your apache/web install.

     

  8. Your going to want to enable mod_rewrite ( a2enmod rewrite ).
  9. Restart your apache service ( service apache2 restart )
  10. Create a new database in mysql and call it owncloud, create a new user and password with specific access to the owncloud database. These credentials will be used later in the process.

 

Now lets install our SSL and get it configured correctly:

 

  1. Enable SSL Module ( a2enmod ssl )
  2. Now your going to want to create a directory to store your SSL certs ( mkdir /etc/apache2/ssl )
  3. now lets generate a general cert with the following command ( openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt )

    Note: Your going to be asked a couple of questions after you run this command, answer them as accurate as possible as this will be displayed on your cert when people try to access your site.
  4. Edit default-ssl in sites-available folder in your apache install ( vim /etc/apache2/sites-available/default-ssl ) and comment out lines add the following lines 51 & 52 (use a #).
    Then add the following lines right under
    (

    SSLCertificateFile /etc/apache2/ssl/apache.crt

    SSLCertificateKeyFile /etc/apache2/ssl/apache.key 

    )

     

  5. Finally run ( a2ensite default-ssl )
  6. Restart your apache service ( service apache2 restart )

 

At this point your should be able to visit your box’s url ( https://localhost or https://127.0.0.1 or https://www.yourdomain.com ) and finish installing owncloud with the native install wizard.
Once your install is complete you will be able to download ownclouds own filesync client or you can use a WebDAV client to navigate through your files. You can do the same for your mobile device or tablet.

Securing Apache In Ubuntu Server 12.04

Securing Apache can be different if you have custom modules running,  for this quick note/tutorial I am going to assume that it is a fresh install of Apache or a lamp stack (sudo apt-get install lamp-server^)…

 

bash in… (sudo bash)

as root:

  • Change default apache web root, vim /etc/apache2/sites-available
  • Change default ServerSignature Settings to “Off”, vim /etc/apache2/conf.d/security
  • Change default ServerTokens Settings to “Prod”, vim /etc/apache2/conf.d/security

 

I am sure you can do a lot more to “secure” your apache installation, but this is a good start, it will hide your server information from port scanners and scripts trying to detect what your server version is. This makes it much harder to exploit your box, it’s hard to exploit something you have no idea what its running.
You can also make your default directory your home directory if you wish to encrypt your files. If you want more security I would consider tools to encrypt the entire partition/drive, you can find out more about full disk encryption for uOS Server 12.04 here.

Installing And Securing phpmyadmin In Ubuntu Server 12.04/12.04.2

This post is important because phpmyadmin no longer just works after apt-get install, it requires additional steps to get working.
Aside from these changes, due to recent reports on phpmyadmin being exploited it’s important to secure it, you can do this in a couple of ways but I am going to assume you want access to it via web.

2 Parts

  1. Installation of phpmyadmin
  2. Securing the installation via htaccess
  3. Discussing more secure methods of accessing phpmyadmin

 

Lets begin the install muahahaha…

 

Enter root mode:

sudo bash

 

Install:

apt-get install phpmyadmin

 

Open Apache Config File

vim /etc/apache2/apache2.conf

 

Insert the following line at the very bottom of apache2.conf

Include /etc/phpmyadmin/apache.conf

 

Restart Apache server:

service apache2 restart

 

Securing phpmyadmin from public access to web panel…

 

Edit phpmyadmin’s apache configuration file:

vim /etc/phpmyadmin/apache.conf

 

Under the directory section (<Directory /usr/share/phpmyadmin>), add the line “AllowOverride All” under “Directory Index”:

        <Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        AllowOverride All

 

create .htaccess file in phpmyadmin’s root directory:

vim /usr/share/phpmyadmin/.htaccess

Copy the following into the newly created .htaccess file:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/.htpasswd (make sure you set this path to a secure place outside your web root)
Require valid-user

 

Generate the password file where passwords will be stored for authentication/access to phpmyadmin root

htpasswd -c  /var/.htpasswd username (username should be your username, you will be asked for your password once you execute the command)

 

Restart Apache so updates can take effect:

service apache2 restart

 

If you want this to be more secure then I would suggest rethinking your server/network architecture…

  1. seperate your apache and mysql services into their own box
  2. only have apache server open on port 80 (public) and have it talk to your mysql server locally.
  3. if you need to change something in your database or need to access phpmyadmin I would vpn into your local network and access the mysql/phpmyadmin box.

If you have any questions or comments use the section below :)

NIC Bonding In Ubuntu 12.04/12.04.2 WORKING!

 

 

A REAL setup guide for NIC bonding in Ubuntu Server 12.04/12.04.2 because everyone online sucks at actually posting the correct information, probably due to the current explosion of online “experts” plagiarizing other “experts” online…

This was tested on a HP DL380 with Dual Broadcom NICS.

enter root mode:

sudo bash

 

then install the bonding drivers:

apt-get install ifenslave-2.6

 

edit /etc/network/interfaces

vim /etc/network/interfaces

 

You can pretty much copy the following into interfaces after line 5 # The loopback network interface

################################################

 

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
 bond-master bond0

auto eth1
iface eth1 inet dhcp
 bond-master bond0

auto bond0
iface bond0 inet static
 address 192.168.1.xxx  <----------( Enter Your Actual Server IP )
 netmask 255.255.255.0  <----------( Enter Your Actual Subnet )
 gateway 192.168.1.1     <----------( Enter Your Actual router/gateway IP )
 bond-slaves none
 bond-miimon 100
 bond-mode balance-rr ( Driver Mode )

 

################################################

edit /etc/modules

vim /etc/modules

 

and add bonding under rtc value

loop
lp
rtc
bonding

 

reboot your box or restart network services, Thats pretty much it… questions or comments? Use the comment functionality :)