mod security atomicorp rules blocking cloudflare

So I had a customer reach out to me tonight and let me know that they are getting a server offline message from CloudFlare when visiting their site. Immediately, I panicked fearing the web server may be down. Upon investigation I found that the web server was up and humming along happily.

I went to the site and found that I was able to access it. Strange. So, I had them test again – same result. As it turns out, the site was being blocked only for visitors in the Seattle Washington / Portland Oregon area.

I checked the usual suspects such as fail2ban and apache/nginx but found nothing there (but whitelisted the CloudFlare IP’s for good measure – https://www.cloudflare.com/ips/ ). Scratching my head, I remembered that I have third party WAF rules for mod_security. It is typical to see a lot of blocked IP’s in the logs so I greped the sites apache error_log for the CloudFlare IP addresses and there it was.

Screen Shot 2016-04-08 at 10.23.01 PM

I excluded this particular signature ID (Not the whole rule) and that did the trick. Lesson learned.

Happy hacking!

5 Must Have Apps

Technology has a hand in everything that we do these days so I decided to write this article about the 5 must have apps that I use daily to manage my life and keep everything in order. The applications listed below keep me productive as well as informed and ahead of my tasks. There are a TON of apps out there that are designed to offer these capabilities but these are the ones that I find most useful.

 

Google (Apps)
While google is considered by many to be evil due to their information gathering practices, most people find it to be a vital and indispensable part of their daily lives. We all know how useful the search capabilities of Google can be, but the search giant offers far more than just the most handy search on the web.

The main features of the Google platform that I find useful are the Apps. Google Apps for Business gives you access to Google Drive for file storage and sharing, Google Calendar for scheduling and organization, Google Docs, Sheets, Forms, Sites and Slides for an online productivity suite and more. Google Apps is also extensible and allows third party developers to integrate additional features and services into the platform. One such integration I find useful is Boomerang, which allows you to schedule emails.

All in all, Google and the suite of Apps that are available are arguably the most useful tools available online and that is why they are found at number 1 on my list.

Trello
Trello is a Board, List and Card (Kanban) system that allows you to create Boards that can represent things like Projects. Within Boards, you create Lists to represent the steps in your project. On each list, you place Cards, which represent individual tasks. Cards can be labeled with colors and include attachments, due dates, checklists and comments. You move cards between lists as they move through your project workflow.

I find Trello most useful for organizing my personal life and tracking my progress as I move throughout my day. I like to create a daily task list first thing in the morning of the top 5 or 10 items I want to accomplish that day. I then categorize, prioritize and track progress to completion. This helps me ensure that the important things get done.

Overall, Trello rates number 2 on my list due to it’s ease of use and versatility as well as the accompaniment of a handy mobile app.

Evernote
Evernote is an online note taking solution that allows you to take note of just about anything. In your favorite browser, install the plugin to clip articles, or full pages as well as take screenshots and bookmarks. On your mobile device, you can type, hand write, record audio or take pictures as notes. All of this information can be organized into notebooks and tagged for easy searching. Even better, all of your notes are accessible and sync to all of your mobile devices.

I find Evernote most useful for noting and returning to items that I want for further reading or for items that I will frequently use (such as terminal commands or a good recipe) that I do not want to have to find again later. I also find evernote extremely useful for note taking when studying or during online classes.

Evernote comes in number 3 on my list since it is a great companion app to the previously mentioned as well as being uncannily good at remembering things for me.

Twitter
SOOoo, how did Twitter make it onto my list of cannot live without productivity Apps? Well, if you sort through all of the garbage and use it only for following items that apply to your productivity and interests that pertain to furthering your career or knowledge, it can be pretty useful.

Twitter primarily serves as an outlet for useful information that applies to my studies or career in technology. I follow companies like RedHat, Canonical/Ubuntu and DefCon. When a new technology or vulnerability or earth shattering announcement pops up, I am able to act on it quickly and be ahead of the curve. The trick is to not allow the lure of all of the cool information distract you for too long, making it unproductive.

Twitter comes in at number 4 because it offers a useful and extraordinarily real-time source of information, while posing a real threat to productivity.

Skype
Skype is a double edged sword. Interacting with other carbon based life forms can be distracting and detrimental to productivity. It can also be extremely productive and dare I say entertaining. In my experience, the trouble is getting everyone else on a team to use it.

My primary use for skype is as you might imagine, communicating with my team. Even when we are in the same room or office, it is a more efficient and faster communications media than picking up the phone or talking because you are able to multi-task more easily while chatting.

Create VMWare Teplate CentOS 6.5

In this article, I am going to outline a very basic and quick way to create a VMWare virtual machine template for provisioning CentOS (or RHEL) 6.5 in your VMWare environment. As I mentioned, this is a very basic configuration and does not take into consideration large scale deployments and is really intended as a starting point for a template for large scale production.

 

1. Perform the installation of CentOS Minimal as you would any Virtual Machine. Set the roo

2. Install perl by issuing the following command:

yum install perl

3. Install vmware tools. Accept all defaults during the VMWare tools installation:

mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom
cp VMWare-tools-XXXX.tar.gz ~root
cd ~root
tar zxf VMWare-tool-XXX.tar.gz
cd vmware-tools
./vmwaretools-install.pl
cd ..
rm –rf vmware-tools VMWare-tools-XXX.tar.gz

4. After the base install, update the OS by issuing the following commands:

yum update
reboot

5. Clean the yum cache by issuing the command:

yum clean all

6. To prevent hardware issues, remove udev persistent rules by issuing the following command:

rm –f /etc/udev/rules.d/70*

7. To prevent networking issues, remove the MAC and UUID of the NIC. New ones will be obtained upon clone:

sed –i ‘/*\(HWADDR\|UUID\)=/d’ /etc/sysconfig/network-scripts/ifcfg-eth0

8. Clearing out the logs on the server is also a good idea. This can be accomplished as follows:

NOTE: Where ‘?’ is usually the date but will depend on your logroatate.conf configuration.

logrotate –f /etc/logrotate.conf
rm-rf /var/log/*-???????? /var/log/*.gz
cat /dev/null > /var/log/audit/audit.log
cat /dev/null > /var/log/wtmp

9. Clear out all Temp directories as follows:

rm –rf /tmp/*
rm –rf /var/tmp/*

10. Now we will remove any SSH host keys for security:

rm-rf /etc/ssh/*keys*

11. For good measure, lets create an administrative user in case we need access later, after the root password has been changed by the user:

adduser admin
passwd admin

12. We want the root password changed upon booting up the server, so:

chage –d 0 root

13. We also do not want the new user to have a copy of what we have just done in the bash history, so lets wipe that out as well:

rm –f ~root/.bash_history

Create a VMWare Template Ubuntu 12.04

In this article, I am going to outline a procedure to create a very basic Ubuntu VMWare virtual machine template for rapid deployment.

 

1. Perform the installation of Ubuntu as you would any Virtual Machine. Create an initial user called ‘cloud’

2. Install gcc, build essential and the Linux headers for the currently running kernel:

sudo apt-get install gcc build-essential linux-headers-$(uname –r)

3. Install VMWare Tools. Accept all defaults during the installation:

sudo mount /dev/cdrom /media/cdrom

cp /media/cdrom/VMWareTools-XXX.tar.gz ~

cd ~

tar zxf VMWareTools-XXX.tar.gz

cd vmware-tools

sudo ./vmware-install.pl

cd ..

rm –rf vmware-tools VMWareTools-XXX.tar.gz

4. Fully patch the operating system:

sudo apt-get update

sudo apt-get upgrade

sudo shutdown –r now

5. Clear the apt cache:

sudo apt-get clean

6. To prevent hardware related issues, remove the udev persistent rules as follows:

sudo rm –f /etc/udev/rules.d/70*

7. For the users’ convenience, lets update the locate database:

sudo updatedb

8. For good measure, lets create an administrative user in case we need access later:

sudo adduser admin (Enter details and document)

sudo usermod –G sudo admin

9. Lets make the initial users password expire immediately upon logging in as well:

chage –d 0 cloud

10. Clear out the temp directories:

sudo rm –rf /tmp/*

gesudo rm –rf /var/tmp/*

11. Now we will remove all SSH host keys:

rm –rf /etc/ssh/*keys*

12. Now we will clear the bash history to cover our tracks a bit:

history –c

13. Clearing out the logs is also a good idea. This can be accomplished as follows:

NOTE: Where ‘1’ is usually the first rotation. Check if additional rotations have occurred ‘2’.

sudo logrotate –f /etc/logrotate.conf

sudo cat /dev/null > /var/log/wtmp

sudo rm –rf /var/log/*.1 /var/log/*.gz

Manage Auto Start services on CentOS

Most server admins want their servers to run as lean and secure as possible. For that reason, we usually try to disable as many services that are unneeded at start-up as possible. Here I will briefly explain how you can manage auto start services on your CentOS box and disable/enable any that you may or may not want starting.

DISCLAIMER:
The usual stuff. Make sure you backup your system and have a complete understanding of what services you disable/enable and any potential impact this may have on your server(s).

SERVICE MANAGEMENT:

Run this command to list the services that are currently run at start-up.

chkconfig --list|grep "3:on"|awk '{print $1}'|sort

I suggest that you output this list to a file to allow you to compare before and after, as well as have the ability to revert any changes in case they cause issues. this can be done as follows:

chkconfig --list|grep "3:on"|awk '{print $1}'|sort > before

Now that you have an idea of what is run at start-up, you can disable things, such as cups (Common Unix Printing Service).

chkconfig cups off

after disabling the services that you do now want to start on boot, you can create a second output file containing the enabled services and compare the 2.

chkconfig --list|grep "3:on"|awk '{print $1}'|sort > after

To compare before and after:

diff before after

 

My favorite Distros and Why

Today I thought I would take a break from all of the technical ‘how to’ articles and write something a little more near and dear to my heart – My favorite Linux Distributions and Why. Now, this can be a rather heated topic (even leading do blows among us geeks) but I am not here to persuade anyone that my choices are better than yours, or that any particular distribution is better than any other. I am simply posting my opinion and why. In this article, I have chosen to pick my top 3 distributions and list the reasons why I prefer these distributions. I hope you enjoy this article and if you are offended by my choices, feel free to voice your concerns, though they will likely fall on deaf ears :-).

As you probably already know, there are countless numbers of distributions available today, all have good points and bad and some are specialized for specific purposes. Linux as an operating system is very similar at it’s core across all distributions. All distributions have a Kernel, some sort of package management and follow (some more loosely than others) the File System Hierarchy standard. In many cases, that is where the similarities end.

Read More

Configure Exchange 2010 Autodiscover

This is a short article on how to configure Microsoft Exchange Server 2010 Auto Discover feature. I remember when I initially tried to do this years ago, finding any reliable information on getting it working was a challenge, so I decided to write my own basic how-to for anyone else who is facing this dilemma. These instructions should serve as a good starting point/foundation to get Auto Discover configured in your environment. My instructions (Particularly the portion regarding Certificate installation) are based on GoDaddy Certificate services so the instructions may vary slightly from your Certificate provider but most steps should be applicable.

Read More

Must Have Security Audit Tools

I have always had an interest in network/computer/data security and have for years played around with a number of interesting and useful tools that can be used to audit systems for vulnerabilities as well as exploit them. To that end, I have never put together a list of the security audit and penetration testing applications and tools that I find indispensable when performing these types of scans and audits – this is that list.

-enjoy!

DISCLAIMER:
This article involves the use of tools and techniques that may be illegal and in most cases are frowned upon to be used in any manner other than research and/or security testing of YOUR OWN infrastructure. Mis-use of these tools or the techniques mentioned in this article can get you in REAL TROUBLE. I take no responsibility for any damage to system that you may cause by using this information or any trouble that you get into by mis-using this information. If you plan to use these tools in a consulting capacity on behalf of a customer wanting a security audit, ensure that you have a well defined scope and signed agreements that release you from liability caused by any damage/outage as a result of your testing.

Read More

Build a Secure FTP Server with CentOS and vsftpd

In this article, I am going to outline the steps that I have taken to create a secure and stable FTP server for general purpose file transfer etc. I am not using FTPS (FTP Secure) in this article though it is possible using vsftpd. I have used a number of techniques in this article to secure the server that can be found here as well as some tweaks to SELinux that I will explain.

-Enjoy!

DISCLAIMER:
I take no responsibility for any damage that may result from following this guide. Ensuring that you take the appropriate measures to secure your server/infrastructure is paramount. I also recommend thoroughly testing this configuration before production use.

Read More