Thursday, February 5, 2015

Your social security number is treated like a used condem. Don't bother trying to keep it safe.

Wednesday, February 4, 2015

You can lead a horse to water, but you can't make a dumbass drink

Sunday, February 1, 2015

Saturday, January 31, 2015

The online price is always cheaper than a phone call

Friday, January 30, 2015

Life is too short, just realize that I am right so I don't have to prove you wrong.

Tuesday, January 6, 2015

Stupid TrendMicro Windows 98 User Agent

In the world of security, software that lies about what it really is, is technically malicious software.
Its bad enough the bad guys do this, so we shouldn't have supposedly legitimate software sporting false user-agent strings.

I've been googling around this for a while to see if there is a way to get this modified. Haven't found a solution yet. If you don't know what I am talking about. The user agent string sent by its update service says it is a windows 98 machine. If you are running TrendMicro Anti-virus and also run some kind of network discovery software, or network intrusion systems; you probably already noticed this and are completely annoyed like I am.

Below is the user agent string in a network packet.

& èíÈd1P. u E 7 /@€ HÔÀ¨ FØD
‹Ü¸Pne ×û/U P   g;GET /activeupdate/server.ini HTTP/1.1
Host: wfbs-svc30-p.activeupdate.trendmicro.com:80
User-Agent: Mozilla/4.0 (compatible;MSIE 5.0; Windows 98)
Accept: */*
Pragma: No-Cache
Cache-Control: no-store, no-cache
Connection: Close
X-Trend-ActiveUpdate: 2.82.0.1075

I hope to get a ticket into Trend Micro about this and see if there is anything they can do to fix this issue. Either Way, I will post my findings.

Sunday, December 28, 2014

Geekempire's BadIP List

Using all of my ninja skillz, I recently automated a daily list of malicious IP's that attack the Geekempire hosts.  The list is spot on and you can easily automate the feed into your firewall and detection tools.


Thursday, December 25, 2014

No more ThunderPoop

I have decided to ditch thunderpoop and I have decidied to move the site, to Panaman.org

Thursday, June 19, 2014

Puppet Elasticsearch Demonstration

This is just a demonstration of how Puppet can build an elasticsearch node in a jiffy, This is just a demo, no animals were hurt in the making of this video.

Tuesday, November 26, 2013

Bro Puppet Dependencies

My Bro puppet module has been updated to version 1.0.1.
I had a bug in the module dependencies.
Thanks Ryan for the fix.

version 1.0.1 has been uploaded to the forge
http://forge.puppetlabs.com/panaman/bro/1.0.1

Sunday, November 24, 2013

Webmin Puppet Module

I released my first version of my webmin puppet module.
It should work on any debian or redhat based system.

https://forge.puppetlabs.com/panaman/webmin/1.0.0

Sunday, November 17, 2013

Plex Puppet Module

Version 1.0.0 of my Plex Puppet module has been uploaded to the forge.

It is compatible with Centos, Fedora, Redhat, Scientific and Ubuntu.

https://github.com/panaman/puppet-plexms

Bro NSM Puppet Module

Last night I published my Bro NSM Puppet module to the forge.

Bro is a network monitoring tool, it compliments existing IDS technologies.

Saturday, November 16, 2013

hostint puppet fact updated to 2.0.2

I have made some additions to the puppet hostint fact.

I have added two more facts:

hostint_ipv4_cidr = host interface network cidr notation
hostint_ipv4_max = maximum number of allowed hosts on network.

http://forge.puppetlabs.com/panaman/hostint/2.0.2

Monday, November 11, 2013

TPS Report

I've finally uploaded one of my simple but useful modules to the Puppet Forge today.
I call it "TPS Report". It is a Puppet module that can create multiline text files without a template in place. I use this all the time to create simple files when I don't feel like creating an ERB base template.


tps::report { '/etc/file.txt':
  flare => [
   'line one',
   'line two',
   'line three',
   'line four',
  ],
}
 
OVERIDE OPTIONS
owner => 'Lumbergh',
group => 'Chotchkies',
mode => '0755',

http://forge.puppetlabs.com/panaman/tps

Sunday, September 8, 2013

hostint v2.0.0

http://forge.puppetlabs.com/panaman/hostint

Custom Fact for the host interface on a machine.
It finds the interface based on the gateway of netstat -rn. 
Works on FreeBSD, OSX, RedHat, Centos, Scientific, Ubuntu and probably others. 
I've found it extremely helpful building NSM servers and configure iptables.
You can specify the variable <%= @hostint %> in your puppet templates.

Supports Interface, DNS, Duplex, Gateway, ipv4 address, and Speed.

<%= @hostint %> Host Interface - (Supports Kernel: FreeBSD, Darwin, Linux)
<%= @hostint_dns %> Primary DNS Server (Supports Kernel: FreeBSD, Darwin, Linux) 
<%= @hostint_duplex %>  Full (Supports Kernel: Linux)
<%= @hostint_gw %> 192.168.10.1 (Supports Kernel: FreeBSD, Darwin, Linux)
<%= @hostint_ipv4 %>  192.168.10.17 (Supports Kernel: FreeBSD, Darwin, Linux)
<%= @hostint_speed %>  1000Mb/s (Supports Kernel: Linux)

TODO: Need to add Windows facts

Wednesday, January 2, 2013

HD HomeRun Prime

My entire house is ran in cat5e. I am not sure how this setup would work over wireless.

First of all this can save you $15 to 30 a month depending on how many TV's you have, but media pc's aren't free either, so you need to determine if the long term cost is worth your wallet.

Below is a picture of the retail box for the HD HomeRun Prime. I think I payed about $200 for my first one, then I got the 2nd one on-sale for $130.



I have Time Warner Cable. They are a bunch of bitches and encrypt everything but the broadcast channels, I am forced to use Windows Media Center. Other cool options if it wasn't for my crappy cable company would have been to use MythTV. Below is a picture of my two HD HomeRun Prime's and the two tuning adapaters. This setup costs less than $3 bucks a month per HD HomeRun. I have 6 network tuners to record and watch TV with.

This is a video of my setup. Two Media PC's and one XBOX enjoying the power of cable TV through the HD HomeRun Prime. Sorry for the crappy video, I took it on my iPhone 4S: But Enjoy Anyway.


Saturday, December 15, 2012

VM ESXI BACKUP - LFTP

Need to backup your VM's off of your ESXi Machine? Today I decided to back them up to my USB drive. I tried to use rsync but rsync isn't on ESXi. So then i thought about LFTP. LFTP has a mirror function, and is a good alternative to rsync.

I run Ubuntu on my desktop so all i had to do was install lftp.
sudo apt-get install lftp
You will also have to enable ssh access to your ESXi Server. You can do that in the vSphere Client.

Once you have ssh enabled, you are ready to backup your vm's. You will need to power down the vm you are backing up to make this work.
Replace "password" with your esxi root password. You will also need to change the IP and the dirctory you are backing up.

In the following example:
192.168.10.10 = my esxi server
/vmfs/volumes/4edb0892-122a7778-ffc0-001a4b524ffe/endor = path of my vm on esxi
/mnt/backup/vm = my USB drive mounted on my Ubuntu Desktop Machine.
lftp -u 'root,password' sftp://192.168.10.10 -e "set ftp:ssl-protect-data true; set ftp:ssl-force true; mirror /vmfs/volumes/4edb0892-122a7778-ffc0-001a4b524ffe/endor /mnt/backup/vm"

Wednesday, December 12, 2012

PF_RING: tcpdump on a slave interface

I am running snort with a PF_RING enabled DAQ on CentOS using the default TNAPI drivers. I have my interfaces bonded together and snort is sniffing the bond interface. One goofy thing I noticed is when PF_RING is loaded, I cannot tcpdump on the the slave interfaces in the bond. Dumping on the bond interface works fine. For example, if eth1 and eth2 are slave interfaces in bond0 and PF_RING is enabled the following tcpdump command returns no results.
tcpdump -i eth1
If I disable PF_RING (rmmod pfring), the same tcpdump command works; which points to PF_RING as the cause of the behavior. This has been bugging the crap out of me for months.

Now here is the strange part. Recently I stumbled across something on accident because I fat fingered the tcpdump command. If I add a colon to the end of the interface name tcpdump works!
Example:
tcpdump -i eth1:
Even stranger, if I add a colon and any number it also works.
Example:
tcpdump -i eth1:7
I am perfectly fine with this behavior because it solves my original issue, but I am curious why? I have searched the hell out of google and have found nothing. I am curious if any else has experienced the same behavior.

Sunday, December 9, 2012

Crash Plan - Headless Ubuntu Server - Unity

CrashPlan is a "cloud" backup service, and one of the few that have linux clients. It is designed as a GUI client. I run a headless Ubuntu 12.04 server, and my desktop is also Ubuntu 12.04 with the Unity Desktop.

I am going to show you how to create a custom launcher that defaults to connecting to your Ubuntu Server from your Ubuntu Desktop Computer using ssh tunneling. I recommend that you use SSH keys. You can find a tutorial here: http://paulkeck.com/ssh/

First thing first. You need to download the client on your ubuntu server. I did it out of my home directory. I just did a wget, you could just download it with your browser and upload it to your server.
panaman@deathstar:~$ wget -d http://download.crashplan.com/installs/linux/install/CrashPlan/CrashPlan_3.4.1_Linux.tgz
Now you need to untar it and run the install (I just answered everything with defaults).
panaman@deathstar:~$ tar -zxvf CrashPlan_3.4.1_Linux.tgz; sudo CrashPlan_install/install.sh
After its done installing you will notice its running as a service.
panaman@deathstar:~/CrashPlan-install$ service crashplan status
CrashPlan Engine (pid 11960) is running.
Now you need to install it on your Ubuntu Desktop PC.
You can follow the exact same steps as above.

After you have the client installed on your Ubuntu Desktop you need to edit a config file for your client to listen on.
panaman@anakin:~$ sudo vi /usr/local/crashplan/conf/ui.properties
Make the File look just like the one below:
#Fri Dec 09 09:50:22 CST 2005
#serviceHost=localhost
servicePort=4200
#pollerPeriod=1000  # 1 second
#connectRetryDelay=10000  # 10 seconds
#connectRetryAttempts=3
#showWelcome=true

#font.small=
#font.default=
#font.title=
#font.message.header=
#font.message.body=
#font.tab=
Now you need to make a little shell script on your Ubuntu Desktop PC that will open your ssh tunnel and CrashPlan. You can call it what ever you want and put it where ever you want. I called mine deathstar_crashplan and placed it in my home directory. Mainly because my Ubuntu Server's name is "Deathstar".
panaman@anakin:~$ vi /home/panaman/deathstar_crashplan
Paste the following in your script and replace "deathstar" with the name or IP address of your Ubuntu server.
#!/bin/bash
gnome-terminal --disable-factory --sm-client-disable -x ssh -L 4200:localhost:4243 panaman@deathstar &
/usr/local/crashplan/bin/CrashPlanDesktop;
exit
Make your script executable.
panaman@anakin:~$ chmod 700 ~/deathstar_crashplan
Now you need to edit your CrashPlan Icon. Just right click it and click properties.
You are going to need to change the Command path to point to the shell script you created.
I also Changed the Name of mine to "CrashPlan Deathstar"

Now you are complete, you should be able to launch your Crashplan GUI thats connected to your Ubuntu Server and start adding folders on your server to backup.