Professional Documents
Culture Documents
Secure Webmail: Sending mail using stunnel, mail submission port and
https://
Objective
Stunnel is a proxy service that is used to add TLS (Transport Layer Security) encryption
functionality to an existing server or client. Here, Stunnel is being configured for establishing
secure communication between the servers. The other objective of this enhancement is to add
a secure connection i.e. https:// in the webmail and using a mail submission port.
Multitail is an open source ncurses utility that is used to demonstrate multiple logfiles to
standard in a same window and a same shell. It usually shows last few lines of logfiles in a
real-time like tail command splitting a single console into more subwindows. It is also used for
color highlighting, adding, removing and filtering windows and many more. (Saive, 2014)
This enhancement is made to:
i. View the logfiles of postfix on Gateway and Mailserver in different windows using
multitail. Telnet service is to be used for sending mails and demonstrating the postfix
logfiles.
ii. View the logfiles of postfix on Gateway and Mailserver in a single window with
different colors using a different method than above. Mulltitail setup is to be done to
view logfiles on same window.
The two methods that we have chosen for this enhancement are SSH and Netcat. Using SSH
connection between Gateway and Mailhost we have monitored multiple postfix logfiles with multitail
in a different subwindows. For another method we have used Netcat to view postfix logfiles in a same
subwindow but in different color.
For multitail with SSH:
We have already started sshd service in our base system by giving executable bits and command
/etc/rc.d/rc.sshd start. Also, we have configured telnet file and run the xinetd service.
Now for the ssh configuration,
On both Gateway and mailhost we should edit the /etc/ssh/ssh_config file by adding:
"host *
ControlPath /tmp/ssh-%r@%h:%p
ControlMaster auto
# ControlPersist 10m"
After adding the above commands to the ssh_config file on both Gateway and mailhost, we should
make a ssh connection between these two servers. For doing that, on Gateway we should enter the
following commands:
"ssh root@mailhost.tinynet.edu"
After giving the password as "toor" the ssh connection is established.
Then we go to a new terminal window by pressing alt + F2. In this terminal we will run the multitail
command.
"
multitail /var/log/postfix.log –l "ssh root@mailhost.tinynet.edu" tail –f /var/log/postfix.log
"
After this multitail command we send some test mails using squirrelmail. After successful mail transfer
the logfiles are displayed on two separate subwindows.
For Multitail with Netcat:
In Mailhost the following commands should be entered:
"mkfifo /tmp/foo
Ln –s /bin/foo |bsdnc –lkv 23432 |/bin/rbash 1>/tmp/foo &"
After these commands we go to the Gateway to monitor the postfix logfiles
"
multitail –ci yellow /var/log/postfix.log –ci red –L "echo 'tail /var/log/postfix.log' |nc
192.168.56.108 23432
"
After this some test mails are sent and the output is shown in same window with different colors for
both servers.
Screenshots
Figure 4 Editing file ssh_config
This window is of while editing the file ssh_config under the /etc/ssh directory. The last four lines
are added in this file.
Here, a test mail is sent from mailadmin@mail.tinynet.edu. This mail was successfully sent to the
mailhost server.
Figure 8 Multitail after mail sent
Here, the logfile is shown after a test mail was sent to the mailhost.
Here postfx logfiles are shown of both Gateway and Webserver. The orange color is for the
Gateway and the red one is for the mailhost.
Figure 12 Final state of Multitail Netcat
This is the output of the multitail postfix logfiles by using netcat after sending the test mail using
telnet.
Obstacles encountered
None
2. LDAP – The missing piece of our enterprise network
Objective
LDAP stands for "Lightweight Directory Access Protocol". It provides a single directory source for
system information look-up and authentication. It defines the methods by which directory data is
accessed. The objective of configuring this enhancement is to:
i. Have two domains (o= and dc=) for LDAP server
ii. Setup LDAP with squirrellmail and Dovecot.
iii. Get LDAP to use stunnel.
userdb ldap {
# Path for LDAP configuration file
args = /etc/dovecot/dovecot-ldap.conf
}
"
Now, we go to the file /etc/dovecot/dovecot-ldap.conf and edit the following lines:
"
hosts = localhost
pass_filter = (mail=%n@%d)
user_filter = (mail=%n@%d)
"
Now we should restart the dovecot service for new configurations made.
"/etc/rc.d/rc.dovecot stop"
"/etc/rc.d/rc.dovecot start"
Connecting to squirrelmail and try the address book as follows:
Compose – Addresses button –List All Button
Similarly, second DIT also requires same configurations to the LDIF, dovecot and
squirrelmail.
Screenshots
Figure 13 Removing ldaps:/// from rc.ldap
Figure 14 rc.ldap before removing ldaps:///
#show plaintext
Echo –e "\e[01;32m"; echo $FF |boxes; echo –e "\e[00m"
"
The above changes will display a random fortune in green color every time a user logs in.
After this we should clear the /etc/issue file.
ii. For Sudo
For demonstrating the use of sudo we should create multiple user accounts. On Mailhost
Server we have created three different users by the command "adduser" and entered the
following details:
" Username: aaditya; password: aadi2000
Username: manisha; password: manisha123
Username: Pranesh; password: pranesh123"
After the "adduser" command now we have three normal user accounts on Mailhost.
After the creation of three users we should edit to the sudoers file
/etc/sudoers
- To make force to the users using sudo command we should edit the /etc/sudoers file as
follows:
" #User Privilege specification
Root ALL=(ALL) ALL
Aaditya ALL=(ALL) ALL
Manisha ALL=(ALL) ALL
Pranesh ALL=(ALL) ALL /usr/sbin/monkey –D
- We have configured the user "Pranesh" to have access to /usr/sbin/monkey –D to
have a difference among the other users which will make easier demonstration.
By the above step now every user will be forced to use sudo.
iii. Color Prompts for each user type
For having different color prompts to different user types we need to edit the /etc/profile
file as follows:
" # Set a default shell prompt
…..
else
if [ $(id –u) -ne 0 ]; then
#non-root user
PS1='[\[\033[01;32m\]\u@\h \[\033[01;34m\]\W\[\033[00m\]]$ '
else
#root user
PS1='[\[\033[01;31m\]\u@\h \[\033[01;34m\]\W\[\033[00m\]]# '
fi
fi"
The above command tells that if the user ID is not equal to 0 then the system will use green
color (01;32m) else for the root users the system will use the red color (01;31m) as the color
prompts.
From the above enhancements, the Mailhost system will not allow root access and other
normal users should use sudo for administrative actions. The system will show a random
fortune with color everytime a user logs in. Also, every type of users will have different color
prompts like root users will have red and normal users will have green color prompts.
Screenshots of tests
4. OpenVPN
Owner:
Objective
OpenVPN is an open-source software used for commercial purposes to implement a virtual
private network techniques for creating secure poin-to-point connection. The objective of this
enhancement is to setup OpenVPN by using static keys. Making two setup files for tun and
tap.
Now we should edit the server.conf and client.conf files to reflect the PKI generated which
are ca, cert, key and dh parameters. In the server.conf file make configurations as follows.
"
ca /etc/openvpn/keys/tmp-ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
"
For the dh,
"dh /etc/openvpn/keys/dh1024.pem"
Mkdir /dev/net
Mknod /dev/net/tun c 10 200
"
Now enter the following commands
"
/usr/doc/openvpn-2.0.9/sample-config-files/
openvpn tun-server.conf
"
For Tap, In client and server side configuration enter following commands.
"
/usr/doc/openvpn-2.0.9/sample-config-files/
Figure 35 Adding attributes to vpn services
openvpn tap-server.conf"
Objective
Iptable is an administrative tool that network administrator uses for IPv4 packet filtering
and NAT. Here, the objective of this enhancement is to add six iptable rules to filter out
the TCP stack and the network should not be processing the TCP stack. Also, the other
objective is to show all the six rules added using hping2 and multitail.
Configurations made
At first we should add six rules, we can add them by following commands:
Rule 1: "iptables –A INPUT –p tcp –tcp-flags ALL NONE –j LOG –log-level alert –
log-prefix "iptables ALL NONE"
Rule 2: "iptables –A INPUT –p tcp –tcp-flags FIN,SYN FIN,SYN –j LOG –log-level
alert –log-prefix "iptables FIN,SYN FIN,SYN"
Rule 3: "iptables –A INPUT –p tcp –tcp-flags SYN,RST SYN,RST –j LOG –log-level
alert –log-prefix "iptables SYN,RST SYN,RST"
Rule 4: "iptables –A INPUT –p tcp –tcp-flags FIN,RST FIN,RST –j LOG –log-level
alert –log-prefix "iptables FIN,RST FIN,RST "
Rule 5: "iptables –A INPUT –p tcp –tcp-flags FIN,ACK FIN –j LOG –log-level alert
–log-prefix "iptables FIN,ACK FIN"
Rule 6: "iptables –A INPUT –p tcp –tcp-flags ACK,URG URG –j LOG –log-level
alert –log-prefix "iptables ACK,URG URG"
Owner:
List the relevant configuration files, and for each one briefly describe what was done
1. monkey.conf in /etc/monkey/monkey.conf
The file monkey.conf set two users for web files and cgi-scripts and
users (i.e. harry and aadhitya) were added to file as shown here: -
2. Cnames in /etc/dnsmasq.d/cnames in Gateway server
CNAME maps alias of one domain name to another in DNS. Other two CNAMES were specified along
with which hostname bananas.tinynet.edu (monkey) was added.
3. /var/spool/cron/crontabs/root
Crontabs runs a list of commands at every 10 minutes interval and files move from user home directory to
Virtual Document Directory where at file /var/spool/cron/crontabs/root foyr crontabs are added.
Screenshots of tests, with explanations
2. Creating two directories htdocs and cgi-scripts in their respective home directory
cd /home/harry
mkdir htdocs cgi-scripts
cd /home/harry
mkdir htdocs cgi-scripts
3. Adding two virtual hosts in the file monkey.conf
4. Permissions were changed for home directories for each user using mc which was then continued
pressing F9 and changing the mode of permissions by removing read/execute permissions for all owner,
group and others following File>ChMod.
Fig: - permission change for harry directory
Fig: - permission change for aadhitya directory
Running commands using crontab and making two directories for teo no-root users each was
difficult which was sorted out using internet resources.
None
7. NFS
a) Put the webserver VirtualHost DocumentRoot directories (from above) on a new VM
which will be the server for NFS mount
b) Set up the VirtualHost users on the NFS server, create directories under their home
directory for their website files, and allow them to put files in using ssh
c) Run the cron jobs on the NFS server
Owner:
- NFS put the webserver directories over a new VM, that behaves as server.
- Create directories under home directories on NFS server and use ssh files to
allow them and run cron jobs on NFS.
List the relevant configuration files, and for each one briefly describe what was done
1. /etc/monkey/monkey.conf
This file has been already set up in virtual server and was configured in NFS server.
Fig: - virtual hosts for harry and aadhitya
1. /etc/exports
This file explains about what files to be added to NFS server and following line was
added to file –
/var/monkey/htdocs *.tinynet.edu(ro, sync, no_subtree_check, no_root_squash)
Fig: - /etc/exports file in webserver
3) rc.rpc and rc.nfsd was successfully run on both NFS and webserver.
/etc/rc.d/rc.rpc start
/etc/rc.c/rc.nfsd start
Fig: - restarting the service on NFS
useradd -m harry
useradd -m aadhitya
8) Setting virtualhost on monkey.conf file
<Virtualhost>
VirtualServerName harry.tinynet.edu
VirtualDocumentRoot /var/monkey/htdocs/harry
VirtuaForceGetDir off
</Virtualhost>
<Virtualhost>
VirtualServerName aadhitya.tinynet.edu
VirtualDocumentRoot /var/monkey/htdocs/aadhitya
VirtuaForceGetDir off
</Virtualhost>
/etc/rd.c/rc.sshd start
None
8. SSH Key Management
Owner:
Objective
For setting up key-based authentication for ssh agent following configurations are made:
i. Creating a key pair for the server on the local host
We can generate an SSH key pare by executing ssh-keygen command. The keys are stored
by default inside $HOME/.ssh/ directory and are named according to the encryption
mechanism used. When we are asked for the location, we can give a name of directory that
identifies the remote host that keeps the keys organized.
ii. Copying the public key to the remote server
To copy the public key to the remote server we can run the following command:
"scp ~/.ssh/id_rsa.pub username@remote-server.org:"
We must enter the password for our remote user account when it is asked.
iii. Installing the public key on the remote server
For installing the public key on the remote server, we must login and under our home
directory a .ssh must be created. After the directory is created we should append our public
key to the list of authorized_keys by the following command:
"cat ~/id_rsa.pub >> ~/.ssh/authorized_keys"
After appending the public key the id_esa.pub is deleted from home directory. Now we must
check for whether the proper permissions are set on all relevant files. The permissions are
like follows:
For the local system
"chmod 700 ~/"
"chmod 700 ~/.ssh"
"chmod 600 ~/.ssh/id_rsa"
For the remote system
"chmod 700 ~/"
"chmod 700 ~/.ssh"
"chmod 600 ~/.ssh/authorized_keys"
iv. Adding a passphrase on the local host to the ssh-agent
An ssh-agent is a program that caches our decrypted private keys and sedn it to the SSH
client. We should provide our passphrase only once while adding our private key to the
agent's cache. To add our prvate key we use following command.
"ssh-add ~/.ssh/id_rsa"
And then enter the passphrase when asked. Now, after the addition of private key we can
make SSH connections without entering passphrase.
v. Configuring the user startup file to execute ssh-agent automatically after every boot.
By adding the following lines in the ~/.bashrc
"
if ! pgrep -u "$USER" ssh-agent >/dev/null; then
ssh-agent > ~/.ssh-agent-values
fi
if [ "$SSH_AGENT_PID" == "" ]; then
eval "$(<~/.ssh-agent-values)"
fi
"
Now, placing the "AddKeysToAgent yes" in the Host section of the file /etc/ssh/ssh_config
will store all keys in agent by ssh clients on first use.
Screenshots
Figure 54 ssh-keygen
Snort is an open source Intrusion Detection System (IDS). It is used for detecting different types to
activities on the system. This enhancement is made to setup snort and by using hping2 and multitail we
should demonstrate triggering a specific snort rule. hping2 and multitail is used to generate traffic and
demonstrate the recognized traffic.
Snort is a default package that comes with the TinyNetConfig.iso file. At first we should install the
snort package by opening SetupMenu file under the /mnt/hdc directory. Inside the SetupMenu we have
choosed Snort which is inside the Install Other packages. After the installation of snort we should
configure the snort file.
Changing the snort rules path:
Goto the directory /etc/snort/ and edit the file snort.conf by changing the RULE_PATH to
/etc/snort/rules. Then on line 667 we should uncommeting the output alert_syslog and we should add
five new path way as follows:
"include $RULE_PATH/gpl-back~r.rules
include $RULE_PATH/gpl-ddos.rules
include $RULE_PATH/http.rules
include $RULE_PATH/icmp.rules
include $RULE_PATH/other.rules"
After adding the 5 rules we should confirm the path point to the correct directories.
"var RULE_PATH /rules
var PREPROC_RULE_PATH /preproc_rules"
In this screen DDos attack is committed using hping tool from the gateway to the webserver. Here, in
this command "-c" means number of packets, "-d" is the data size or size of packet sent, "-S" is to set
the SYN flag, "-w" is the size of window (default is 64), "-p" is the port number, "—rand-source" is
the random source address mode.
This screen shows how snort monitors the attack done to the webserver.
Obstacles
10. Compile and Install
a) Setup a VM using the TinyNet-gcc image
b) Install the asciiart package from the configuration CD
c) Compile the toilet source code and demonstrate using shell scripts
d) Explain the last four lines of the SlaxBuild script
Owner:
List the relevant configuration files, and for each one briefly describe what was done
The last 4 lines of SlaxBuild formalize the program while compiling, rather than
manually. However, it produces an appropriate "slackware package" that can be
installed/uninstalled while upgrading the program.
FIG: - Slaxbuild script
Screenshot of sl (the Linux Steam Locomotive)
Fig: - Result of sl
Screenshots of tests, with explanationsFig: - login into GCC
Fig:- /opt/ after toilet.build
Fig: - Lycheepie
Obstacles encountered, obstacles overcome
The toiled.build and libcaca.build were difficult to load before but later was corrected
after applying Chmod permission.
Owner:
Multitail has text highlighting feature using “colorschemes”
Multitail command uses two files (“i.e. an apache acess log and tomcat Catalina
log”) with two different colorschemes.
“multitail -cS apache /tmp/apache/access_log -cS log4j $
{TOMCAT_HOME}/logs/catalina.out”
Colorscheme is used to highlight text and can add
additional colorscemes to ~/.multitailrc
“check_mail:0
colorscheme:xml
# element text
cs_re_s:white:>([^<]*)<
# attribute key
cs_re_s:green: ([^ =]*)=
# attribute value
cs_re_s:red:=("[^"]*")
# element name
cs_re:blue,,bold:<[^>]*>”
Multitail also use folloeing command
“multitail -cS xml /var/log/config.xml”
Evaluation of txt2regex
Fig: - colorscheme
Obstacles encountered, obstacles overcome
None
None
12. Protocol Analyis
Owner:
Objective
The objective of this enhancement to use the tcpflow to capture the dialog between the browser and the
webserver when
i. to access the default monkey webpage. How can we recover the images
ii. to access a mailbox in squirrelmail.
List of configurations
The tcpflow is by default installed by every tinynet servers. We can use the "-ce" for printing on the
screen by the folowing command.
“root$ tcpflow -p -c -i eth0 port 80 | grep -oE '(GET|POST|HEAD) .* HTTP/1.[01]|Host: .*'”
The above command enables us to get a lists of HTTP verns to meet our needs. The "eth0" is the name
of the interface of the machine that can be renamed with alternative names if required.
Now, type the following command on the webserver:
"tcpflow –v –I any –s 'host 192.168.56.252 and port 80"
The above command is used to generate files under the /root directory of the server.
Now, open another terminal using Alt + F2 and start the links browser on the webserver and open
squirrelmail using the links browser.
The above screen shows the listening of the port from the IP address "192.168.56.252"
Above screen appears after the ip address is entered
13. Migrate to Net-R
Owner: Pranesh Maharjan (NP000323)
Objective:
List of configurations
mynetworks = 127.0.0.0/8
# 192.168.56.0/24 192.168.66.0/24 192.168.76.0/24
192.168.234.0/24"
v Now we have to add a line for Net-R to /etc/postfix/virtual_mailbox
vi. Enter the command
"/usr/sbin/postmap /etc/postfix/virtual_mailbox"
Finally we add the standard accounts. We can add the standard users to /home/vmail/mail-pwd
There will be an error for the mail going outside the subnet because of the designated relayhost
Now heading towards the WebServer,
i. change the file /etc/stunnel/www.server.conf to use Mailserver.
"
[smtps]
accept = 587
; connect = gw.tinynet.edu:465
connect = mailhost.net-r.tinynet.edu:465"
ii. Now, adjust the $domain in /var/ww/squirrelmail/config/config_svr_adrs.php
iii. Setting the IP address for the hosts as
"ifconfig eth0 192.168.234.120"
"ifconfig eth0 192.168.234.120"
iv. Now we should add the iptable rules by editing the file /etc/rc.d/rc.inetd1
Screenshots
Describe the Net-R automatic traffic generation system
The network will send (sill) messages between each other after the network has two hosts. A user
having username "otto" which automatically logs in when the system is turned on. We can see this user
by typing Alt + F8. Whenever host joins the network, it is added to the frenzy resulting quite busy
subnet. The time of lease for DHCP is two minutes.
Obstacles encountered
14. Port Knock
Owner:
Objective
List of configuration
Screenshots
15. Ettercap
Owner:
Objective
List of configuration
For ARP with ettercap
- We should first install Ettercap from the TinynetConfig.iso
- Starting the ettercap with the “ettercap –C”
- Go to “sniff” and select “unified sniffing”. Again navigating the “host” menu select
“scan for hosts” after that goto “host list” where the possible ettercap found. Then
select domserv (192.168.234.101) from the host list. Then press 1 to add in target list.
- Then exit the host list and after that goto menu and select target and current targets.
Then on the screen the display shows the catch and forward traffic between Target 1
and Targets.
- After that exit the target list. Now select “MTTM” menu then select “Arp Poisoning”
to spoof the ARP tables and press “enter” to leave the parameters box empty.
Now going to Domserv and start link and log into squirrelmail on Net-R webserver.
- Try “arp” on each VM to view output.
For DNS
- Do the same step as done in ARP up to “unified sniffing”
- Then go to host menu and select “host list” then again select the domserv
(192.168.234.101) in the host list. And by press 2 to add the host list into the target list.
After that exit the host list and select “Plugins” and “Manage Plugins” from the menu.
Now select “dns_spoof” and select “enter” after that the zero will be shown on the left
change to one.
- Exit the “plugins” select “MTTM” menu and select “Arp Poisoning” to spoof the
ARP tables. Then leave the parameters box empty.
- Ping from Net-R webserver or Mailhost where the address is given in the
configuration. Use link on one of it to see new website.
- Use the following command line for two phased attack :
“ ettercap –T –q –P dns_spoof –M arp // //”
References
Saive, R. (2014). MultiTail - Monitor Multiple Files Simultaneously in a Single Linux Terminal. [online]
Tecmint.com. Available at: https://www.tecmint.com/view-multiple-files-in-linux/ [Accessed 8 Jan.
2020].