Friday, 21 July 2017

AWS - How do I redirect HTTP traffic on my server to HTTPS on my Load Balancer?

This article is merely notes for myself just now. I may turn it into a full article if I get any feedback.

I have a AWS (Amazon Web Service) Free Tier trial account and currently experimenting and going through tutorials. I have set up an Elastic Load Balancer to two Apache2 PHP Webservers (HTTPS) with, a MySQL DB Server. I then put a copy of my bespoke PHP pages, searching my music collection database.

AWS - How do I set a Elastic (fixed) IP for the Load Balancer?

I wanted to set a DNS entry for aws.taurus2.co.uk
You cannot set an Elastic IP for the Load Balancer. Instead, set a CNAME in your DNS to the Load Balancers 'DNS Name'.

i.e.

aws CNAME myloadbalancer-1641756311.eu-west-2.elb.amazonaws.com

AWS - How do I redirect HTTP traffic on my webserver to HTTPS on my Load Balancer?

Next, I wanted to redirect HTTP traffic on my webservers to HTTPS on the Load Balancer.

sudo nano /etc/apache2/apache2.conf

Add or change in the <Directory /var/www/> section

AllowOverride All
sudo nano /var/www/html/.htaccess
RewriteEngine on RewriteCond %{HTTP:X-Forwarded-Proto} ^http$ RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

The above tests the X-Forwarded-Proto header and redirects HTTP to HTTPS, without interfering with ELB health check.

sudo service apache2 reload

You can tail your apache access log with the below which, removes any "ELB-HealthChecker" entries which get in the way.

tail -F /var/log/apache2/access.log | grep -v "ELB-HealthChecker"

References:
https://forums.aws.amazon.com/thread.jspa?messageID=745509

Wednesday, 28 June 2017

Arrests in UK over Microsoft scam calls

At least one person I know will be happy to read about this. I had to wipe their PCs drive due to infection which resulted in this attempted scam. I then reinstalled M$ Windows with all the latest security patches. Thankfully, I was able to recover all their person files first.

Their PC got infected and a pop-up screen of some sort indicated a problem and to call the given 'Microsoft Support' telephone number. Although realising it was a scam, they then received numerous telephone calls, trying to get them to part with money to fix the PC remotely.

BBC News - Arrests in UK over Microsoft scam calls

How to see Debian/Ubuntu Security advisories and receive email alerts

Security advisories are published by leading Linux O.S. distributors, announcing important security patches that should be applied as a matter of urgency to safeguard a particular piece of software and ultimately, safeguard your Linux Operating System.

Different Linux flavours can be set up to automatically email a notification to you. You can also set up automated security patching. I will show you how below.

Below are several links to visit for Security advisory notices and details.

http://www.linuxsecurity.com/content/section/3/170/ - Shows Security advisories for several flavours of Linux O.S.

https://www.debian.org/security/ - Shows Security advisories for Debian

https://www.ubuntu.com/usn/ - Shows Security advisories for Ubuntu

Prerequisites

Before we get started:

  • You have to have an SMTP server that can send the emails from your workstation, to the recipient (i.e. your corporate exchange or Gmail).
  • You have the credentials for a user that is able to send Email on that server (i.e. a mailbox or a Gmail account).

There are a few simple SMTP servers out there. The ssmtp (Simple S.M.T.P) package works well. There are better setup articles but we can quickly set it up.

To install the ssmtp (Simple S.M.T.P) package, use the following command:

sudo apt-get install ssmtp

Using your favourite editor, edit the configuration file:

sudo nano /etc/ssmtp/ssmtp.conf

Edit the following lines. The number after the colon, is the port number used to connect to your email providers SMTP service.

root=username@gmail.com
mailhub=smtp.gmail.com:587
hostname=username@gmail.com
UseSTARTTLS=YES
AuthUser=username
AuthPass=password
FromLineOverride=yes

In order to make the default (root) “from” field be the server name, edit the /etc/ssmtp/revaliases file:

root:machine-name@some-domain.com:smtp.gmail.com

Test the ssmtp setup by sending an Email:

echo "Test message using ssmtp" | sudo ssmtp -vvv your-email@some-domain.com

Security Update email alerts for Debian/Ubuntu

Apticron is a simple script which sends daily emails about pending package updates such as security updates.

sudo apt-get install apticron

Configure Apticron

sudo nano /etc/apticron/apticron.conf

Edit the following line, ‘EMAIL=’ changing it to your email address

# apticron.conf
#
# set EMAIL to a space separated list of addresses which will be notified of
# impending updates
#
EMAIL="root"
[...]

You will now receive an email alert once a day if, there are any security advisories.

Automatic Security Updates

To check if your Debian / Ubuntu system has Automatic Security Updates installed, you can manually run it with verbose.

sudo apt-get update
sudo unattended-upgrades -v

If this gives an error then, it is not installed so execute
sudo dpkg-reconfigure --priority=low unattended-upgrades

Once installed, check
cat /etc/apt/apt.conf.d/20auto-upgrades

This should result in
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

If not, edit the file and set APT::Periodic::Unattended-Upgrade to "1".

References:
https://help.ubuntu.com/community/AutomaticSecurityUpdates
https://www.quora.com/How-can-I-get-email-alerts-for-Linux-security-patches-mainly-Ubuntu-CentOS
http://www.linuxsecurity.com/content/section/3/170/
https://www.debian.org/security/
https://www.ubuntu.com/usn/

'Vaccine' created for yesterdays Petya (NotPetya) Ransomware attack

This latest ransomware attack will encrypt your Windows files and demand a ransom to have your files restored. Researchers have found a way to vaccinate against this virus if, you have not already been infected.

BBC News article

How to Enable the NotPetya/Petna/Petya Vaccine

For my friends and family, your best bet is to download the following file from the link below. Then go to your 'Downloads' folder. Run the nopetyavac’ or, ‘nopetyavac.bat’ file by clicking your right mouse button on the file and selecting, ‘Run as Administrator’. It will create the necessary vaccine file.

Any problems, drop me a message. This needs to be done on all M$ Windows PCs/Laptops that you own.

Click here to download https://download.bleepingcomputer.com/bats/nopetyavac.bat

Anyone wishing to not use the above file and also wish to learn a bit more about this virus visit,

https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/

Monday, 29 May 2017

Trying to mount a Windows NTFS HDD on linux errors, "The disk contains an unclean file system"

I had a friend ask me to copy files from her old dying laptop of a spec that was only suitable for Windows XP. She had upgraded it to Windows 8.1 and it was struggling. She got hold of a newer laptop and wanted me to copy her files across.

Being the always cautious techie, I took the old HDD out and tried mounting it on my Ubuntu 14.04LTS, to virus and Rootkit scan it first, before backing up her files. The HDD would not mount and error with:

"The disk contains an unclean file system...."

A bit of research concluded that the Windows 8.1 system was probably set for Fast Startup.

How to disable or enable Fast Startup in Windows 8.1

I started the old laptop in Safe Mode and navigated to the Control Panel to 'Power Options' -> 'System Settings' -> 'Advanced'. I then unticked the box, 'Turn on fast startup (recommended)' thus disabling Fast Startup. Then, shutdown the laptop.

I was then able to mount the drive and access her files.

How to protect your Samba from the latest ransomware SambaCry Vulnerability (CVE-2017-7494)

In May 2017 systems worldwide were hit by the WannaCry ransomware. If you get infected then, then your personal files will be encrypted and a pop up message appears to say that you must pay a ransom (usually BitCoins) or, risk losing your precious files. If you have backed up your files recently then, congratulations. Wipe and reinstall your infected PC / system and recover your backups. If you didn't back up recently, too bad. You don't expect the criminals to really give you your files back after paying the (first) ransom do you!?

Stay ahead of the criminals and ensure your PC / systems are security patched automatically, before you get hit by the latest flavour of virus / ransomware.

Below are link and tips on how to protect yourself against WannaCry 2017.

Debian / Ubuntu

Well, if you have set up automatic security updates on your Debian or, Ubuntu as I mentioned in my Dirty COW exploit and Automatic Security Updates article then, you're already fixed for this exploit.

Whether you just want to check that you've patched or, want to patch your systems yourself, head over to the Tecmint article, How to Fix SambaCry Vulnerability (CVE-2017-7494) in Linux Systems.

In a nutshell

Check if you are already patched.

aptitude show samba


Image from tecmint.com

Visit my blog page above and configure your Debian / Ubuntu system to automatically install security updates.

Windows

Check out BitDefender's article, WannaCry wreaks havoc. How to keep your business safe.

In a nutshell

Visit, Microsoft Security Bulletin MS17-010 - Critical and ensure you download and patch your Window's version. Configure your Windows systems to automatically install Security Updates.