Ryan – Page 7 – Ryan Schulze

Strict-Transport-Security

March 18, 2018April 3, 2018Ryan

I finally got around to setting the Strict-Transport-Security header on all my HTTPS websites. The current age is set to 1 month and I’ll gradually up that to 6 months if no problems pop up.

In case anyone is curious, I terminate SSL on a haproxy, which then sends requests to various backends (containers on the same physical server). This makes it really easy to deal with Let’s Encrypt (just need one agent/script installed on the haproxy host that deals with all incoming /.well-known/acme-challenge/ requests), and I can keep all HTTPS settings central and don’t have to worry about configuration creep or any settings falling through the cracks for oddball subdomains.

How to use ansible to scan for Spectre/Meltdown vulnerable hosts

February 1, 2018April 1, 2022Ryanmeltdown, spectre

First of all head on over to github and download a spectre-meltdown-checker that supports JSON output. Now all we need is a ansible playbook that calls that script:

- name: Run Spectre/Meltdown checker on hosts
  hosts: all
  gather_facts: false
  tasks:
    - script: tools/spectre-meltdown-checker.sh --batch json --live
      register: spectre_output
      failed_when: false

    - set_fact: 
        spectre_json: "{{ spectre_output.stdout|from_json }}"

    - name: Output vulnerability status
      debug: 
        msg: "Vulnerable to {{ item.NAME }} - {{ item.INFOS }}"
      with_items: "{{ spectre_json }}"
      failed_when: item.VULNERABLE
      when: item.VULNERABLE

- name: Run Spectre/Meltdown checker on hosts

hosts: all

gather_facts: false

tasks:

- script: tools/spectre-meltdown-checker.sh --batch json --live

failed_when: false

- set_fact:

spectre_json: "{{ spectre_output.stdout|from_json }}"

- name: Output vulnerability status

debug:

msg: "Vulnerable to {{ item.NAME }} - {{ item.INFOS }}"

with_items: "{{ spectre_json }}"

failed_when: item.VULNERABLE

when: item.VULNERABLE

Important is to adjust the path to spectre-meltdown-checker.sh in the script: task (the path is relative to wherever your playboook file is). Adapt to your needs however you want. It is basically just feeding the output of the script into the from_json filter, storing it in a variable and then iterating over the result via with_items.

Example output:

(vulnerable to CVE-2017-5715 since Intel retracted their microcode updates and haven’t released new ones yet)

Adding CVE information to Nmap scans

January 19, 2018April 1, 2022Ryannmap, security

Last week I stumbled across a nice nmap script that adds CVE information from https://vulners.com/ to the results of nmap scans. Since it relies on version information from services it requires you scan the host with -sV

Example: nmap -sV --script vulners host

The github repository is https://github.com/vulnersCom/nmap-vulners/
You can add the script to your nmap installation with dir=/usr/share/nmap/scripts/ ; curl -ksL https://raw.githubusercontent.com/vulnersCom/nmap-vulners/master/vulners.nse >> ${dir}vulners.nse && chmod 0644 ${dir}vulners.nse
(or wherever your nmap script directory is, e.g. /usr/local/share/nmap/scripts/ ).

How to colorize manpages

December 15, 2017April 1, 2022Ryanbash

I’m surprised I’ve never posted this here before. Turning manpages from monochrome to color is super easy.

There are a few LESS_TERMCAP_* environment variables you can adjust. Here is a list of useful ones to change

ks      make the keypad send commands
ke      make the keypad send digits
vb      emit visual bell
mb      start blink
md      start bold
me      turn off bold, blink and underline
so      start standout (reverse video)
se      stop standout
us      start underline
ue      stop underline

ks make the keypad send commands

ke make the keypad send digits

vb emit visual bell

mb start blink

md start bold

me turn off bold, blink and underline

so start standout (reverse video)

se stop standout

us start underline

ue stop underline

I prefer to only set them for man, so I put this little function in my ~/.bashrc

man () {
  LESS_TERMCAP_mb=$(tput setaf 4)\
  LESS_TERMCAP_md=$(tput setaf 4;tput bold) \
  LESS_TERMCAP_so=$(tput setaf 7;tput setab 4;tput bold) \
  LESS_TERMCAP_us=$(tput setaf 6) \
  LESS_TERMCAP_me=$(tput sgr0) \
  LESS_TERMCAP_se=$(tput sgr0) \
  LESS_TERMCAP_ue=$(tput sgr0) \
  command man "$@"
}

man () {

LESS_TERMCAP_mb=$(tput setaf 4)\

LESS_TERMCAP_md=$(tput setaf 4;tput bold) \

LESS_TERMCAP_so=$(tput setaf 7;tput setab 4;tput bold) \

LESS_TERMCAP_us=$(tput setaf 6) \

LESS_TERMCAP_me=$(tput sgr0) \

LESS_TERMCAP_se=$(tput sgr0) \

LESS_TERMCAP_ue=$(tput sgr0) \

command man "$@"

}

Bash function for easily watching logs and colorizing the output

October 10, 2017April 1, 2022Ryanbash

Another useful bash function I have on my servers. It’s a wrapper around tail -F and ccze . It will look for a log file (prepends /var/log/ to the patch if it can’t find it), and pipes it into ccze for colorizing the output. Handy if you find yourself watching logs. I mostly use it for dhcp/tftp/mail where I don’t have a huge amount of traffic (i.e. can watch it in real time) and am expecting an event/log entry.

logwatch() {
  local logfile=
  for path in '' /var/log/; do
    if [[ -r "${path}${1}" ]]; then
      tail -n50 -F "${path}${1}" | ccze ${2:+--plugin} ${2} --mode ansi --convert-date
      return
    fi
  done
}

logwatch() {

local logfile=

for path in '' /var/log/; do

if [[ -r "${path}${1}" ]]; then

tail -n50 -F "${path}${1}" | ccze ${2:+--plugin} ${2} --mode ansi --convert-date

return

done

}

Usage:

1 2	logwatch kern.log logwatch /var/log/apache2/access.log