users in shadow file explanation

this article explain the /etc/shadow

this file content the users information

example of the user data

username -> n1x
password -> $6$UoDmVdoW$tYQQm5uHgOpeEKPygIaQ1GM/0IBbdYVrLHu8ZYF5pT17D3VM.FFKa2wS8J6gqbGKC2IpgImXy7SYVJK9r/fdw.
last date password update since 1970-1-1 -> 16631

you can calculate it simply in python

minmum password age -> 7
maximum password age -> 15
warning days -> 2
inactive days -> 14
expiration date -> 16819

we can list or modify a user by a chage command
example

for setting default config for all users you can use /etc/login.defs

# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 30
PASS_MIN_DAYS 10
PASS_MIN_LEN 10
PASS_WARN_AGE 1

AIDE : Intrusion Detection Environment

this article about Intrusion Detection for file system changes like modification changing owner extra, for critical files or directories in our environment

we using a software called AIDE

Advanced Intrusion Detections Environment
this software base on a library called mhash this lib used to calculate file hashes
and AIDE save the file info inside DB with base64 formate
the information that will be saved depends on the aide configuration file

example of default info for the Linux image file

let’s decode this Continue reading AIDE : Intrusion Detection Environment

removable disk could lead to privilege escalation

privilege escalation Linux with flash disk

removable media with setUID, setGID files could give privilege escalation
example copy nice command to ur flash storage and ask ur friend to print files in his system then run the command
nice like

it will say root

the problem occurs from a mounted partition without noexec,nosuid parameter

enjoy ur automount

and

happy hacking 😉

Persistent mount for luks with unlock Key

creating a encrypted disk with luks

our  Little problem here to mount a encrypted disk  automatically on boot

so no need to enter the pass for mounting but this risky if the machine theft happen because we will use a key inside the system and it will be leaked if our machine stolen

so lets do it first we have to create a key and add it  our partition

to create a key

don’t forget it to set key permission to be 600

Continue reading Persistent mount for luks with unlock Key

Linux Disk Encryption with LUKS

today we going to make an encrypted disk partition

list prepare our partition

I have a new disk in  /dev/sdb

I will create a partition 100 on it with fdisk

Continue reading Linux Disk Encryption with LUKS

RPM integrity and scripts

Yum repository comes with gpg  and md5 support to verify the validity of the package

You can list installed gpg keys in your system via

It will show the unique id for the installed keys in your  system

gpg-pubkey-e8562897-459f07a4
gpg-pubkey-217521f6-45e8a532

To list all information related to a key
rpm -qi pgp-key-unique-id

 

It will show version, vendor  and much more useful for debugging
To verify a package against the  installed keys

U can use parameter  k with rpm

Continue reading RPM integrity and scripts

RedHat Packaging Security with yum

RedHat comes with a mitigated package called RHSA (RedHat security advisory)

This RHSA comes with a unique id  like CVE Contain the date of fix and these type packages  come for the applications that shipped from RedHat

Example RHSA-2015:0291
For listing available updates for application

For quick installation to security batches

Continue reading RedHat Packaging Security with yum