| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 117640 | 2011-04-27 07:41:00 | Linux people - feedback please | Erayd (23) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1197698 | 2011-04-27 13:43:00 | Also, botnets don't just build themselves .... :thumbs:Haha, are you suggesting that I'm using this script as a vector to build myself a botnet :devil? :pf1mobmini: |
Erayd (23) | ||
| 1197699 | 2011-04-27 19:39:00 | Something to also consider; will posting link to their complete logs compromise the security of their system? | Jen (38) | ||
| 1197700 | 2011-04-27 20:21:00 | Something to also consider; will posting link to their complete logs compromise the security of their system?Practically speaking, not unless they're running something that logs credentials to syslog (and nothing should do that). That said, I might add an expiry feature to it so their system information isn't sitting on the net for the next twenty years. :pf1mobmini: |
Erayd (23) | ||
| 1197701 | 2011-04-27 23:35:00 | Practically speaking, not unless they're running something that logs credentials to syslog (and nothing should do that). That said, I might add an expiry feature to it so their system information isn't sitting on the net for the next twenty years. :pf1mobmini: Well done. I have quite a lot to learn having had a look at the results.:D |
mikebartnz (21) | ||
| 1197702 | 2011-04-28 07:17:00 | Practically speaking, not unless they're running something that logs credentials to syslog (and nothing should do that). That said, I might add an expiry feature to it so their system information isn't sitting on the net for the next twenty years. :pf1mobmini: Is it perhaps worthwhile obfuscating things like hostnames and IP addresses? My experimentation was all done in a throwaway EC2 instance so I didn't care if that information was posted, but I would be much more cautious on other environments that are more important. Since you're capturing information like firewall information, it could identify a user who has a very poorly secured system and tell a would-be hacker just how easy it will be to get in. |
somebody (208) | ||
| 1197703 | 2011-04-29 05:30:00 | very nice tool, keep in mind that I am a unix dude NOT a linux admin so take this with a gran of salt. a few random thoughts.... not sure I am a fan of just "magically running code off the internet" as root. but then again many people do this every day.... your code could use more error checking and more comments. this assumes that you want people to be reading your code :-) for your system version code I would have expected a "uname -a" your script assumes file locations a lot.... I don't have my samba.conf in /etc/samba is there more of a standard in the linux world? should you be reporting on OS patching? how about packages installed? also you may have security issues in your server side /trace.php what stops me uploading rubbish till your server runs out of space? |
robsonde (120) | ||
| 1197704 | 2011-04-29 05:39:00 | Is it perhaps worthwhile obfuscating things like hostnames and IP addresses? My experimentation was all done in a throwaway EC2 instance so I didn't care if that information was posted, but I would be much more cautious on other environments that are more important. Since you're capturing information like firewall information, it could identify a user who has a very poorly secured system and tell a would-be hacker just how easy it will be to get in.Good point, although would there be any point in that? I'm not sure how much use it would be to have IP addresses that didn't actually match, and obfusicating it in a way that preserves subnetting is nore effort that I want to go to. | Erayd (23) | ||
| 1197705 | 2011-04-29 06:01:00 | ...not sure I am a fan of just "magically running code off the internet" as root. but then again many people do this every day....Haha, I'm not a fan of it either, and would never do such a thing on my own system without reading the code first. That said, I have no problem with *writing* such code, especially when it makes my life easier - it basically comes down to whether the person running it trusts me not to use it for nefarious purposes. your code could use more error checking and more comments. this assumes that you want people to be reading your code :-)Absolutely - this is just something I threw together very quickly to help someone who just wasn't understanding what I wanted them to do, and I cared more about speed than code that looked nice or handled every possible error case. Posting it to PF1 was an afterthought. That said, cleaning it up a bit would definitely be a good idea. Re the commenting - what isn't clear about what's already there? There's nothing left uncommented that isn't obvious (maybe my definition of obvious doesn't match yours?) - so I could use a hand pointing out what you think needs clarifying. ...for your system version code I would have expected a "uname -a"...And uname -a is exactly what you'll find - see line 95. Note that uname only returns kernel info though, /proc/version contains more than that. ...your script assumes file locations a lot....Yep - it was initially written to target a specific Debian system. Debian's also what I'm most familiar with, and I don't have many other systems around to check file locations on, so if you know of ones I've missed, please sing out. I don't have my samba.conf in /etc/samba is there more of a standard in the linux world?Good point, this often lives directly in /etc. Is this where yours is, or is yours elsewhere? should you be reporting on OS patching?Possibly, but is doing so really such a smart idea? I was intending this script for clueless desktop users, not for servers, but if someone did happen to run it on a server then listing the versions of installed software seems like asking for trouble, especially noting exploits are often version-specific. ...how about packages installed?Good idea, I'll add this. also you may have security issues in your server side /trace.php...Such as what? I'm pretty confident there aren't any, but I'd love to hear what made you suspicious. ...what stops me uploading rubbish till your server runs out of space?The VM it runs in has an enforced disk quota; the only thing it's going to affect will be itself. The script itself has no specific guards against this, but it would be a pretty pointless DOS - all you'd be able to do is take trace hosting offline until either the cleanup cronjob ran, or I noticed and cleared it out. |
Erayd (23) | ||
| 1197706 | 2011-04-29 07:04:00 | my samba.conf is down under /opt/samba/lib ( but i am a bit strange.) most often I see samba.conf directly in /etc and as for my thought on server side issues, it's nothing more than i know server side can have many issues, and people often get it wrong. would you feel OK with posting server side code here? good work overall, nice to see free tools that make the world a better place. |
robsonde (120) | ||
| 1197707 | 2011-04-29 07:11:00 | my samba.conf is down under /opt/samba/lib ( but i am a bit strange.)That is indeed a funny place :p. ...and as for my thought on server side issues, it's nothing more than i know server side can have many issues, and people often get it wrong. would you feel OK with posting server side code here?Fair enough - I have no problem with posting the server side of things here: <?php if(isset($_POST['lintrace_log'], $_POST['lintrace_err'], $_POST['lintrace_out'])) { $hash = md5(microtime() . rand()); file_put_contents( "trace/$hash", sprintf( "=== LOG ===\n%s\n\n=== ERRORS ===\n%s\n\n=== OUTPUT ===\n%s", base64_decode($_POST['lintrace_log']), base64_decode($_POST['lintrace_err']), base64_decode($_POST['lintrace_out']) ) ); echo("lintrace.erayd.net); } ?> good work overall, nice to see free tools that make the world a better place.Thanks :). |
Erayd (23) | ||
| 1 2 3 4 5 6 | |||||