Monthly Archives: April 2015

Fail2Ban problems with Debian Stretch

2 Replies

This week The Debian project released “Jessie” (Debian 8.0) as stable. I like to keep my servers a little more ahead of the curve than that, so I upgraded to the new testing branch “Stretch”.

While going through my logs from yesterday and this morning, log checker is awesome, I saw someone hitting my mail server. Normally you only get 1 chance to log in as a non-existent account before Fail2ban kicks in and adds the ip address to my Netfilter iptables jail. This address kept showing up, hour after hour in the logs, and multiple user names.

Looking, I found out that while running, it wasn’t catching all the rules for Fail2ban. I checked the configuration files, and things checked out OK. So I fell back on the old restart the service and see what errors pop.

Continue reading

Home Lab – Lines to the basement

Leave a reply

I currently have 2 lines ran to the basement. One black 15 foot, 1 red 25 foot. I ran the black line last year before the basement flooded in August, but I couldn’t tel you why I did it now. I really don’t remember. I think it was for my old tower. The red line is for the span port. I chose to color code them to make it easier to know what does what.

I used the pre-drilled holes in the floor for some reason the cable provider for who lived here before me drilled 2 holes next to each other. The old cable is still there, the other was empty, and what my provide used. Dropping the black line was quick and easy. The red cable though, was a pain in the butt. I could get it in the hole, but it would get stuck at the bottom edge of the wood. I ended up pulling up a length of coax, and then taping the span cable to it. I then fed it through the hole. That got it down there, then I fed from above instead of pulled because it was a tight fit, and figured pushing would do less damage to the cat5e twisted pairs.

I was thinking it would have been great to have flight line, fish tape, or a pole, but after looking at the head on a fish tape last night, I don’t think that would have worked either.

color code:
Black – switch to switch
white – entertainment
red – span
blue – Firewall to Switch, Switch to Router
green – ISP

I don’t know what color I’m going to use for the PI farm. I was thinking maybe purple.

Home Lab – Changes

Leave a reply

I’ve made changes to the layout of my home lab. This is the current plan, because I can’t afford the Cisco switch I want right now. I also don’t think it’s worth getting a second line to the house, since I plan on moving by October.

The new design is to have my home network and the lab network mixed. I do have one more wireless router I could put in place to isolate the lab, but not going to for right now. If I need to limit things for something, I can always change. It’s also split between 2 floors, which is why there are 2 switches.

Lab Design v2

 

 

 

 

 

 

 

The Single Board Farm is 6 Raspberry Pi B, 4 Raspberry Pi B+, 2 Raspberry Pi 2, and once I can get them, Odroid C1 (probably 2).

Book Review: Meditation for Warriors

Leave a reply

I’ve been studying Martial Arts for around 30 years on. I’ve gotten a couple of other books by Loren W. Christensen, mostly on training and diet. However Meditation For Warriors: Practical Mediation for Cops, Solders, and Martial  Artists is the first one that focused on the mental aspect.

This book is written as a practical guide to focus your mind, giving you a calmer demeanor, and allows you to stay cool, calm, and collected when the stuff hits the fan.

I really like that while it’s geared towards “Warriors” (Police, Soldiers, Martial Artists), it’s a really down to earth book that anyone could read and get a better understanding of meditation. Part of the goal of the book was to give non-practitioners a real world view of the importance of meditation.

Continue reading

Book Review: Personal Digital Securty

Leave a reply

I read Personal Digital Security: Protecting Yourself From Online Crime by Michael Bazzell. I think this book is a good place to start, if someone wants to learn more about computer security.  A seasoned practitioner of Information Security could use this book as a core component to create a great Security Awareness Training program for users.

Mr. Bazzell starts off as if the reader knows very little information on computer security. However by the end of the book, he’s very conversational in tone, and is suggesting the reader shares what he learned.

The book has a building block approach. Not all readers will need to go chapter by chapter. But starting with Chapters 1 and 2, Mr. Bazzell starts a great foundation for the things in the rest of the book. The book starts with protecting your computer, and then your passwords. From there he goes on to show how to protect your online accounts, your data, and your credit cards, your debit and your banking information. Next is about protecting your telephones, cellular and work. Chapters 8 and 9 go in to always connected devices and wireless networking. Chapter 10 talks about how parents can protect their children online.

If your bank accounts  or credit card has been compromised and you want a deeper understanding read this book. If you want to create a Security Awareness Program, start with this book. If you want to get in to Computer Security, this book covers the basics you should already know by the time you walk in to a class room or entry level job.

 

 

Unofficial training at Circle City Con

Leave a reply

I’ll be presenting at Circle City Con this year, on Wireless Intrusion Detection with the Raspberry Pi. I’ve done  some test runs of the talk, and have ended with people wanting to contact me later if they have questions. Mainly if they get stuck. Also one of the comments from the reviewers when I submitted my talk was this would be better as a training class.

After talking to one of the organizers, here is how this is going to work. Currently I’m scheduled to talk on Saturday. After my talk, through the end of the Conference I can be available (as long as I’m not in a training sessions) to use some of the the common / lobby area to work with people wanting to set up the wireless drones, what kismet calls sensors.

Continue reading

home lab – more pfsense work

Leave a reply

Finally got time to pick up from where I left off last time. I’ve had a hard time getting to do lab work. Anyway. I connected my pfSense box to my AT&T U-verse Router Gateway, something I’ve been worried about, and it worked. I was worried because in the past, it would shut down the RG saying there was a network behind network, turn on DMZ Plus mode, and everything would be broken.

Continue reading

home lab – firewall installing pfSesne

Leave a reply

There are lots of good howtos out there to get the system installed. I followed this one, since it was for the same hardware: Build an awesome APU based pfSense Router.

Issues were with the installer software. It took a few tries to figure out I needed to run it as admin, mostly because the screens are all in German (I think). I tried other software (the one I use for the Raspberry Pi stuff) didn’t work.

Booted off the console, used the installer (after I got the right image, can’t use the iso image), and installed it. Next up, getting it on a network to use the Web interface to configure the box. Or use SSH. Maybe just plug in the laptop and see what happens. That’s half the fun anyway, or so I think.

Home Lab – Firewall PC Engine APU1D4 DYI Build

Leave a reply

Got the first firewall for the lab. It is a PC Engine APU1D4 D.Y.I Kit from Netgate. This hardware has been going out of stock constantly. I got the 30 gig flash drive from Amazon, for less. I should have taken pictures as I was building it, but was just excited to be building it.

The good:

  • easy open packaging
  • other than the heat spreader it went together really quickly
  • Online documentation available

The bad:

  • No Instructions in the box
  • The heat spreaders didn’t like to stay on the chips
  • the heat sink move pulling the spreader off with it while putting the bottom on. Didn’t cause problems, but had to stop and reline up the head spreader to the chips (stuck to heat sink).

Continue reading

Getting Real book review

Leave a reply

When I first started doing the book reviews it was because a professor asked me what books I think should be on every Information Security (Information Assurance) student’s bookshelf. One of the books on that original list was Rework by the guys at 37 signals Basecamp. On my bi-annual reading of the book, I noticed they made comment to a previous book called Getting Real. So I ran out and grabbed a copy of it.

It really felt like a draft version of Rework. It was ok. There were some great quotes in the book from people who have used the same frame of thought to make a new company or run a business.

There were parts of the book that countered what I remembered from Rework (remember I read this book every other year), the biggest being how to deal with the competition, and seeing what they do. It felt that the two books were at odds on how to deal with the competition.

I would only recommend this book for the quotes, but think that Rework is the stronger and better of the two books to read.