Monday, March 31, 2014

Encrypting Cookies through F5 using iRules 

Encrypting Cookies through F5  using iRules


Referenced from https://devcentral.f5.com/wiki/irules.EncryptingCookies.ashx 




when CLIENT_ACCEPTED {
   # Define an AES encryption key. Valid key lengths are 128, 192, or 256 bits. 
   # You can use a key generator, or create your own using only HEX characters.
   set aes_key "AES 128 63544a5e7178677b45366b41405f2dab"

   # Name of the cookie to encrypt/decrypt
   set cookie"myCookie"

   # Log debug messages to /var/log/ltm?  1=yes, 0=no.
   set cookie_encryption_debug 0
}

when HTTP_RESPONSE {

   # Check if response contains an error cookie with a value
   if {[string length [HTTP::cookie value $cookie]] > 0}{

      # Log the original error cookie value from the app
      if {$cookie_encryption_debug}{log local0. \
         "Response from app contained our cookie: [HTTP::cookie value $cookie]"}

      # Encrypt the cookie value so the client can't change the value
      HTTP::cookie value $cookie [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]

      # Log the encoded and encrypted error cookie value
      if {$cookie_encryption_debug}{log local0. \
        "Encrypted error cookie to: [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]"}
   }
}

when HTTP_REQUEST {
   # If the error cookie exists with any value, for any requested object, try to decrypt it
   if {[string length [HTTP::cookie value $cookie]]}{

      if {$cookie_encryption_debug}{log local0. \
         "Original error cookie value: [HTTP::cookie value $cookie]"}

      # URI decode the value (catching any errors that occur when trying to 
      # decode the cookie value and save the output to cookie_uri_decoded)
      if {not ([catch {URI::decode [HTTP::cookie value $cookie]} cookie_uri_decoded])}{

         # Log that the cookie was URI decoded
         if {$cookie_encryption_debug}{log local0. "\$cookie_uri_decoded was set successfully"}

         # Decrypt the value
         if {not ([catch {AES::decrypt $aes_key $cookie_uri_decoded} cookie_decrypted])}{

            # Log the decrypted cookie value
            if {$cookie_encryption_debug}{log local0. "\$cookie_decrypted: $cookie_decrypted"}
         } else {

            # URI decoded value couldn't be decrypted.
         }
      } else {
         # Cookie value couldn't be URI decoded
      }
   } else {
      # Cookie wasn't present in the request
   }
}










Posted by
test


at
12:58 PM


0
comments

















Labels:
,



















Secure Web Application With httponly and Secure Using F5 iRule










Following will add HTTPOnly and Secure flag in Set-Cookie starting with the Cookie Name Provided.

Create a irule using the below  and attach to your Virtual Server

when HTTP_RESPONSE {
HTTP::cookie secure "CookieName" enable


   set ak [HTTP::header values "Set-Cookie"]
   HTTP::header remove "Set-Cookie"
   foreach acookie $ak {
      if {$acookie starts_with "CookieName"} {
         HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly"
      } else {
         HTTP::header insert "Set-Cookie" "${acookie}; HttpOnly"
      }
       }
}








Posted by
test


at
12:52 PM


0
comments

















Labels:
,













          

        

          

        

Friday, March 21, 2014


          

        







Account Login recording in Linux & Windows System with Zenoss










Recording the SSH Logins success and failure

For Linux Servers 


Setting to be done on the Linux side 


Edit the linux /etc/syslog.conf file and add the following line 


authpriv.* @zenossserver ip or hostname

Restart the syslog daemon. 


On the zenoss side make sure these things 


1. The machine IP and Hostname should be correct so syslog logs are correctly inserted to the correct device. 


2. You can define SSHD event component to be as critical so the current alert system will work OR. 


3. You can create a new alert only for sshd reporting , See the below screenshot













This alert generates below alerts , we can also try only to send 


On Authentication Success 


a. session opened for user  


b. Accepted password for root from  port  ssh  


On Authentication Failure 


a. Failed password for illegal user from  port  ssh  


b. Illegal user  from  


On Session Logout 


Session closed for  



For Windows Servers

  


All the servers where Wmi monitoring is enabled we just need to increase the zWinEventlogMinSeverity to 5 Which is by default 2. 



Alerts Creation 


For Successful Logins: 


eventClassKey -- Security_552 


For Failed Logins 


eventClassKey -- Security_680 




More details  for security code can be found here from technet.http://technet.microsoft.com/en-us/library/cc787567%28v=ws.10%29.aspx 



Result looks like this 


Device: 
Component: Security
Severity: Info
Time: 2014/03/21 00:05:11.000
Message:
Logon attempt using explicit credentials: 
Logged on user: 
User Name: $ 
Domain: WORKGROUP or DOMAINNAME
Logon ID: (0x0,0x3E7) 

Logon GUID: - 

User whose credentials were used: 

Target User Name: 

Target Domain: System Name

Target Logon GUID: - 


Target Server Name: localhost 

Target Server Info: localhost 

Caller Process ID: 5060 

Source Network Address: 

Source Port: 2211









Posted by
test


at
9:19 PM


0
comments

















Labels:
,
,













          

        

          

        

Thursday, March 20, 2014


          

        







Hide tomcat Web Server Version Information
















Hide tomcat Web Server Version Information



Replace the server version string from HTTP headers in server responses, by
adding the server keyword in your Connectors in CATALINA_HOME/conf/server.xml









            server="Apache"
/>  





Remove version string from HTTP error messages by repacking
CATALINA_HOME/server/lib/catalina.jar with an updated ServerInfo.properties
file.



Unpack catalina.jar 



cd CATALINA_HOME/server/lib

jar xf catalina.jar
org/apache/catalina/util/ServerInfo.properties



Update ServerInfo.properties by changing server.info line to
server.info=Apache Tomcat 



Repackage catalina.jar



jar uf catalina.jar org/apache/catalina/util/ServerInfo.properties



Remove CATALINA_HOME/server/lib/org (created when extracting the
ServerInfo.properties file)







Restart the tomcat server.









Posted by
test


at
1:22 PM


0
comments

















Labels:
,
,













          

        

          

        

Wednesday, March 19, 2014


          

        







Hide Apache Information from Intruders
















Hide Apache Information



To hide the information, add the following two apache directives in Apache Configuration file httpd.conf 



ServerTokens ProductOnly

ServerSignature Off



Now you need to restart your web server using the following command



#/etc/init.d/httpd  restart



Now the output for apache header looks like below

# Curl -I  http://localhost 

Server: Apache








Posted by
test


at
1:20 PM


0
comments

















Labels:
,
,













          

        

          

        

Thursday, March 13, 2014


          

        







GUI for NetApp Support Tools










The GUI for NetApp Support Tools is a Windows GUI that helps execute some of the important NetApp support tools.





Download Here 








Posted by
test


at
1:41 PM


0
comments

















Labels:
,
,













          

        

          

        

Tuesday, March 4, 2014


          

        







Netapp Daily Health Check










filer01> rdfile /etc/messages    

Note: If you want to see old syslog messages, use following commands /etc/messages.0; /etc/messages.1 etc.,

filer01> snapmirror status


filer01> snapvault status

filer01> vol status -f (or) aggr status -f

filer01> environment chassis list-sensors

filer01> vol status

filer01> aggr status  

filer01> df -Ah

filer01> df -h


filer01> lun show offline


filer01> sysconfig -a













Posted by
test


at
2:05 PM


0
comments

















Labels:
,













        

      









Subscribe to:
Comments (Atom)