How To: Netcat – Check for open ports with the command line

NetCat PortKitty Port-checking

When troubleshooting a network integration or any other connection issue in Linux, step one is usually a matter of checking to see if the network port on the other side is even responding.

Netcat -The network Swiss Army knife (Hobbit, not nmap)- is the right tool for the job.

Before we begin, NetCat needs to be installed.

# RHEL / CentOS
~$ yum install nc

# Debian / Ubuntu
~$ apt-get install nc

Once installed, you can invoke Netcat like so:
~$ nc [REMOTE_SERVER] [PORT]

Syntax:
[REMOTE_SERVER] – The server to be checked
[PORT] – The service/port to be checked

 

 


Connection to google.com 443 port [tcp/https] succeeded!

Client side Security, How’s My SSL? (.com)

https

Years ago,

Moxie Marlinspike taught us that web-browser hints such as a “lock icon” in the address bar, didn’t guarantee ciphered communication. Since the website you are visiting still happily falls back to plain http since you, the user, made an effort to not be redirected from a clear to ciphered session… Not really. Man-In-The-Middle is so very unforgiving to its victims.

Even though major websites, the giants, such as Facebook, Google and Micro$oft products such as Outlook.com. Has mitigated this fallback bug somehow. Smaller websites, such as Intranets and self-hosted WordPress blogs, is still vulnerable. Two-factor authentication solves the credentials issue, this is about privacy and information sanity. TLS or not, what cipher am I using anyway?

There is a website, Howsmyssl.com, which tells you what encryption ciphers are currently being used by the browser, in the order the browser sends them. Also, it list common and newly discovered vulnerabilies in the SSL/TLS protocol. What I find particularly interesting, is the cipher suites listed at the bottom of the page. To still see RC4 is getting very tedious…

Lab Time!

Just for fun, I disabled all the insecure ciphers I could find and made TLS1.1 the minimum required TLS version in Mozilla Firefox. For the first two weeks, every https I visited worked fine. Until I had some banking piled up at the end of the month…

Apparently my bank still uses TLS1! Mozilla won’t let me continue! And what’s even more surprising, is that the error message speaks of SSL3? For two protocols with only three years apart, maybe there isn’t much difference?

Nevertheless, I called my banks end-user technical support and explained the issue. And what did they tell me? To use another browser…

Conclusion

With the big scary Internet growing and tighter supervised than ever. Datacenters spinning with almost unlimited capacity, these 90’ts encryption protocols are surely broken. The old reheated excuses for large company’s to not implement https -not enough capacity, bandwidth, offloading etc- don’t apply anymore.

Out with the old, in with the new

 

How To: List what Procs are using the Lib in Linux

LsOF

Find the Procs

After upgrading an important package in Linux -or other Unix variant- that provides a library used by many other processes. Instead of restarting the server for the new lib to take effect, the procs can be restarted -or HUPed- individually.

Before we begin, lsof needs to be installed.
# RHEL / CentOS
~$ yum install lsof

# Debian / Ubuntu
~$ apt-get install lsof

In the following example, we list what processes are using the libcrypto library in Raspbian.
~$ lsof /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 551 root mem REG 179,2 1418532 10074 /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0
ntpd 2321 ntp mem REG 179,2 1418532 10074 /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0
sshd 6643 root mem REG 179,2 1418532 10074 /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0
sshd 6649 meow mem REG 179,2 1418532 10074 /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0
openvpn 30044 nobody mem REG 179,2 1418532 10074 /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0

Next, the affected processes can be restarted:
~$ service [SERVICENAME] restart
~$ systemctl restart [SERVICENAME]
~$ kill -HUP 31337

How To: Encrypt/Decrypt File with OpenSSL

Encryption/Decryption

Encrypt/Decrypt File

When security and integrity of a file is critical, such as with x509 certificates or other important documents, OpenSSL or other variant can be used to secure the file. With strong encryption and -hopefully- a strong password.

OpenSSL is generally available on all UNIX variants, downloadable as an executable for Windows and is also used with many other applications through the LibCrypto library.

If you need help picking a strong password, I’d recommend StrongPasswordGenerator.Com. Never share the password with the receiving party over the same medium as the file transmission. Send it Out-Of-Band over a SMS or Telephone Call or similar.

In the following example, we take a file and encrypt it using AES-256-CBC, protecting it using a password and adding a salt for extra randomness. The output is added to a newly created file.

~$ openssl enc -salt -aes-256-cbc -in TuxPics.tgz -out TuxPics.tgz.enc
enter aes-256-cbc encryption password: q55Tc9Hp68-Ry4d
Verifying - enter aes-256-cbc encryption password: q55Tc9Hp68-Ry4d

The content of TuxFiles.tgz.enc is perceived as a random binary string to EVE when in transit on the open network.

In the next example, we do the reverse action. Decrypting the file using the same password and appending the output to a new file.

~$ openssl enc -aes-256-cbc -d -in TuxFiles.tgz.enc > TuxFiles.tgz
enter aes-256-cbc decryption password: q55Tc9Hp68-Ry4d

In case the file type is not known from the decrytion result (stdout), the “file” command can be used when running Linux.

Example:
~$ file TuxPics
TuxPics: gzip compressed data

Have fun!

How To: Run a Command Quickly on Remote Server using SSH

Linux "Cluster"

When working in a clustered Linux environment containing two or more servers, it is not uncommon to switch back and forth between the hosts. Even if it’s running one command.

SSH is a powerful tool, it can do allot more than act as remote shell or tunnel traffic. One of those features is sending a command string to the server and fetching the output.

Assuming that you have access and privileged user on the remote server, the command works as follows

Example:
~$ ssh user@gamma.example.com "netstat -tulpna|grep -i established"
user@gamma.example.com's password: *****
...Output...

For an even more awesome experience, consider authenticating using ssh-key’s.