Amazon Announces Consolidation of Windows AMIs on EC2

Amazon EC2 no longer differentiates between Amazon EC2 running Windows and Amazon EC2 running Windows with Authentication Services. New and existing Windows instances can now run Authentication Services, such as LDAP and Kerberos, at no additional charge. Additionally, any currently running Windows with Authentication Services instances are now charged the same price as Windows instances.

Existing Windows AMIs will be removed starting October 15. If you need the current version of a Windows AMI, please rebundle your own copy of it.

For more information about Windows instances, go to the Amazon Elastic Compute Cloud Developer Guide or Amazon Elastic Compute Cloud User Guide.

Amazon announcement.

MS SQL Backup Database to Disk

To create a full database backup using Transact-SQL

Execute the BACKUP DATABASE statement to create the full database backup, specifying:

1. The name of the database to back up.
2. The backup device where the full database backup is written.

Example

BACKUP DATABASE AdventureWorks 
TO DISK = 'C:\Backups\AdventureWorks.BAK'

Connecting to Amazon AWS from Windows to a Linux AMI

Connecting from Windows to a Linux Server poses problems for the average person to connect, and use their Windows OS to connect to the Linux Server. For some this is enough to put off people from jumping in, or banging their head against the wall wondering why you cannot simply RDP into the server and where is the Admin Password for the Linux box. We are all used to what we are used to, and for many using a public/private key pair is part of the problem. We are not exposed to this in our daily lives, although with cloud computing via AWS you have to become smart in this process. The instructions at Amazon are not written in plain English and it's hard to find the details.

Here are some handy steps that you can take to get access to your Amazon AWS server (Amazon Web Services) that takes place after you have set up your instance and downloaded your keys. You might want to read this article by Dave Winer to get through the set up of the AMI, downloading your keys and otherwise getting your first AWS instance set up and booted to the point where it is running. This is where this article steps in to help people connect to their Linux server from a Windows Box. For this process, we used the new Windows 7 as our Windows box, and all the software we recommend you download worked great.

When you are building out your system you want to have your instance up and running. You can use any AMI (Amazon Machine Image) that you want to use; in this case we are using the simple LAMP Linux version. You can find the LAMP AMI by searching for “LAMP”. There are some quick GotCha’s that you want to know about before you put a lot of time into an AMI getting it all prepped for what you want to do.

Windows or Linux does not matter, if you terminate the instance there is no way to restart it you will get the no valid actions error. When you terminate an instance you cannot restart it, it is gone, shutdown, lost forever. If you click on Launch, you will be prompted for a new image, regardless of what image you want to restart, so be very careful when you terminate an instance. If you terminate, it will be DOA for life. The image below shows what options you have using the AWS console provided by Amazon (via the Web). Remember, never click on Terminate unless you are completely done with the image and you never want to use it again.

A running Linux instance does not have the “get administrative password” option that Dave talks about in his EC2 for Poets article. With Linux there are some things you have to do to get access. If you search Amazon you will see a ton of words on this subject that again for the average person is a rambling diatribe written by computer geeks for computer geeks. They even offer you a set of tools to download, but if you are running windows many of these tools will not work properly. Here are the tools you need to get started.

Putty – Putty is an SSH terminal client that will tie in with another program that you will download here in a minute. Download PuTTY here.

PuttyGen – You can download this software from the same place you downloaded putty. You will want this program to convert your Amazon Key from Amazon format to PPK format that the next bit of software you will download needs to make the connection to your new Linux server.

WinSCP - WinSCP is a SFTP client and SSH client for Windows. Its main function is the secure file transfer between a local and a remote computer. It uses Secure Shell (SSH) and supports, in addition to Secure FTP, also legacy SCP protocol. You can download the software here.

You should have your private key from Amazon when you first started up your AMI. Find the Private key you downloaded from Amazon, or make another key if you have to. Making a key is very easy, you can use Dave’s article, or follow the directions from Amazon which are less cogent but still follow able.

Start the PuttyGen program as shown below.



Find the key that you made when you made your initial image and click on load. You will get a dialog box that wants you to load your key file that you got from Amazon. Find where you dropped your key file (again probably in downloads). Remember to set your file type to * to see all your files (otherwise it will default to looking for a PPK file, which you do not have yet).

Click on OK when you find and enter your file name. You should see the dialog below that shows the Amazon key was successfully converted from the Amazon format to the PPK format that WinSCP needs to work properly.

Click on OK.

Click on Save Private Key. You really need to save your private key at this point. Remember where you saved your brand new PPK extension key (if you forget where you saved it, search your computer for *.ppk). You have made it through the first hurdle, and now you need to fire up WinSCP.

WinSCP

If you skipped everything else and ended up here, WinSCP is a SFTP client and SSH client for Windows. Its main function is the secure file transfer between a local and a remote computer. It uses Secure Shell (SSH) and supports, in addition to Secure FTP, also legacy SCP protocol. You can download it from Source Forge.

Start (You should find it under start/all programs/WinSCP) WinSCP and you should see this after you have installed it

You only have to enter minimal data here, your host name is your EC2 instance, your user name is Root, leave the password BLANK, and click on the three dots for your private key file. If you do not know what your AWS instance is, you can go back to the AWS console and click on connect, you will get a connect help Secure Shell (SSH) help screen. This screen might look bad, but it has all the information you need for the Amazon instance you want to connect to. The screen below shows you what the help screen looks like.

The “enter the following command line” has a lot of information that you need. You can forget about everything before the “@”, you will not need that. Everything after the @ though is the public DNS that you will need to connect to your Amazon instance. You should copy everything after the @ symbol so that what you have looks like this

ec2-72-44-46-XXX.compute-1.amazonaws.com

This is your host name that you want to put into your WinSCP line for host name. The image below show the WinSCP entry screen with all the data filled out.

You want your WinSCP Login screen to look exactly like this, short of the instance name and the PPK key; yours will be different in terms of what is in the Host Name entry, and where you stored your own Private Key file. Remember that your Private Key file is the key you converted in PuttyGen. Click on Login and you will connect to your Amazon EC2 instance.

The good part is now you can tool around the Linux AMI using a graphical interface, and drag and drop files from your computer to the Amazon AMI that you are using.

In WinSCP on the top command ribbon bar you should see two icons as circled below. To get to the Command Line in Linux (remember this is why you downloaded Putty) you want to click on the two PC’s on the top command ribbon shown below.

This will launch the Putty command shell that will allow you to tool around the Amazon AMI. You need to be familiar with the Linux command line because you can do things here that you cannot do in the graphical interface, like bring up the update programs, tool around the OS to get an idea of where things are, use ps –ef |grep PROGRAM to see what programs are running (great for debugging MySQL), and to launch specific MySQL commands. This is what you should see when you click on the two computers graphic in the screen above.

Here are some discovered issues with the AMI that I built out.

MySQL has no password, it is root followed quickly by a blank password. You need to use the MySQL command line to set a password for this as soon as you can. The MySQL website can help you out setting the password.

The AMI in this instance when you look at the security group in the Amazon Web Services Console automatically opened up port 3306 for world wide access to your MySQL database. You want to take this rule out of the configuration, especially if you do not set a password. This is one excellent and easy way for hackers to get into your MySQL database; you need to fix this before you have the world hit your web site.

If you are interested in just web services you will find the root for HTTP under the home directory.

If you are interested in making sure that your Linux AMI is up to date, you need to use YUM, type in YUM update to update your whole computer or type in YUM update php if you want to make sure you are working with the latest version of PHP. Here is the catch, the YUM repo’s that come with the AMI we were using could not find any updates, and started throwing errors that it could not find any available mirrors. The problem with this is that you cannot update your software, which from a security viewpoint is very bad. If YUM is not finding updates, there are many resources on the internet to help you through this, the problem is that the repo’s that come with the image we were using goes right back to the Fedora repository, which is distressingly empty of updates for known vulnerable software. There are options on where you can go to get updates, but that will be another topic to talk about, updating your shiny new Amazon AMI for security when support is lacking from the people who make the software you are using.

If your program has dependencies on the version of PHP you are using (in my case the version was 5.0.4, and needed 5.1.X) you will have to hack your installation script if it checks the environmental variables for your PHP server. That means stepping through the entire install, and finding the call where it tests the PHP environment and changing that part of the install script. You can edit the file in WinSCP and save it back to the server, just remember what files you had to change (hack) when you get done.

Keywords:
windows amazon keyfile winscp
windows amazon key file winscp
winscp aws command line
winscp to linux ami

How to install BT4 dualboot xp on your HDD without vmware or dvd disks

This tutorial is about 1 SATA drive with 2 partitions, the first one has Windows XP

1. Download BT4 ISO
2. Download UNetbootin

Launch UNetbootin and choose the ISO path and pick your XP hdd C:

It wont delete your files , it will just add a few BT4 installation files, basically it makes it possible to boot your PC into a live CD without using a disc, and you can safley uninstall it when you enter Windows again

After you install BT4 with UNetbootin you can boot into BT4 easily, youĺl be given the choice of XP or BT4.

While in BackTrack click the file on desktop that says install and follow the prompts.  I formated the second partition with ext2 and 10gb swap.

Once complete reboot, but you won't be able to boot into BT yet (the one you installed on second partition not the UNetbootin one on XP partition), so boot into the UNetbootin live cd BT and open a terminal and type the following to fix the grub. Note: you can even use a live cd linux for ubuntu if you have one works the same.

sudo grub

find /boot/grub/stage1

-- you will get info about where BT is installed something like (hd?,?) mine was (hd1,1)

then type

root (hd1,1)

Reboot and enjoy.

BackTrack links

• How to Start Networking in BackTrack 4
• BackTrack 4 Beta Hard Disk Install
• HowTo: Crack WPA with Backtrack 3
• HowTo: Crack WEP with BackTrack 3
• How To Install Backtrack4 Using Grub On Ubuntu
• Backtrack 4 – USB/Nessus Boot with Persistent Changes
• How to make Backtrack 4 boot from USB
• Installing Backtrack 3 to a harddrive
• HowTo: Backtrack 4 (Pre Release) Hard Drive Installation
• Installing Backtrack 3 to a harddrive
• BT4 Install: Simplest way to install BackTrack4
• Backtrack 4 Beta in Windows with VMWare Workstation

Install and Configure Cacti Network Graphing Tool on RedHat / CentOS

How do I install and configure common options to collect SNMP data and various other data (such as system load, network link status, hard disk space, logged in users etc) into an RRD?

From the official project site:

Cacti is a complete frontend to RRDTool, it stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering. There is also SNMP support for those used to creating traffic graphs with MRTG.

Cacti is a network graphing tool which uses MRTG.

Required software

You need to install the following software on RHEL / Fedora / CentOS Linux:

1. MySQL Server : Store cacti data.
2. NET-SNMP server - SNMP (Simple Network Management Protocol) is a protocol used for network management.
3. PHP with net-snmp module - Access SNMP data using PHP.
4. Apache / lighttpd / ngnix webserver : Web server to display graphs created with PHP and RRDTOOL.

Install the software

Login as root user and type the following command to install mysql, apache and php:
# yum install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd

Configure MySQL server

First, set root password:
# mysqladmin -u root password NEWPASSWORD

Create cacti MySQL database

Create a database called cacti, enter:
# mysql -u root -p -e 'create database cacti'

Create a user called cacti with a password called cactipass (or one of your choosing), enter:
# mysql -u root -p

mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'cactipass';
mysql> FLUSH privileges;
mysql> \q

Install snmpd

Type the following command to install net-snmpd
# yum install net-snmp-utils php-snmp net-snmp-libs

Configure snmpd, open /etc/snmp/snmpd.conf
# vi /etc/snmp/snmpd.conf

Append / modify it as follows (see snmpd.conf man page for details):

com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included  .1                               80
access MyRWGroup ""      any       noauth    exact  all    all    none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (configure /etc/snmp/snmp.local.conf)
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

Save and close the file. Turn on snmpd service:
# /etc/init.d/snmpd start
# chkconfig snmpd on

Make sure you are getting information from snmpd:
# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

Sample ouptut:

IP-MIB::ipAdEntIfIndex.10.10.29.68 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.67.yy.zz.eee = INTEGER: 3
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1

Install cacti

First, make sure EPEL repo is enabled. Type the following command to install cacti:
# yum install cacti

Install cacti tables

Type the following command to find out cacti.sql path:
# rpm -ql cacti | grep cacti.sql

Sample output:

/usr/share/doc/cacti-0.8.7d/cacti.sql

Type the following command to install cacti tables (you need to type the cacti user password):
# mysql -u cacti -p cacti < /usr/share/doc/cacti-0.8.7d/cacti.sql

Configure cacti

Open /etc/cacti/db.php file, enter:
# vi /etc/cacti/db.php

Make the following changes:

 
/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "cactipass";
$database_port = "3306";
 

Save and close the file.

Configure httpd

Open /etc/httpd/conf.d/cacti.conf file, enter:
# vi /etc/httpd/conf.d/cacti.conf

You need to update allow from line. Either set to ALL or your LAN subnet to allow access to cacti:

 
#
# Cacti: An rrd based graphing tool
#
Alias /cacti    /usr/share/cacti
 

        Order Deny,Allow
        Deny from all
        Allow from 10.0.0.0/8

 

Another option is create /usr/share/cacti/.htaccess file and password protect the directory. Finally, restart httpd:
# service httpd restart

Setup cacti cronjob

Open /etc/cron.d/cacti file, enter:
# vi /etc/cron.d/cacti

Uncomment the line:

*/5 * * * *     cacti   /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Save and close the file.

Run cacti installer

Now cacti is ready to install. Fire a webbrowser and type the url:
http://your.example.com/cacti/

OR
http://your.server.ip.address/cacti/

Just follow on screen instructions. The default username and password for cacti is admin / admin. Upon first login, you will be force to change the default password.

How do I configure SNMP data collection?

SNMP can be used to monitor server traffic. Once installed login to cacti.
=> Click on Devices
=> Select Localhost
=> Make sure SNMP options are selected as follows:

Fig.01: SNMP configuration

Finally, click on Save button.

How do I create SNMP graphs?

Click on "Create Graphs for this Host" link on top right side.
Select SNMP - Interface Statistics
Select a graph type (such as In/Out bytes with total bandwidth)
Finally, click on Create button.

How do I view graphs?

To view graphs click on Graphs tab. Here is sample graph from one my own box:

Fig.02: Cacti in Action - Memory, CPU and Network Usage

(Fig.02: Cacti in action)

Fig.03: Cacti in Action Disk, Load average and User stats

See also Multi-CPU Utilization Graphing in Cacti.

Backtrack 4 – USB/Nessus Boot with Persistent Changes

This how-to will show you a method for building a USB thumb drive with the following features:

• Persistent Changes – Files saved and changes made will be kept across reboots.
• Nessus and NessusClient installed – Everybody needs Nessus
• Encryption configured (Note: This is not whole drive encryption)

Tools and Supplies

1. A USB thumbdrive – minimum capacity 4GB
2. A Backtrack 3 CDROM, Backtrack 4 DVD or an additional USB thumbdrive  (minimum 2GB) – Used to partition the thumbdrive.
3. Optional: UNetbootin – A tool to transfer an iso image to a USB drive.

Download the Backtrack 4 Pre Release ISO here.

This tutorial is based on booting Backtrack 4 first. This means that you need some form of bootable Backtrack 4 media. This can be a virtual machine, DVD, or USB drive. Use your favorite method of creating a DVD or USB drive or you can use UNetBootin to create the thumb drive.  Below is a screenshot of using UnetBootin to install Backtrack 4 on a USB drive.

It is as simple as selecting the image we want to write to the USB drive, the drive to write it to, and then clicking the ‘OK’ button. Warning: Make sure you pick the correct destination drive.

Partition the USB thumbdrive

The first step is to boot up Backtrack 4.  With the release of Backtrack 4 Final, a 4 GB drive is required if we are going to enable persistence.  For Backtrack 3 and Backtrack 4 Beta, we could get away with a 2GB drive.  We will also need to figure out which drive is our target drive. The following command will show the drives available and you can determine from that which is the new USB drive:

dmesg | egrep hd.\|sd.

We need to partition and format the drive as follows:

1. The first partition needs to be a primary partition of at least 1.5 GB and set to type vfat. Also remember to make this partition active when you are creating it. Otherwise you might have some boot problems.
2. The second Partition can be the rest of the thumb drive.

Below are the steps to take to get the drive partitioned and formatted. These steps are taken from this video on Offensive Security website. A ‘# blah blah‘ indicates a comment and is not part of the command and user typed commands are bolded. One note, we will need to delete any existing partitions on the drive.

fdisk /dev/sda # use the appropriate drive letter for your system
# delete existing partitions. There may be more than one.
Command (m for help): d
Partition number (1-4): 1
# create the first partition
Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-522, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-522, default 522): +1500M
#create the second partition
Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (193-522, default 193):
Using default value 193
Last cylinder, +cylinders or +size{K,M,G} (193-522, default 522):
Using default value 522
# Setting the partition type for the first partition to vfat/fat32
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): b
Changed system type of partition 1 to b (W95 FAT32)
# Setting the partition type for the second partition to Linux
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 83
# Setting the first partition active
Command (m for help): a
Partition number (1-4): 1
Command (m for help): w
# now it is time to format the partitions
mkfs.vfat /dev/sdb1
mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2

Two things to notice above in the format commands; 1) we are using ext3 instead of ext2 and 2) you must include the -L casper-rw portion of the command. Being able to use ext3 is great because of journaling. The -L casper-rw option helps us get around the problem we had where we had to enter the partition name in order to get persistence working. As you will see, that is no longer necessary.  So go ahead and partition and format the drive according the layout above.

Make it a bootable Backtrack 4 USB thumb drive

1. Mount the first partition.
2. Copy the Backtrack files to it.
3. Install grub.

Following are the commands to execute. Again, ‘#’ denote comments and user typed commands are in bold.

# mount the first partition, sda1 in my case.
mkdir /mnt/sda1
mount /dev/sda1 /mnt/sda1
# copy the files, you will need to find where the ISO is mounted on your system.
cd /mnt/sda1
rsync -r /media/cdrom0/* .
# install grub
grub-install –no-floppy –root-directory=/mnt/sda1 /dev/sda

That’s it. We now have a bootable Backtrack 4 USB thumb drive.

Persistent Changes

This is done much differently and more easily than it was in Backtrack 4 Beta or Backtrack 3. First of all, for basic persistence, we don’t have to do anything at all. There is already a menu option that takes care of it for us. Unfortunately, it is only for console mode so we need to make a couple changes.  We want to do the following things:

1. Change the default boot selection to persistent.
2. Set the resolution for our gui.

To do so, do the following. Again, ‘#’ …comment….user typed…blah blah.

cd /mnt/sda1/boot/grub
vi menu.lst

# change the default line below to ‘default 4' and append ‘vga=0×317' (that’s a zero) to the kernel line to set the resolution to 1024×768

# By default, boot the first entry.
default 4
.
.
.
title                Start Persistent Live CD
kernel           /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0×317
initrd            /boot/initrd.gz

:wq

Here is my entire menu.lst file for reference.

# By default, boot the first entry.
default 4
# Boot automatically after 30 secs.
timeout 30

splashimage=/boot/grub/bt4.xpm.gz
title                Start BackTrack FrameBuffer (1024×768)
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0×317
initrd                /boot/initrd.gz
title                Start BackTrack FrameBuffer (800×600)
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0×314
initrd                /boot/initrd800.gz
title                Start BackTrack Forensics (no swap)
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw vga=0×317
initrd                /boot/initrdfr.gz
title                Start BackTrack in Safe Graphical Mode
kernel                /boot/vmlinuz BOOT=casper boot=casper xforcevesa rw quiet
initrd                /boot/initrd.gz

title                Start Persistent Live CD
kernel                /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0×317

initrd                /boot/initrd.gz
title                Start BackTrack in Text Mode
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent textonly rw quiet
initrd                /boot/initrd.gz
title                Start BackTrack Graphical Mode from RAM
kernel                /boot/vmlinuz BOOT=casper boot=casper toram nopersistent rw quiet
initrd                /boot/initrd.gz
title                Memory Test
kernel                /boot/memtest86+.bin
title                Boot the First Hard Disk
root                (hd0)
chainloader +1

Reboot and either select “Start Persistent Live CD” or just wait since we set it to auto-boot to persistent mode. To test it, create a file and reboot again. If your file is still there, everything is golden.

Install Nessus

Download the Ubuntu Nessus and NessusClient packages from nessus.org. The 32-bit 8.10 version worked fine for me.  Again, with Backtrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.

dpkg –install Nessus-4.0.2-ubuntu810_i386.deb

Things used to be a little bit more complicated for the client, but with the release of the pre-final version, it is just as easy as installing as the server.

dpkg –install NessusClient-4.0.2-ubuntu810_i386.deb

Finally it’s time to configure Nessus. Execute each of the following and follow the prompts. My entries are below for fun.

#create server certificate
/opt/nessus/sbin/nessus-mkcert
This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]:US
Your state or province name [none]:Confused
Your location (e.g. town) [Paris]:Somewhere In Time
Your organization [Nessus Users United]:
.
.
.
Congratulations. Your server certificate was properly created.
.
.
# add user
/opt/nessus/sbin/nessus-adduser
Login :Me
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus ‘admin’ user ? (can upload plugins, etc…) (y/n) [n]:y
User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that Me has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login             : Me
Password         : ***********
This user will have ‘admin’ privileges within the Nessus server
Rules             :
Is that ok ? (y/n) [y]y
User added

We want to disable Nessus starting at boot. We are going to do some things a little later than require that Nessus not be running at boot.

/usr/sbin/update-rc.d -f nessusd remove

This command does not remove the Nessus start scripts. It only removes the links that cause Nessus to start at boot time.

The next thing we need to do is register our installation so we can get the plugin feed. You need to go here and request a key. That is a link to the free feed for home use. Use appropriately.

Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.

/opt/nessus/bin/nessus-fetch –register [your feed code here]

When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.0, while the command to start returns quickly, the actual starting of the service may take a minute or two. In many cases, I have actually had to reboot before Nessus started working. You can use netstat -na to check that the server is listening on port 1241.

/etc/init.d/nessusd start
/opt/nessus/bin/NessusClient

Configure Encryption

Since we are using this tool to poke at peoples networks and systems, with permission of course, it is very important that the information we find be protected. To do this, we are going to setup an encrypted volume that will eventually become our home directory.

This can be done with the gui or via command line. We will be using the gui because we need to be able to format the volume with ext3 and, as yet, I have not been able to figure out how to do that via the command line on linux.

You will get a message that the volume was successful created. Click on the ‘OK’ button, then exit the Truecrypt gui, both the ‘Create Volume’ windows and the main windows. We want to be back at the command prompt at this point.

If you want to test the your filesystem, execute the following, note the -k ” is two single quotes, not a double quote:

truecrypt -t -k ” –protect-hidden=no /my_secret_stuff /media/truecrypt1
mount
cd /media/truecrypt1
df .

This will show that the volume is mounted and the amount of disk space you have left. Our next step is to have this volume mounted when we log in. We do this by editing the root user’s .profile file. Add the truecrypt command above to root’s .profile so it looks like this:

# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc
  fi
fi

truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1

mesg n

The next time you reboot you will be asked for the password for the volume and it will be mounted for you.

Now it is time to tweak a few tings

Tweak a few things
The first thing we are going to do is go ahead and configure networking to start at boot time. It’s convenient and easy to disable if we need to. All we have to do is execute the following command.

/usr/sbin/update-rc.d networking defaults

Next thing we want to do is make sure all our tools and the system itself is up-to-date. First execute the following:

apt-get update

This is update the software repository information. Next, execute the this command:

apt-get upgrade

The system will determine if there is anything that needs to be updated and then prompt you to continue. Individual packages can be updated by including the package name after upgrade.
This next bit is interesting and I was surprised it worked. We are going to reset the root user’s home directory during the login process to the mounted truecrypt volume. This will ensure that anything written to the home directory will be encrypted.  The following commands will set this up for us:

cd /media/truecrypt1
rsync -r –links /root/ .
# add the bold lines below
vi /root/.profile

# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
  if [ -f ~/.bashrc ]; then
    . ~/.bashrc
  fi
fi

truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1

export HOME=/media/truecrypt1
export HISTFILE=/media/truecrypt1/.bash_history

cd

mesg n

:wq

The next time you reboot, when you are finally in the system, your home directory will be /media/truecrypt1.
There is one last thing we want to do. We want to change nessus to log to the encrypted volume. This is very easy. The file that controls this is /opt/nessus/etc/nessus/nessusd.conf. We need to create a place for the log files to go. So execute the following

cd /media/truecrypt1
mkdir -p nessus/logs

Once you have done that, edit the /opt/nessus/etc/nessus/nessusd.conf file and change this:

.
.
.
# Log file :
logfile = /opt/nessus/var/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /opt/nessus/var/nessus/logs/nessusd.dump
.
.
.

to this:

.
.
.
# Log file :
logfile = /media/truecrypt1/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /media/truecrypt1/nessus/logs/nessusd.dump
.
.
.

That’s it. You are all done now.

BackTrack links

• BackTrack 4 Beta Hard Disk Install
• HowTo: Crack WPA with Backtrack 3
• HowTo: Crack WEP with BackTrack 3
• How To Install Backtrack4 Using Grub On Ubuntu
• How to install BT4 dualboot xp on your HDD without vmware or dvd disks
• How to make Backtrack 4 boot from USB
• Installing Backtrack 3 to a harddrive
• HowTo: Backtrack 4 (Pre Release) Hard Drive Installation
• Installing Backtrack 3 to a harddrive
• BT4 Install: Simplest way to install BackTrack4

How to make Backtrack 4 boot from USB

In this article we will describe how we can make a USB Bootable drive for Backtrack 4 Linux distribution. The new release is based on Debian/Ubuntu and not on Slackware as it was used to be in earlier versions (Backtrack 3 and below).

In this article the UNetbootin Windows version tool has been used to demonstrate the above scenario.

Requirements:
Minimum USB Drive capacity 1 GB
Format the USB to FAT32

Tools:
http://unetbootin.sourceforge.net/
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso

Workaround:

1. Download BT4 Beta ISO
2. Download UNetbootin to make our usb bootable
3. Run Unetbootin and select bt4-beta.iso for diskimage
4. Select USB Drive letter and click on OK to start making a bootable usb drive

After the creation process finishes restart your machine and boot from the new usb bootable drive created and enjoy Backtrack 4 Beta on your system.

Default Backtrack 4 username is root and password is toor.

Note: Be sure that your install the MBR on the USB drive by executing drive:\boot\bootinst.bat on your USB drive.

Keywords:

backtrack 4 usb thumb drive bootable
backtrack4 usb boot laptop
how to make bt4 bootable from usb

BackTrack links

• How to Start Networking in BackTrack 4
• BackTrack 4 Beta Hard Disk Install
• HowTo: Crack WPA with Backtrack 3
• HowTo: Crack WEP with BackTrack 3
• How To Install Backtrack4 Using Grub On Ubuntu
• How to install BT4 dualboot xp on your HDD without vmware or dvd disks
• Backtrack 4 – USB/Nessus Boot with Persistent Changes
• Installing Backtrack 3 to a harddrive
• HowTo: Backtrack 4 (Pre Release) Hard Drive Installation
• Installing Backtrack 3 to a harddrive
• BT4 Install: Simplest way to install BackTrack4

Glossary of Amazon EC2 terms

Amazon machine image (AMI)
An Amazon Machine Image (AMI) is an encrypted machine image stored in Amazon S3. It contains all the information necessary to boot instances of your software.

Amazon EBS
A type of storage that enables you to create volumes that can be mounted as devices by Amazon EC2 instances. Amazon EBS volumes behave like raw unformatted external block devices. They have user supplied device names and provide a block device interface. You can load a file system on top of Amazon EBS volumes, or use them just as you would use a block device.

Availability Zone
A distinct location within a region that is engineered to be insulated from failures in other Availability Zones and provides inexpensive, low latency network connectivity to other Availability Zones in the same region.

compute unit
An Amazon-generated measure that enables you to evaluate the CPU capacity of different Amazon EC2 instance types.

EBS
See Amazon EBS.

Elastic Block Store
See Amazon EBS.

elastic IP address
A static public IP address designed for dynamic cloud computing. Elastic IP addresses are associated with your account, not specific instances. Any elastic IP addresses that you associate with your account remain associated with your account until you explicitly release them. Unlike traditional static IP addresses, however, elastic IP addresses allow you to mask instance or Availability Zone failures by rapidly remapping your public IP addresses to any instance in your account.

ephemeral store
See instance store.

explicit launch permission
Launch permission granted to a specific user.

group
See security group.

instance store
Every instance includes a fixed amount of storage space on which you can store data. This is not designed to be a permanent storage solution. If you need a permanent storage system, use Amazon EBS.

instance type
A specification that defines the memory, CPU, storage capacity, and hourly cost for an instance. Some instance types are designed for standard applications while others are designed for CPU-intensive applications.

gibibyte (GiB)
a contraction of giga binary byte, a gibibyte is 2^30 bytes or 1,073,741,824 bytes. A gigabyte is 10^9 or 1,000,000,000 bytes. So yes, Amazon has bigger bytes.

image
See Amazon machine image.

instance
Once an AMI has been launched, the resulting running system is referred to as an instance. All instances based on the same AMI start out identical and any information on them is lost when the instances are terminated or fail.

instance store
The disk storage associated with an instance. In the event an instance fails or is terminated (not simply rebooted), all content on the instance store is deleted.

group
Also known as a security group, groups define firewall rules that can be shared among a group of instances that have similar security requirements. The group is specified at instance launch.

launch permission
AMI attribute allowing users to launch an AMI

Linux
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

paid AMI
An AMI that you sell to other Amazon EC2 users. For more information, refer to the Amazon DevPay Developer Guide.

private IP address
All Amazon EC2 instances are assigned two IP addresses at launch: a private address (RFC 1918) and a public address that are directly mapped to each other through Network Address Translation (NAT).

public AMI
An AMI that all users have launch permissions for.

public data sets
Sets of large public data sets that can be seamlessly integrated into AWS cloud-based applications. Amazon stores the data sets at no charge to the community and, like all AWS services, users pay only for the compute and storage they use for their own applications. These data sets currently include data from the Human Genome Project, the U.S. Census, Wikipedia, and other sources.

public IP address
All Amazon EC2 instances are assigned two IP addresses at launch: a private address (RFC 1918) and a public address that are directly mapped to each other through Network Address Translation (NAT).

region
A geographical area in which you can launch instances (e.g., US, EU).

reservation
A collection of instances started as part of the same launch request.

Reserved Instance
An additional Amazon EC2 pricing option. With Reserved Instances, you can make a low one-time payment for each instance to reserve and receive a significant discount on the hourly usage charge for that instance.

security group
A security group is a named collection of access rules. These access rules specify which ingress (i.e., incoming) network traffic should be delivered to your instance. All other ingress traffic will be discarded.

shared AMI
AMIs that developers build and make available for other AWS developers to use.

Solaris
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

snapshot
Amazon EBS provides the ability to create snapshots or backups of your Amazon EBS volumes and store them in Amazon S3. You can use these snapshots as the starting point for new Amazon EBS volumes and to protect your data for long term durability.

supported AMIs
These AMIs are similar to paid AMIs, except that you charge for software or a service that customers use with their own AMIs.

tebibyte (TiB)
a contraction of tera binary byte, a tebibyte is 2^40 bytes or 1,099,511,627,776 bytes. A terabyte is 10^12 or 1,000,000,000,000 bytes. So yes, Amazon has bigger bytes.

UNIX
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

Windows
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

Amazon Elastic Compute Cloud (EC2) Command Line Tools Reference

The Amazon Elastic Compute Cloud Command Line Tools Reference Guide provides the syntax, a description, options, and usage examples for each command line tool. This section describes who should read this guide, how the guide is organized, and other resources related to Amazon Elastic Compute Cloud.

The Amazon Elastic Compute Cloud is occasionally referred to within this guide as simply "Amazon EC2"; all copyrights and legal protections still apply.

View guide here.

Amazon Elastic Compute Cloud
Command Line Tools Reference (straight to the meat and potatoes)

How to install Cacti on Debian or Ubuntu

Cacti is a web based PHP/MySql graphing solution using the RRDtool engine. Classically, it can graph network bandwidthes with SNMP. But in fact, a lot of different graphs can be done with snmp, shell or perl scripts.

Cacti’s strength lies in the fact that it can be installed and used incredibly easily. You don’t need to be a guru or spend tons of hours on the tool to configure it. Even a beginner can use it very quickly. On the very active Cacti forum, you can share “Cacti templates” with other users which can can save you a lot of time. You can very easily add plugins to the Cacti too enabling the possiblility to integrate other free tools like ntop or php weathermap. In our opinion, this is by far the best RRDtool frontend.

For details about how to use Cacti, see the very good Cacti Manual.
RRDtool is a program developed by the Swiss Tobi Oeticker who was already the creator of the famous MRTG. RRDtool is developed using the “C” programming language and it stores the collected data on “.rrd” files.

The number of records in a “.rrd” file never increases, meaning that old records are frequently removed. This implies that one obtains precise figures for recently logged data, whereas figures based on very old data are mean value approximations. By default, you can have daily, weekly, monthy and yearly graphs.
Some of the advantages of RRDtool over MRTG are the following:

• it is much quicker
• it can use negative values
• it can use more than one data source in a graph
• the generated graphes are very customizable
• it can be used by a wide variety of front-ends such as Cacti
• the RRDtool records stored in .rrd files keep the same size and do not increase.

The following programs are needed to run cacti:

• apache2 for the web server
• mysql-server for the database
• php5 for the server-based script
• php5-common
• php5-cgi
• php5-cli
• php5-mysql
• snmp – snmp tools used to collect data to the remote hosts
• rrdtool – a perl script to format collected data to rrdtool files
• php5-gd – the graphical library used by a Cacti plugin named php weathermap

INSTALL PROGRAMS
Use apt-get to install the programs
#apt-get install apache2
#apt-get install mysql-server
#apt-get install php5
#apt-get install php5-common
#apt-get install php5-cgi
#apt-get install php5-cli
#apt-get install php5-mysql
#apt-get install snmp
#apt-get install rrdtool

INSTALL CACTI WITH APT-GET (recommanded)

#apt-get install cacti

You will have to configure the mysql settings through a little wizard.

At the end of the tutorial, a mysql database and user named cacti will be automatically created.

Now Cacti is ready to be used via: http://localhost/cacti The default login and password are admin.
Cacti will check if all the required tools are correctly installed.

Initial Cacti Configuration
Select "New Install"

Verify the required tools are correcty seen by cacti

Note that the poller.php script which send the requests to the remote hosts is lauched by the apache2 user, it means www-data.

To reconfigure cacti, use the following command:

#dpkg-reconfigure cacti

If you want to activate the poller manually run:

#/usr/share/cacti/site/php5 poller.php

Sometimes you need to activate it the first time, then it should run automatically every 5 minutes by default.

rrdtool install on debian

See also Multi-CPU Utilization Graphing in Cacti.