May 18

Netdump remotly backup configurations of networked devices

Netdump (https://github.com/olafrv/netdump) is a tool to remotly backup the configuration of networked switches, routers, firewalls and servers using expect php library, git version control and many other Linux utilities.

Features

  • Tested on Ubuntu Linux Server Edition 16.04 LTS (64 bits).
  • Editable templates to backup the following devices:
    • Cisco UCS (SSH trigger FTP/SFTP/TFTP copy).
    • Cisco IOS (SSH/Telnet).
    • Cisco Nexus OS (SSH/Telnet).
    • Fortigate FortiOS (SSH trigger FTP/TFTP copy).
    • Foundry ServerIron (Telnet).
    • Netgear Switches (Telnet).
  • Asisted version control with Git repositories per device.
  • Friendly Web browsing of backups via secured GitWeb interface.
  • SSH client param included to support old devices (Weak protocols).
  • Notification support via PHPMailer (Installed in /usr/share/php).

Jan 19

Stonith Plugin Agent for VMWare VM VCenter SOAP Fencing (Unofficial).

Helpful when stonith version does not include “fence_vmare_soap” plugin agent, some cases are:

  • Canonical Ubuntu Linux 14.04 LTS
  • SUSE Enterprise Linux 11 SP3

Download and documentation at: https://github.com/olafrv/fence_vmware_soap

Plugin Workflow

1. stonithd (Cluster Fencing Daemon)
2. /usr/lib/stonith/plugins/external/fence_vmware_soap (Stonith Plugin Agent)
3. /usr/sbin/fence_vmware_soap (SOAP Fence Request, provided by fence-agents)
4. VMWareVCenter (SOAP Web Service, Authentication, Search, Triggering)
5. VMWare ESXi Hypervisor (Virtual Machine On/Off).

Notice

Right now the plugin not permits declaring two diferent VMWare VCenter
devices for fencing the same list of cluster nodes. But could be tested and
implemented changing the attribute “unique” to “false” for the “hostlist”
parameter in the plugin XML definition schema.

References

For more information, about the stonith plugin agents visit the following links:
– 8.1. STONITH Agents: https://doc.opensuse.org/products/draft/SLE-HA/SLE-ha-guide_sd_draft/cha.ha.agents.html
– External STONITH Plugins: http://www.linux-ha.org/ExternalStonithPl

 

Oct 18

Vulnerabilidad PoodleBleed SSLv3

Poodle, siglas de Padding Oracle On Downgraded Legacy Encryption, es explotado a través de una vulnerabilidad en el protocolo SSLv3 que permite al atacante obtener partes de una conexión “segura” (Ejemplo: HTTPS), evitando cualquier cifrado y obtener todos los datos transferidos en texto legible (Ej. Contraseña Bancaria). Como es un error de diseño global en el propio protocolo SSLv3 no existe parche, la única solución es deshabilitarlo (no usarlo).

https://www.openssl.org/~bodo/ssl-poodle.pdf
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
https://access.redhat.com/articles/1232123
http://www.symantec.com/connect/blogs/ssl-30-vulnerability-poodle-bug-aka-poodlebleed

En líneas generales la mayoría de los navegadores se conectan a los sitios seguros en Internet vía TLS 1.0 no vía SSLv3, sin embargo, en caso de problemas de conexión forzada (Ej. Configuración, Virus, Administrador Malicioso) el tráfico puede ser guardo y analizado para obtener la información fácilmente.

Herramienta de Chequeo de Cliente (Navegador)
https://www.ssllabs.com/ssltest/viewMyClient.html

Herramienta de Chequeo de Servidor (Página)

http://poodlebleed.com/
https://www.ssllabs.com/ssltest/

Solución para Internet Explorer

https://technet.microsoft.com/en-us/library/security/3009008.aspx

Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Internet Explorer

You can disable the SSL 3.0 protocol in Internet Explorer by modifying the Advanced Security settings in Internet Explorer.

To change the default protocol version to be used for HTTPS requests, perform the following steps:

On the Internet Explorer Tools menu, click Internet Options.
In the Internet Options dialog box, click the Advanced tab.
In the Security category, uncheck Use SSL 3.0 and check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2 (if available).
Click OK.
Exit and restart Internet Explorer.

Solución para Firefox

Instalar este Add-On (Es la más fácil hasta que sea liberada la versión 34):

https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

Solución para Google Chrome (Requiere Administrador) y otros navegadores

https://zmap.io/sslv3/browsers.html

Older posts «