Perform below steps on system dedicated for virtualization:
1. Download Xenserver v6.5.0 ISO and burn to a CD or USB.
2. Access BIOS settings and ensure "Intel Virtualization Technology" is used.
3. Within BIOS settings, change storage boot-up to "Legacy Only". This step was needed to boot from my M.2 drive.
3. Boot to disk/USB and press the 'Enter' key to install.
4. Select keymap "[qwery] us" and press "Ok"
5. Select "Ok" and "Accept EULA"
6. Select drive for XenServer OS (e.g., M.2)
7. Select drives for virtual machine storage and enable thin provisioning. Press "Ok".
8. Select "local media" as installation source and press "Ok".
9. Select "No" to forego supplemental packs installation (optional)
10. Press "Ok" to verify installation source (optional). If verification is successful, a "no problems were found" message appears. Press "Ok" to continue with installation.
11. Enter and verify password.
12. Specify network addressing and press "Ok"
13. Provide hostname and DNS servers, then press "Ok".
14. Select "US" as geographical area and press "Ok".
15. Select timezone.
16. Select "Using NTP" and enter NTP servers followed by clicking "Ok".
17. Select "Install XenServer" to start installation.
18. Press "Skip" you are finished installing supplemental packs. If you are using a DVD-ROM for installation, the disk will eject.
19. Press "Ok" to reboot.
20. If BIOS settings are correct, the "Citrix XenServer" splash screen with progress bar appears followed by the Configuration screen.
Perform these steps on a Linux system in order to manage Xenserver:
1. Install Python-based "OpenXenManager": $ sudo apt-get -y install openxenmanager
2. Launch from CLI: $ openxenmanager &
Wednesday, March 23, 2016
Sunday, March 20, 2016
Docker Setup Guide
This post examines how to quickly setup Docker and incorporate its images from the Docker Hub. Prior to installing, its in your best interest to harden the hosting platform. The Center for Internet Security has a Docker Benchmark guide that is quite useful.
1. Install Docker.
$ apt-get update
$ sudo apt-get install apt-transport-https ca-certificates
$ sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
$ vim /etc/apt/sources.list.d
----paste-----
deb https://apt.dockerproject.org/repo ubuntu-trusty main
----
$ apt-get update
$ apt-get purge lxc-docker
$ apt-cache policy docker-engine
$ sudo apt-get install linux-image-extra-$(uname -r)
$ sudo apt-get install apparmor
$ sudo apt-get install docker-engine
$ sudo service docker start
$ docker ps
2. Verify successful installation: $ sudo docker run hello-world+
3. Allow Specified username to utilize Docker: $ sudo usermod -aG docker <username>
4. Configure Docker Images DNS Settings.
$ sudo vim /etc/default/docker
----paste-----
DOCKER_OPTS="--dns 208.67.220.220 --dns 208.67.222.222"
-----
$ sudo restart docker
5. Upgrade Docker (periodically): $ sudo apt-get upgrade docker-engine
6. Deploy Docker images.
a. Create an Docker Hub account at https://hub.docker.com
b. Once account verification completes, login and select "Explore Respositories" under the "Respositories" tab.
c. Locate a desired docker image and note its "Pull Command", e.g. "docker pull busybox". I also recommend annotating the command used to access its shell, "docker run -it --rm busybox"
d. Deploy Docker image and verify installation: $ sudo docker images
$ docker pull ubuntu
$ docker images
$ docker run -it --rm ubuntu
e. Note: Do NOT forget to change the 'root' account's password and update the Docker host! I also recommend reviewing the output of "# cat /etc/shadow" to ensure there aren't any rogue accounts.
7. Docker addressing.
a. Docker creates its own interface "docker0": $ ifconfig |grep docker
b. You can query the docker image's IP address by name: $ docker inspect <docker_name> |grep IPAddress
c. Docker has its own 172.17.0.0 route: $ netstat -rn
d. Add a route to the Docker IP on any remote host that needs connectivity with the Docker image: $ sudo route add -net 172.17.0.0 netmask 255.255.255.0 <docker_host_IP>
e. Verify a path from the remote host to the Docker image: $ traceroute 172.17.0.2
8. Other images of interest...
a. CentOS
$ docker pull centos
# passwd root
# yum -y update && yum -y upgrade
# exit
b. Python: $ docker pull python
c. BusyBox: $ docker pull busybox
d. SecurityOnion: $ docker pull danielguerra/security-onion
e. Kali Linux:
$ docker pull kalilinux/kali-linux-docker
$ docker run -it --rm kalilinux/kali-linux-docker
# passwd root
# apt-get -y update && apt-get -y install kali-linux-all
f. Snort:
$ docker pull opennsm/snort
$ ./containnsm run -I snort:2.9.8.0 -- snort --version
g. Docker Bench for Security
$ docker pull docker/docker-bench-security
$ docker run -it --net host --pid host --cap-add audit_control -v /var/lib:/var/lib -v /var/run/docker.sock:/var/run/docker.sock -v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label docker_bench_security --rm docker/docker-bench-security
h. PEScanner
$ docker pull remnux/pescanner
$ sudo docker run --rm -it -v ~/workdir:/home/nonroot/workdir remnux/pescanner bash
i. Squid Web Proxy
$ docker pull sameersbn/squid:3.3.8-10
$ docker run -it --rm sameersbn/squid:3.3.8-10
# vim /etc/squid3/squid.conf
j. Also, check out https://hub.docker.com/u/honeynet/
1. Install Docker.
$ apt-get update
$ sudo apt-get install apt-transport-https ca-certificates
$ sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
$ vim /etc/apt/sources.list.d
----paste-----
deb https://apt.dockerproject.org/repo ubuntu-trusty main
----
$ apt-get update
$ apt-get purge lxc-docker
$ apt-cache policy docker-engine
$ sudo apt-get install linux-image-extra-$(uname -r)
$ sudo apt-get install apparmor
$ sudo apt-get install docker-engine
$ sudo service docker start
$ docker ps
2. Verify successful installation: $ sudo docker run hello-world+
3. Allow Specified username to utilize Docker: $ sudo usermod -aG docker <username>
4. Configure Docker Images DNS Settings.
$ sudo vim /etc/default/docker
----paste-----
DOCKER_OPTS="--dns 208.67.220.220 --dns 208.67.222.222"
-----
$ sudo restart docker
5. Upgrade Docker (periodically): $ sudo apt-get upgrade docker-engine
6. Deploy Docker images.
a. Create an Docker Hub account at https://hub.docker.com
b. Once account verification completes, login and select "Explore Respositories" under the "Respositories" tab.
c. Locate a desired docker image and note its "Pull Command", e.g. "docker pull busybox". I also recommend annotating the command used to access its shell, "docker run -it --rm busybox"
d. Deploy Docker image and verify installation: $ sudo docker images
$ docker pull ubuntu
$ docker images
$ docker run -it --rm ubuntu
e. Note: Do NOT forget to change the 'root' account's password and update the Docker host! I also recommend reviewing the output of "# cat /etc/shadow" to ensure there aren't any rogue accounts.
7. Docker addressing.
a. Docker creates its own interface "docker0": $ ifconfig |grep docker
b. You can query the docker image's IP address by name: $ docker inspect <docker_name> |grep IPAddress
c. Docker has its own 172.17.0.0 route: $ netstat -rn
d. Add a route to the Docker IP on any remote host that needs connectivity with the Docker image: $ sudo route add -net 172.17.0.0 netmask 255.255.255.0 <docker_host_IP>
e. Verify a path from the remote host to the Docker image: $ traceroute 172.17.0.2
8. Other images of interest...
a. CentOS
$ docker pull centos
# passwd root
# yum -y update && yum -y upgrade
# exit
b. Python: $ docker pull python
c. BusyBox: $ docker pull busybox
d. SecurityOnion: $ docker pull danielguerra/security-onion
e. Kali Linux:
$ docker pull kalilinux/kali-linux-docker
$ docker run -it --rm kalilinux/kali-linux-docker
# passwd root
# apt-get -y update && apt-get -y install kali-linux-all
f. Snort:
$ docker pull opennsm/snort
$ ./containnsm run -I snort:2.9.8.0 -- snort --version
g. Docker Bench for Security
$ docker pull docker/docker-bench-security
$ docker run -it --net host --pid host --cap-add audit_control -v /var/lib:/var/lib -v /var/run/docker.sock:/var/run/docker.sock -v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label docker_bench_security --rm docker/docker-bench-security
h. PEScanner
$ docker pull remnux/pescanner
$ sudo docker run --rm -it -v ~/workdir:/home/nonroot/workdir remnux/pescanner bash
i. Squid Web Proxy
$ docker pull sameersbn/squid:3.3.8-10
$ docker run -it --rm sameersbn/squid:3.3.8-10
# vim /etc/squid3/squid.conf
j. Also, check out https://hub.docker.com/u/honeynet/
Wednesday, March 16, 2016
Integrating Gmail with Thunderbird, & GnuPG
Here's a quick how-to on integrating GnuPG with Thunderbird and Gmail. Enjoy.
1. Install packages: $ sudo apt-get -y install thunderbird gnupg enigmail
2. Configure Thunderbird
a. Press "Skip this and use existing account."
b. Enter the below information
User Name: username@gmail.com
Email Address: username@gmail.com
Password: <password>
Incoming Mail Server: IMAP imap.gmail.com 993
Outgoing Mail (SMTP) Server: SMTP smtp.gmail.com 465
c. Navigate to ' https://www.google.com/settings/security/lesssecureapps ' and 'Turn on' access for less secure apps. Not too fond of this setting.
3. Verify existence of Enigmail and Restart Thunderbird.
a. Verify existence of Enigmail: Tools > Add-ons > Extensions > Enigmail
b. Close and relaunch Thunderbird.
4. Configure Enigmail:
a. Launch Wizard: Enigmail > Setup Wizard
b. Press "Next" to setup a standard configuration
c. Enter a passphrase and confirm it. Press "Next".
d. Actively use your system in order to generate enough etropy for faster key generation.
e. Select "Create Revocation Certificate" and burn to a disk. Re-enter your passphrase. Save to desired file location and press "OK"
f. Press "OK" and "Finish" to complete configuration.
5. Upload Public Key: Enigmail > Key Management > select key > Keyserver > Upload Public Keyserver > select "pgp.mit.edu"
6. Export public key and secret key to file.
a. File > Export Kyes to File > Export Public Keys Only > select file path > Save
b. File > Export Kyes to File > Export Secret Keys > select file path > Save
c. Burn to CD with the revocation certificate.
7. Sign an email: Write > Attach My Public Key > click "This message will be unsigned and encrypted" > check "Sign Message" > OK
8. Navigate to Thunderbird's "Preferences" > "Account Settings" > "OpenPGP Security" > check "Sign messages by default" and press "Ok".
1. Install packages: $ sudo apt-get -y install thunderbird gnupg enigmail
2. Configure Thunderbird
a. Press "Skip this and use existing account."
b. Enter the below information
User Name: username@gmail.com
Email Address: username@gmail.com
Password: <password>
Incoming Mail Server: IMAP imap.gmail.com 993
Outgoing Mail (SMTP) Server: SMTP smtp.gmail.com 465
c. Navigate to ' https://www.google.com/settings/security/lesssecureapps ' and 'Turn on' access for less secure apps. Not too fond of this setting.
3. Verify existence of Enigmail and Restart Thunderbird.
a. Verify existence of Enigmail: Tools > Add-ons > Extensions > Enigmail
b. Close and relaunch Thunderbird.
4. Configure Enigmail:
a. Launch Wizard: Enigmail > Setup Wizard
b. Press "Next" to setup a standard configuration
c. Enter a passphrase and confirm it. Press "Next".
d. Actively use your system in order to generate enough etropy for faster key generation.
e. Select "Create Revocation Certificate" and burn to a disk. Re-enter your passphrase. Save to desired file location and press "OK"
f. Press "OK" and "Finish" to complete configuration.
5. Upload Public Key: Enigmail > Key Management > select key > Keyserver > Upload Public Keyserver > select "pgp.mit.edu"
6. Export public key and secret key to file.
a. File > Export Kyes to File > Export Public Keys Only > select file path > Save
b. File > Export Kyes to File > Export Secret Keys > select file path > Save
c. Burn to CD with the revocation certificate.
7. Sign an email: Write > Attach My Public Key > click "This message will be unsigned and encrypted" > check "Sign Message" > OK
8. Navigate to Thunderbird's "Preferences" > "Account Settings" > "OpenPGP Security" > check "Sign messages by default" and press "Ok".
Subscribe to:
Posts (Atom)