AdSense

Friday, September 1, 2017

2 - Linux Security: secure update of package sources and repositories


SECURE UPDATE OF PACKAGE SOURCES AND REPOSITORIES

- In this exercise a Linux Debian server is used:

1 - Package sources and repositories

 - From the security perspective it is very important to keep all pakckages updated to its most recent versions in order to reduce vulnerabilities. 

 - The sources.list file included in the folder /etc/apt/ lists the sources from where Linux (Debian in this case) updated packages can be obtained.

 - The format for the entries in the file sources.list is as follows:

 a) archive type: the first word on each line, deb or deb-src, indicates the type of archive. Deb indicates that the archive contains binary packages (deb), the pre-compiled packages that we normally use. Deb-src indicates source packages, which are the original program sources plus the Debian control file (.dsc) and the diff.gz containing the changes needed for packaging the program.

 b) repository URL: the next entry on the line is a URL to the repository where to download the packages from. A Debian repository is a set of Debian binary or source packages organized in a special directory tree and with various infrastructure files - checksums, indices, signatures, descriptions translations, ... - added. Client computers can connect to the repository to download and install the packages using an Apt-based package management tool. The main list of Debian repository mirrors is here:

 https://www.debian.org/CD/http-ftp/#mirrors

 c) distribution: the 'distribution' can be either the release code name / alias (jessie, stretch, buster, sid) or the release class (oldstable, stable, testing, unstable) respectively. If you mean to be tracking a release class then use the class name, if you want to track a Debian point release, use the code name. For example, if you have a system running Debian 9.1 "stretch" and don't want to upgrade when Debian buster releases, use 'stretch' instead of 'stable' for the distribution. If you always want to help test the testing release, use 'testing'. If you are tracking buster and want to stay with it from testing to end of life, use 'buster'.

 d) Component: there are three types of components:

 i) main: All free software that follows the DFSG (Debian Free Software Guidelines). These are the only packages considered part of the Debian distribution.
ii) contrib: Free software that follows DFSG but depends on non-free software.
iii) non-free: All kinds of non-free software that doesn't follow the DFSG.
- For further information:

 https://wiki.debian.org/SourcesList
https://wiki.debian.org/DebianRepository
2 - Updating sources.list

- Now, let's add a trustful source just editing a line of  /etc/apt/sources.list:






- It is important not to add packages from dubious or unreliable sources to the sources.list file because some malware could be included.

 - As seen before, the sources included in the official website deb http://security.debian.org are completely safe, like the line included before.

- Finally, using apt-get and aptitude to update recent changes to the repository:











 - apt-get and aptitude are quite similar command line interfaces. The main difference is that aptitude provides a terminal menu interface whereas apt-get does not. Also, aptitude actually performs the functions of not just apt-get, but also some of its companion tools, such as apt-cache and apt-mark.







Posted by at
Labels:

1 - Linux Security: protecting the GRUB with authentication


PROTECTING THE GRUB WITH AUTHENTICATION

 - In this exercise a Linux Debian server is used:



1 - Introduction

- GNU GRUB (GRand Unified Bootloader) is a boot loader package from the GNU Project. 

 - GRUB provides a user the choice to boot one of multiple operating systems installed on a computer or select a specific kernel configuration available on a particular operating system's partitions.

 - For further information:

 https://en.wikipedia.org/wiki/GNU_GRUB

 - The goal of this exercise is to protect the GRUB by setting authentication (user and password) before having access to the system.


 2 - Setting a superuser and a password for GRUB

 - Going to the directory /etc/grub.d:


- The command grub-mkpasswd-pbkdf2 requires to enter a password and its corresponding sha512 hash is generated:



- Editing 40_custom the user roch is set as a superuser and the password hash is included:

- Updating the GRUB:


3 - Testing the GRUB authentication

 - Once the server is rebooted and clicked any of the options:


- Authentication for the superuser roch is required to give access to the system:









Posted by at
Labels:

Sunday, August 20, 2017

IBM Bluemix: checking the UltraViolet Index with Raspberry Pi / Sense Hat connected to IBM Weather Company Data


IBM BLUEMIX: CHECKING THE ULTRAVIOLET INDEX WITH RASPBERRY PI / SENSE HAT CONNECTED TO IBM WEATHER COMPANY DATA

- Layout for this exercise:

1 - Creating an instance of Weather Company Data IBM services

 - The goal of this exercise is to build an Ultraviolet (UV) rays indicator using a Raspberry Pi device with Sense Hat and NODE-Red accessing the Weather Company Data IBM Bluemix.

 - Signing into an IBM Bluemix account:



- Going to Catalog and searching for "Weather" the result is Weather Company Data:



- Weather Company Data is a service that allows the integration with IBM Bluemix:



- This service has a great range of features related with weather forecast, for instance Current Conditions provides data about UV Index:

- Clicking Create:


- Some Service credentials are generated that must be written down for later usage:


- Copying to the Clipboard the Service Credentials:



2 - Creating a NODE-Red flow

 - Installing additional NODE-Red nodes necessary for accessing IBM Weather Company Data for Bluemix:


- Starting NODE-Red:


- Now, a NODE-Red flow must be created composed of 6 nodes:

 1) Inject

- The payload of the inject node is the geo position (latitude and longitude) of the location of New York City:

 http://mygeoposition.com/











- Entering as payload the Latitude and Longitude of NYC:
2) Weather Insights





- Entering Username and Password obtained at point 1 (Service credentials) and Current Observations as a Service:

3) Function





- The function node uses JavaScript code to process the payload coming from the previous node weather insights.

- Editing the node, the conditional statements (if ... else) are based on the Colour Index Scale provided by the United States Environmental Protection Agency.

 - Also, when an "off" payload is injected the Sense Hat LED is turned off (we''ll see in next nodes):




https://www.epa.gov/sunsafety/uv-index-scale-1


4) Sense Hat


- This node corresponds to the Sense Hat module, and no special configuration is needed aside from giving a name (LED, because its color varies according to the UV Index):



5) Debug

- The Debug module displays the output obtained from the function and the weather insights nodes:





6) Inject

 - The last node injects the string "off" to turn off the Sense Hat LED node:






3 - Testing the system

- Deploying the flow:




- Starting the MyGeoLocation node:




- The flow starts working:



- The LED turns on RED because at the time of the test the UV Index at New York City is closed to 8:



- The Debug tab displays the RED value and the associated New York City's geolocation:



- To check that the test is correct let's consult another UV Index source for New York City:
http://legacy.weather.weatherbug.com






- Finally the node can be turn off:






















Posted by at
Labels: ,
Subscribe to: Posts (Atom)