Thursday, March 20, 2014

Building OpenSSL 1.0.1F for RHEL 6


So today I wanted to install openssl 1.0.1F on my centos boxes, usually I will wait for an RPM, or just build from source. Today, I did a little of both using rpmbuild utility. You will need to have the rpmbuild utilities installed.

First download the source. What i did different for a 64bit build was I first untar'ed the file, then ran this against the spec file.

sed -i 's@/usr/lib@/usr/lib64@g' openssl.spec

then ran

tar zcvf ./openssl-1.0.1fa.tar.gz openssl-1.0.1f/

rpmbuild -ts ./openssl-1.0.1f.tar.gz
Which will creates the source rpm. Then run

rpmbuild -tb ./openssl-1.0.1fa.tar.gz

Which will create these packages:

openssl-1.0.1f-1.x86_64.rpm            openssl-devel-1.0.1f-1.x86_64.rpm
openssl-debuginfo-1.0.1f-1.x86_64.rpm  openssl-doc-1.0.1f-1.x86_64.rpm

then if you eff up an install.

cd /usr/lib64/

sudo ln -s libssl.so.1.0.0 libssl.so.10
sudo ln -s libcrypto.so.1.0.0 libcrypto.so.10
 
Then run yum update to make sure it worked.
Posted by at No comments:

Sunday, February 23, 2014

Eccouncil.org Hack

http://www.eccouncil.org/ has been hacked again. Awesome the group that publishes the C|EH Cert. Reason's not to get it.

From the site:
"Defaced again? Yep, good job reusing your passwords morons jack67834#"

Realistically they should have followed the rules that they teach. I will use the STIG's as guidelines. The password they chose does not qualify for those simple guidelines.

http://www.stigviewer.com/check/V-11947 must require passwords contain a minimum of 14 characters.
http://www.stigviewer.com/check/V-11948 must require passwords to contain at least one uppercase alphabetic character.
http://www.stigviewer.com/check/V-11972 must require passwords to contain at least one numeric character.
http://www.stigviewer.com/check/V-11973 must require passwords to contain at least one special character.
http://www.stigviewer.com/check/V-11975 must require passwords to contain no more than three consecutive repeating characters.
http://www.stigviewer.com/check/V-11976 Passwords must be changed every 60 days.
http://www.stigviewer.com/check/V-11977 All non-interactive/automated processing account passwords must be changed at least once per year or be locked.

I have scripts that will set this all up automatically for Linux/UNIX. 
Posted by at No comments:

Tuesday, January 14, 2014

McAfee Linux HBSS

So, you have a STIG'ed box, and McAfee av won't install.  The problem is the umask of 077. The installer id supposed to temporarily set the umask to 022 the /opt/NAI directory,  but due to the stigging, it won't let it. Temp fix. Add to the first lines of the Mcafee-installer script. 

Mkdir /opt/NAI
Chmod 755 /opt/NAI

That will allow for install.  At the bottom of the installer add nails:nailsgroup to an group with elevated permissions. 

Hope this helps.

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)