Month: September 2017

Securely Installing and Using FTP on Linux

12 September 2017

First, install VSFTP (Very Secure File Transfer Protocol) using the following command:

sudo apt-get install vsftpd

Now edit the vsftpd.conf file to perfect the setup of VSFTP

open the file using:

sudo nano /etc/vsftpd.conf

You should be shown something similar to below:

vsftpd.conf

Make the following changes to the configuration file…

  • anonymous_enable=NO
  • local_enable=YES
  • write_enable=YES
  • chroot_local_users=YES

now add the following lines to the bottom of the file…

  • force_dot_files=YES
  • allow_writable_chroot=YES

 

Now restart the vsftpd service using:

sudo service vsftpd restart

You should now be able to connect to you Linux box using a program such as FileZilla using your username and password. You may need to get the IP address of your Linux box before you know where to connect to. So on your Linux use the command:

ifconfig

to know where to connect to.

You will notice that you cant move out of your home directory. I have this setup fo security reasons but if you wish to remove this then simply comment out the chroot_local_users part of the vsftpd.conf file.

I will be showing in a future blog how to upload files to external drives whilst chrooted in your home directory. Chrooted helps with security as it means that even if someone gets your username and password, they still cant browse the entire system.

Enjoy!

Making External VFAT Drive Writable on Linux

09 September 2017

 

Prerequisites: 

I would install nano, this is a text editor on Linux which is MUCH easier to use for beginners than vi. You can do this by using “sudo apt-get install nano” or “yum install nano” depending on your distribution of Linux.

First we will need to find where in /dev your drive is being displayed. You can do this by running:

lsblk

which will display all the drives currently connected to your Linux machine. The easiest way to see which drive you want is to check the size of the drive. For example, I have connected a 500GB hard drive so when I run “lsblk” I get the following:

lsblk

From this screenshot you can already see that I have mounted the drive partition I require, which in my case is sda3.

Now you need to create a directory in the mnt directory as this is were you should mount drive in Linux to keep things tidy. You can do this by using:

sudo mkdir /mnt/library

I have called by directory “library” but you can call it whatever you want.

Now we need to configure this in the fstab file which basically tells the system what to do with connected drives once the system starts.

You can open the fstab file by using:

sudo nano /etc/fstab

This should give you something similar to below:

fstab 1

Now go to the bottom of the file and add something similar to the one I have added, you can see this below:

fstab

Just for reference the line I have added is:

“/dev/sda3         /mnt/library          vfat          users,umask=00          0          0”

Make sure to check the directory locations as you might have called your something else and your drive label might be different.

You can now check in your /mnt/library directory and you should see that your drive has been mounted and you can delete and add new files to the location.

Enjoy!

Create, Store & Use Encrypted Passwords With PowerShell

07 September 2017

This is just a neat little “tactic” I use when I need to connect to the same machine over and over again but don’t want to drive myself insane with having to constantly enter the same username and password. For example, when testing a script.

First you need to enter your password, in plain text, into this script so that it can get the password. This a perfectly safe as it will only be at this point where the password is in plain text.

$password = "PUT PASSWORD HERE" | ConvertTo-SecureString -AsPlainText -Force

This gets the password that you just entered and encrypts it and also puts it into the variable “password”

Now you need to convert the password to an encrypted string of characters using the below command:

$Password2 = $password | ConvertFrom-SecureString | Out-File "PATH TO TEXT FILE TO STORE PASSWORD"

This puts the encrypted password into the text file for later use.

Now, whenever you need to connect to a machine, you can put this into a variable along with the username. Then put them together into a credential and away you go:

$Username = "DOMAIN\username"

$EcryptedPassword = Get-Content "LOCATION TO TEXT FILE" | ConvertTo-SecureString

$Credential = New-Object System.Management.Automation.PSCredential($Username, $EncryptedPassword)

This builds the credential which you can now use with something similar to below:

Invoke-Command -Credential $Credential -ScriptBlock {echo "test"} -ComputerName "COMPNAME" -Authentication CredCSSP

Enjoy!