duminică, 28 februarie 2016

Configure Socks 5 - Dante on Ubuntu

apt-get install gcc+ make build-essential curl autoconf automake libtool autotools-dev dpkg-dev fakeroot
apt-get install dpkg debconf debhelper lintian

wget http://www.inet.no/dante/files/dante-1.4.1.tar.gz
tar -xvf dante-1.4.1.tar.gz
cd dante-1.4.1
mkdir /home/dante
./configure --prefix=/home/dante

if u missing
PAM:               Disabled, security/pam_appl.h missing
apt-get install libpam0g-dev
and rerun the configure command

Libwrap:           Disabled, tcpd.h missing
apt-get install libwrap0 libwrap0-dev
and rerun the configure command

BSD Auth:          Disabled, usable bsd_auth.h not found
apt-get install python-dev
and rerun the configure command

make
make install
The binary will be in /home/dante/sbin/sockd (yes it appears to be called sockd now).

/home/dante/sbin/sockd -v
Dante v1.4.1. Copyright (c) 1997 - 2014 Inferno Nettverk A/S, Norway

vi /home/dante/danted.conf

logoutput: /var/log/socks.log

internal: eth0 port = 1080
external: eth0

method: username
user.privileged: root
user.notprivileged: nobody

client pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}


client block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}

pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}

block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}
#dante-server configuration

Save

Launch danted. -f specifies the configuration file and -D makes it run in the background:
/home/dante/sbin/sockd -f /home/dante/danted.conf -D

Check if it is running:
netstat -tulp

To stop dante:
pkill sockd

Create user who need to login and who will not have shell access.
useradd -s /sbin/nologin phil
passwd phil


Make scripts for starting and stoping dante.

vi /home/dante/start-dante.sh
#!/bin/bash
sleep 10
/home/dante/sbin/sockd -f /home/dante/danted.conf -D

Save
chmod +x /home/dante/start-dante.sh   ( to make executable )

vi /home/dante/stop-dante.sh
#!/bin/bash
/usr/bin/pkill sockd

Save
chmod +x /home/dante/stop-dante.sh   ( to make executable )

Setup to run at boot
crontab -e
@reboot /home/dante/start-dante.sh > /dev/null 2>&1   ( You may have to increase the sleep time, if it does not work. )

vineri, 26 februarie 2016

AWS - EC2 - Change PEM Key

Before starting, save on your instance the key-first-one.pem ( orginal pem file which you get it at configure of the instance first time )

1. From the AWS EC2 Console -> Key Pairs and generate a new key pair (eg: keynew.pem);
Download the generated pem key, and chmod it to 0666

2. Use the new pem key to generate a public key
 $ ssh-keygen -y

 When prompted, enter the path to keynew.pem ( /path/to/keynew.pem ) . This will generate on console not in file
 Touch keynew.pub and paste his content form generated process.

 Tip: Edit keynew.pub and append the key's name so you can identify it easier in the next steps.
 Just append a single space, then a tag/name for the key

3. Add the new public key to your instance

   $ cat /path/to/keynew.pub | ssh -i /path/to/key-firstone.pem user@ip-private-from-aws "cat >> .ssh/authorized_keys"

4. Test the new key by logging in and removing the old/original key

 $ ssh -i /path/to/keynew.pem user@ip-private-from-aws

 $ nano ~/.ssh/authorized_keys

 Find the line containing the "original name" key and remove it.

sâmbătă, 20 februarie 2016

UPGRADE OPENSSL FROM 0.9.X TO OPENSSL 1.0.2 – UBUNTU

apt-get remove –purge openssl libssl-dev
wget https://www.openssl.org/source/openssl-1.0.2f.tar.gz –no-check-certificate
tar -xvzf openssl-1.0.2f.tar.gz
mv openssl-1.0.2f openssl
cd openssl/
nano openssl.ld
OPENSSL_1.0.0 {
global:
*;
local:
*;
};
OPENSSL_1.0.1 {
} OPENSSL_1.0.0;
OPENSSL_1.0.1d {
} OPENSSL_1.0.1;
OPENSSL_1.0.2 {
} OPENSSL_1.0.1d;
./configure -fPIC shared -Wl,–version-script=/root/openssl/openssl.ld -Wl,-Bsymbolic-functions
make
make install
Check your new version
openssl version -a
and add PATH to env
export OPENSSL_INCLUDE_DIR=/usr/local/ssl/include/
export OPENSSL_LIBRARIES=’/usr/local/ssl/lib/libssl.so;/usr/local/ssl/lib/libcrypto.so’
export LD_LIBRARY_PATH=/usr/local/ssl/lib/

— The End —