Wi-Fi Tools
As with many things in Pentest, there are many options to choose from and most work equally well provided the engineer has a thorough understanding of how to use them. I happen to use and prefer the following tools, but your taste may be different. Use what you like and know as long as it gets the job done.
Items with an asterisk are my preferred tools for each category.
Information Gathering:
*Fluke AirCheck
*AirMagnet Wi-Fi Analyzer Pro
MetaGeek inSSIDer
Xirrus Wi-Fi Inspector
WiFi Scanner (Mac)
Kismet (Linux)
Predictive Site Surveys:
*Cisco Wireless Control System (WCS)
AirMagnet Planner
Motorola LANPlanner
Aerohive Wi-Fi Planner (online - Free)
Post-Installation Site Surveys:
*AirMagnet Survey Pro
Ekahau Site Survey
TamoSoft TamoGraph Site Survey
Protocol & Roaming Analysis:
*Wireshark with CACE AirPcapNx and Wi-Fi Pilot (now Riverbed Cascade Pilot Personal Edition)
Wireshark with Atheros Adapter (Linux)
WildPackets OmniPeek
AirMagnet Wi-Fi Analyzer Pro with multi-adapter kit
AirMagnet VoFi Analyzer
TamoSoft CommView for Wi-Fi
Spectrum Analysis:
*Cisco Spectrum Expert (cardbus)
*Cisco CleanAir Access Points (Cisco infrastructure only)
*MetaGeek WiSpy DBx with Chanalyzer Pro
AirMagnet SpectrumXT
Performance Analysis:
*Iperf (CLI) or Jperf (Java) (both Free)
*2nd Ping Test Tool (Free)
*TCP/IP on Ethernet Performance Model (reference only) (Free)
Ixia IxChariot
Ixia Qcheck (Free)
Nuts About Nets NetStress (Free)
Ruckus SpeedFlex (Ruckus infrastructure only)
Ruckus Zap
Security / Pen-Testing:
*Backtrack Linux
Immunity SILICA-U
TamoSoft CommView packet injection
CACE AirPcapNx traffic replay and injection
Cable Plant Verification:
*PowerDsine PoE Tester
*Fluke MicroScanner Cable Verifier
*Tempo 200EP Tone Probe
*Smartronix SuperLooper Line (loop adapters)
Miscellaneous Tools:
*Nuts About Nets AirHORN
*tftpd32
*Cisco WLC Config Analyzer
*Microsoft Visio
@firebitsbr
quarta-feira, 29 de junho de 2011
segunda-feira, 27 de junho de 2011
Palestras diversas sobre Segurança
Link:
http://www.slideshare.net/firebits/presentations
@firebitsbr
http://www.slideshare.net/firebits/presentations
@firebitsbr
3º Open Source Jam do Google - Hardening e OpenVAS4 (Scripts e Checklits em hardening security)
Hoje estou postando sobre a minha palestra de Hardening e OpenVAS4 (Scripts p/ hardening) no 3º Open Source Jam do Google e a possibilidade de uso deste scanner de vulnerabilidades, mas mudando um pouco o foco de vulnerabilidades para hardening com alguns bons scripts próprios e checklists.
O slide da palestra está em:
http://www.slideshare.net/firebits/3-google-open-souce-jam-a-hardening
E uma foto para evidência do mesmo...rss;)
@firebitsbr
O slide da palestra está em:
http://www.slideshare.net/firebits/3-google-open-souce-jam-a-hardening
E uma foto para evidência do mesmo...rss;)
@firebitsbr
terça-feira, 21 de junho de 2011
Davmail e Thunderbird (Linux) para OWA Microsoft Exchange 2007
This morning I finally decided I couldn’t stand Evolution any longer. I started using it as my mail client at work because we have an Exchange mail server and Microsoft doesn’t make a client for Linux (surprise, surprise). I’ve never worked at a place that uses Exchange, so I’ve always just used Thunderbird for mail in the past. When I got here, this was my first serious experience with Outlook, and I started to get a bit hooked on some of the calendaring niceness. When I got my new Workstation and ditched Windows for Kubuntu I was looking for something that could integrate best with Exchange.
Evolution seemed the most attractive option because it has a plugin for exchange integration called evolution-exchange. You can install directly from the Ubuntu repositories. Basically it’s a scraper for the OWA (Outlook Web Access) web interface, and generally it works really well. I’ve been using it for about 5 months now, but there are just a few things I can’t stand about it that made me decide today to bin it.
Password manager is broken and has been for about 12 months it seems. No one cares to fix it. You have to type your password in each session.
A bug with the Evolution/Nvidia/Compiz combination of packages causes the cursor to leave garbage on the screen when you use the cursor keys in a new mail message.
HTML support sucks, the development community seem hell bent against it.
It can’t handle contacts with “>” in the name, which is a convention we use to keep mailing lists at the top of the list. This character will cause it to generate invalid mail headers, destroy the html layout of the email and makes me look like an ass, especially when sending announcements to groups like “>ALL STAFF”.
Occasionally the evolution-exchange plugin cache gets corrupted and you loose random mails, but you wouldn’t know unless you check occasionally in OWA or Outlook. You have to delete the whole cache and download them all again.
I was prepared to switch back to using Outlook in a virtual machine, but before doing so I decided to check first to see if there was any possible way to get Thunderbird to read Exchange calendars. Thunderbird has an extension called Lightning that adds Outlook style calendaring integration. The latest release is 0.9. Last time I used Thunderbird I think I had to get the development version of 0.8 in order to get enough working features to call it functional (appointment invites used to be very buggy in the 0.7 version). Version 0.9 has come along way, everything seems to work great… except still no support for Exchange calendars unfortunately. Your calendar is maintained locally or in some 3rd party web calendar that uses a non-proprietry protocol. Not quite good enough.
Then I found DavMail. It’s a gateway that basically does the same as the evolution-exchange plugin. This thing acts as a webservice making data available from Exchange via standard protocols by scraping the Exchange OWA interface. It maintains separate user sessions, so you really can set it up as a server side service, possibly even installed on the mail server itself.
A ray of hope! But would it work?
I had enough problems getting Lightning installed to tell the truth, and that’s just a plugin for Thunderbird! Turns out the link on the Mozilla site was no good for 64bit Linux OS and I had to jigg about with the URL to find the actual release for me. DavMail is a totally unsupported package though, the one thing going in it’s favour is that it’s Java based, so it should just work right? Well lets find out.
They have a deb package ready for me to download. I attempt to install it but I’m missing the dependency “libswt-gtk-3.4-java”. Oh boy, looks like it’s using ugly Swing for the UI (Update: thanks for the education Jurrie, libswt is certainly not Swing). Well, looks like my Kubuntu Hardy distro is a bit behind the times now because the best I could find was a package called “libswt3.2-gtk-java” (yeah, I love the way they switched naming conventions too ^^). I installed that anyway and then just used dpkg to force it to install. It created an icon in my start menu under “Internet” and then seemed to work perfectly, connect to OWA no worries, all was good. Except now my package manager is going boonta because I’ve got a “broken package”. I can’t find the chill button so I uninstalled it for now.
How do you downgrade a dependency? Well this method worked for me…
dpkg -e davmail_3.2.0-1_all.deb
cd DEBIAN/
nano control
tar -czvf control.tar.gz *
mv control.tar.gz ..
cd ..
ar r davmail_3.2.0-1_all.deb control.tar.gz
mv davmail_3.2.0-1_all.deb davmail_3.2.0-01_all.deb
When editing the control file I changed the dependency from “libswt-gtk-3.4-java” to “libswt3.2-gtk-java” and also changed the version number to 3.2.0-01 so as not to conflict with a real version. The deb installer GUI detected something was wrong and wouldn’t install it, but “dpkg -i” worked like a charm. This is probably totally the wrong approach to take to my problem, but I don’t care. While I can sort of understand why Gnome developers might think Swing is cool, I can’t believe the libswt-gtk project can possibly have achieved much in two minor versions that would break compatibility. The latest 32bit Ubuntu has the correct version so most people wont have to care about this at all.
Now I’m rock’n with Thunderbird and Exchange! Without too much tomhackery even. So I settle back in with my old friend, so many features I’ve missed. The fantastic rich text editor (well actually it’s really basic, but light years a head of Evolution). The simplicity of theming it. I toyed with installing an Outlook theme and trying to get it to look and act exactly like Outlook. You can choose which IMAP folders to subscribe, so I picked Inbox and all it’s sub-folders, Drafts, Sent and Deleted Items. Now it’s easy to configure Thunderbird to put your sent mail into the IMAP Sent folder, but you still have the default Thunderbird Trash folder which you cannot easily convert to the IMAP Deleted Items folder. I found out you just have to edit user preferences to change the name. Searching on the net, people are always talking about editing some “prefs.js” file. I always just change the welcome page in Thunderbird to about:config, it was one of the first things I did when it was installed. This allows me to edit my preferences in the exact same way as you would in Firefox. In this case I just added the property as specified, restarted, and it worked like a charm.
I also hooked up the address book to the Exchange Global Address LDAP and then just tweaked the LDAP settings so it finds contacts a little quicker. One thing I notice is that the compose window only completes local addresses and not LDAP addresses. There had to be a fix for this.
With the power of about:config I searched for ldap and quickly found the settings that looked most useful…
ldap_2.autoComplete.directoryServer
ldap_2.autoComplete.useDirectory
The first one needed a quick search to figure out the syntax but the second one was just a boolean. Once that was done I had the same, if not better, contact auto-completion as I had previously with Evolution and Outlook. Game over, Thunderbird/Lightning/DavMail wins!
Update May 20, 2009 at 12:45 pm: Set mail.check_all_imap_folders_for_new to true, otherwise Thunderbird doesn’t check for new mail in your subfolders. This can be a problem if you have any Exchange mail filters running.
Update May 26, 2009 at 12:58pm: http://www.trustedbird.org/tb/Multi-LDAP here’s an addon that’s showing the easy way to configure LDAP addressbook lookups. Install that addon if you would like to search multiple LDAPs.
Evolution seemed the most attractive option because it has a plugin for exchange integration called evolution-exchange. You can install directly from the Ubuntu repositories. Basically it’s a scraper for the OWA (Outlook Web Access) web interface, and generally it works really well. I’ve been using it for about 5 months now, but there are just a few things I can’t stand about it that made me decide today to bin it.
Password manager is broken and has been for about 12 months it seems. No one cares to fix it. You have to type your password in each session.
A bug with the Evolution/Nvidia/Compiz combination of packages causes the cursor to leave garbage on the screen when you use the cursor keys in a new mail message.
HTML support sucks, the development community seem hell bent against it.
It can’t handle contacts with “>” in the name, which is a convention we use to keep mailing lists at the top of the list. This character will cause it to generate invalid mail headers, destroy the html layout of the email and makes me look like an ass, especially when sending announcements to groups like “>ALL STAFF”.
Occasionally the evolution-exchange plugin cache gets corrupted and you loose random mails, but you wouldn’t know unless you check occasionally in OWA or Outlook. You have to delete the whole cache and download them all again.
I was prepared to switch back to using Outlook in a virtual machine, but before doing so I decided to check first to see if there was any possible way to get Thunderbird to read Exchange calendars. Thunderbird has an extension called Lightning that adds Outlook style calendaring integration. The latest release is 0.9. Last time I used Thunderbird I think I had to get the development version of 0.8 in order to get enough working features to call it functional (appointment invites used to be very buggy in the 0.7 version). Version 0.9 has come along way, everything seems to work great… except still no support for Exchange calendars unfortunately. Your calendar is maintained locally or in some 3rd party web calendar that uses a non-proprietry protocol. Not quite good enough.
Then I found DavMail. It’s a gateway that basically does the same as the evolution-exchange plugin. This thing acts as a webservice making data available from Exchange via standard protocols by scraping the Exchange OWA interface. It maintains separate user sessions, so you really can set it up as a server side service, possibly even installed on the mail server itself.
A ray of hope! But would it work?
I had enough problems getting Lightning installed to tell the truth, and that’s just a plugin for Thunderbird! Turns out the link on the Mozilla site was no good for 64bit Linux OS and I had to jigg about with the URL to find the actual release for me. DavMail is a totally unsupported package though, the one thing going in it’s favour is that it’s Java based, so it should just work right? Well lets find out.
They have a deb package ready for me to download. I attempt to install it but I’m missing the dependency “libswt-gtk-3.4-java”. Oh boy, looks like it’s using ugly Swing for the UI (Update: thanks for the education Jurrie, libswt is certainly not Swing). Well, looks like my Kubuntu Hardy distro is a bit behind the times now because the best I could find was a package called “libswt3.2-gtk-java” (yeah, I love the way they switched naming conventions too ^^). I installed that anyway and then just used dpkg to force it to install. It created an icon in my start menu under “Internet” and then seemed to work perfectly, connect to OWA no worries, all was good. Except now my package manager is going boonta because I’ve got a “broken package”. I can’t find the chill button so I uninstalled it for now.
How do you downgrade a dependency? Well this method worked for me…
dpkg -e davmail_3.2.0-1_all.deb
cd DEBIAN/
nano control
tar -czvf control.tar.gz *
mv control.tar.gz ..
cd ..
ar r davmail_3.2.0-1_all.deb control.tar.gz
mv davmail_3.2.0-1_all.deb davmail_3.2.0-01_all.deb
When editing the control file I changed the dependency from “libswt-gtk-3.4-java” to “libswt3.2-gtk-java” and also changed the version number to 3.2.0-01 so as not to conflict with a real version. The deb installer GUI detected something was wrong and wouldn’t install it, but “dpkg -i” worked like a charm. This is probably totally the wrong approach to take to my problem, but I don’t care. While I can sort of understand why Gnome developers might think Swing is cool, I can’t believe the libswt-gtk project can possibly have achieved much in two minor versions that would break compatibility. The latest 32bit Ubuntu has the correct version so most people wont have to care about this at all.
Now I’m rock’n with Thunderbird and Exchange! Without too much tomhackery even. So I settle back in with my old friend, so many features I’ve missed. The fantastic rich text editor (well actually it’s really basic, but light years a head of Evolution). The simplicity of theming it. I toyed with installing an Outlook theme and trying to get it to look and act exactly like Outlook. You can choose which IMAP folders to subscribe, so I picked Inbox and all it’s sub-folders, Drafts, Sent and Deleted Items. Now it’s easy to configure Thunderbird to put your sent mail into the IMAP Sent folder, but you still have the default Thunderbird Trash folder which you cannot easily convert to the IMAP Deleted Items folder. I found out you just have to edit user preferences to change the name. Searching on the net, people are always talking about editing some “prefs.js” file. I always just change the welcome page in Thunderbird to about:config, it was one of the first things I did when it was installed. This allows me to edit my preferences in the exact same way as you would in Firefox. In this case I just added the property as specified, restarted, and it worked like a charm.
I also hooked up the address book to the Exchange Global Address LDAP and then just tweaked the LDAP settings so it finds contacts a little quicker. One thing I notice is that the compose window only completes local addresses and not LDAP addresses. There had to be a fix for this.
With the power of about:config I searched for ldap and quickly found the settings that looked most useful…
ldap_2.autoComplete.directoryServer
ldap_2.autoComplete.useDirectory
The first one needed a quick search to figure out the syntax but the second one was just a boolean. Once that was done I had the same, if not better, contact auto-completion as I had previously with Evolution and Outlook. Game over, Thunderbird/Lightning/DavMail wins!
Update May 20, 2009 at 12:45 pm: Set mail.check_all_imap_folders_for_new to true, otherwise Thunderbird doesn’t check for new mail in your subfolders. This can be a problem if you have any Exchange mail filters running.
Update May 26, 2009 at 12:58pm: http://www.trustedbird.org/tb/Multi-LDAP here’s an addon that’s showing the easy way to configure LDAP addressbook lookups. Install that addon if you would like to search multiple LDAPs.
3º Open Source Jam do Google _ Pate 2
Sua palestra do 3o Open Source Jam do Google, em São Paulo, está confirmada. O evento ocorrerá dia 23, a partir das 18h30. O nosso endereço é:
Av. Brig. Faria Lima, 3900 - 4o andar
Itaim Bibi - São Paulo
Vejo vocês lá!
Av. Brig. Faria Lima, 3900 - 4o andar
Itaim Bibi - São Paulo
Vejo vocês lá!
segunda-feira, 20 de junho de 2011
3º Open Source Jam do Google
Hoje saiu a confirmação da minha segunda palestra para o evento Google Open Source Jam.
A primeira palestrei mandei o slide sobre a palestra para Google (palestra remota), pois estava ministrando curso no senac de Campinas-SP
Já a segunda vez, que será 3 Open Source Jam do Google, no prêdio do Google de São Paulo, perto do meu trabalho.
Vou falar sobre Hardening e scanners como OpenVAS.
Até lá
@firebitsbr
A primeira palestrei mandei o slide sobre a palestra para Google (palestra remota), pois estava ministrando curso no senac de Campinas-SP
Já a segunda vez, que será 3 Open Source Jam do Google, no prêdio do Google de São Paulo, perto do meu trabalho.
Vou falar sobre Hardening e scanners como OpenVAS.
Até lá
@firebitsbr
sexta-feira, 10 de junho de 2011
Deploy do OpenVAS4 em Fedora 15 i386 Server (Draft)
Passo 1
Link http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/Fedora_15/security:OpenVAS:STABLE:v4.repo
Passo 2
#cd /etc/yum.repos.d/
Passo 3
#wget http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/Fedora_15/security:OpenVAS:STABLE:v4.repo
Passo 4
#yum update -y
Passo 5
#yum install -y libopenvas-debug.i386 libopenvas-devel.i386 libopenvas_base4.i386 libopenvas_hg4.i386 libopenvas_misc4.i386 libopenvas_nasl4.i386 libopenvas_omp4.i386 openvas-administrator.i386 openvas-administrator-debug.i386 openvas-cli.i386 openvas-cli-debug.i386 openvas-manager.i386 openvas-manager-debug.i386 openvas-scanner.i386 openvas-scanner-debug.i386 gsd.i386
Inicialização rápida do OpenVAS4
test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q
sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-scanner stop
sudo openvassd
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
sleep 15
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin
Login no OpenVAS como "admin"
# firefox https://localhost:9392/
ou
# gsd
Link http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/Fedora_15/security:OpenVAS:STABLE:v4.repo
Passo 2
#cd /etc/yum.repos.d/
Passo 3
#wget http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v4/Fedora_15/security:OpenVAS:STABLE:v4.repo
Passo 4
#yum update -y
Passo 5
#yum install -y libopenvas-debug.i386 libopenvas-devel.i386 libopenvas_base4.i386 libopenvas_hg4.i386 libopenvas_misc4.i386 libopenvas_nasl4.i386 libopenvas_omp4.i386 openvas-administrator.i386 openvas-administrator-debug.i386 openvas-cli.i386 openvas-cli-debug.i386 openvas-manager.i386 openvas-manager-debug.i386 openvas-scanner.i386 openvas-scanner-debug.i386 gsd.i386
Inicialização rápida do OpenVAS4
test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q
sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-scanner stop
sudo openvassd
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
sleep 15
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin
Login no OpenVAS como "admin"
# firefox https://localhost:9392/
ou
# gsd
segunda-feira, 6 de junho de 2011
samhain - verificador de integridade de filesystem
O Samhain é um sistema de detecção baseado em intrusão de host (HIDS) que fornece verificação de integridade de arquivos e acompanhamento do arquivo de log/análise, bem como detecção de rootkits, monitoramento de portas, detecção de arquivos executáveis SUID e processos ocultos.
Samhain foi projetado para monitorar vários sistemas legados com sistemas operacionais potencialmente diferentes, fornecendo registro centralizado e manutenção, embora também possa ser utilizado como aplicativo independente em um único host.
Samhain é uma aplicação multiplataforma de código aberto para sistemas POSIX (Unix,Linux Cygwin/Windows).
Version 2.8.4a http://www.la-samhna.de/samhain/samhain-current.tar.gz
MD5 checksum c9f7c291ee01a8c6c0bb14a3251b6285
bytes 2064459
release date May 11, 2011
Descompactando
Depois do download, descompacte o arquivo .tar.
$ gunzip samhain-current.tar.gz
$ tar -xf samhain-current.tar
samhain-2.8.4a.tar.gz
samhain-2.8.4a.tar.gz.asc
Obtendo última versão de desenvolvimento do samhain e a chave PGP 1024D/0F571F6C
(quase qualquer servidor de chaves vai fazer se pgp.mit.edu estão temporariamente indisponíveis):
$ gpg --keyserver pgp.mit.edu --recv-key 0F571F6C
Verifique a chave fingerprint (EF6C EF54 701A 0AFD B86A F4C3 1AAD 26C8 0F57 1F6C)
$ gpg --fingerprint 0F571F6C
e verificar a chave PGP:
$ gpg --verify samhain-2.8.4a.tar.gz.asc samhain-2.8.4a.tar.gz
Descompacte pela segunda vez e entre na pasta:
$ gunzip samhain-2.8.4a.tar.gz
$ tar -xf samhain-2.8.4a.tar
$ cd samhain-2.8.4a
Instalação
Leia o arquivo README e/ou o manual de opções caso você deseja configurar o código-fonte, então faça:
$ ./configure [options]
$ make
$ make install
(Há também um make uninstall. Caso você deseja não usar mais o samhain.)
Se você curte interfaces "GUI" do tipo 'dialog' (xdialog, dialog, lxdialog) você poderá instalar usando este comando:
$ ./Install.sh
Após a instalação, você deve primeiro analisar o arquivo de configuração (por padrão em /etc/ samhainrc), especialmente no que diz respeito a endereços de rede como o endereço de e-mail e de arquivos/diretórios são verificado. Em seguida, você tem que inicializar o banco de dados:
$ samhain -t init
Depois, você pode inicializar o samhain em modo daemon para verificar o seu sistema em intervalos, conforme especificado no arquivo de configuração:
$ samhain -t check -D
Na maioria dos sistemas, após a $ make install, você pode adicionar para instalar os scripts necessários no boot da máquina:
$ make install-boot
OBS:(SOs suportados: Linux, FreeBSD, MacOS X, Solaris, HP-UX, AIX).
Samhain foi projetado para monitorar vários sistemas legados com sistemas operacionais potencialmente diferentes, fornecendo registro centralizado e manutenção, embora também possa ser utilizado como aplicativo independente em um único host.
Samhain é uma aplicação multiplataforma de código aberto para sistemas POSIX (Unix,Linux Cygwin/Windows).
Version 2.8.4a http://www.la-samhna.de/samhain/samhain-current.tar.gz
MD5 checksum c9f7c291ee01a8c6c0bb14a3251b6285
bytes 2064459
release date May 11, 2011
Descompactando
Depois do download, descompacte o arquivo .tar.
$ gunzip samhain-current.tar.gz
$ tar -xf samhain-current.tar
samhain-2.8.4a.tar.gz
samhain-2.8.4a.tar.gz.asc
Obtendo última versão de desenvolvimento do samhain e a chave PGP 1024D/0F571F6C
(quase qualquer servidor de chaves vai fazer se pgp.mit.edu estão temporariamente indisponíveis):
$ gpg --keyserver pgp.mit.edu --recv-key 0F571F6C
Verifique a chave fingerprint (EF6C EF54 701A 0AFD B86A F4C3 1AAD 26C8 0F57 1F6C)
$ gpg --fingerprint 0F571F6C
e verificar a chave PGP:
$ gpg --verify samhain-2.8.4a.tar.gz.asc samhain-2.8.4a.tar.gz
Descompacte pela segunda vez e entre na pasta:
$ gunzip samhain-2.8.4a.tar.gz
$ tar -xf samhain-2.8.4a.tar
$ cd samhain-2.8.4a
Instalação
Leia o arquivo README e/ou o manual de opções caso você deseja configurar o código-fonte, então faça:
$ ./configure [options]
$ make
$ make install
(Há também um make uninstall. Caso você deseja não usar mais o samhain.)
Se você curte interfaces "GUI" do tipo 'dialog' (xdialog, dialog, lxdialog) você poderá instalar usando este comando:
$ ./Install.sh
Após a instalação, você deve primeiro analisar o arquivo de configuração (por padrão em /etc/ samhainrc), especialmente no que diz respeito a endereços de rede como o endereço de e-mail e de arquivos/diretórios são verificado. Em seguida, você tem que inicializar o banco de dados:
$ samhain -t init
Depois, você pode inicializar o samhain em modo daemon para verificar o seu sistema em intervalos, conforme especificado no arquivo de configuração:
$ samhain -t check -D
Na maioria dos sistemas, após a $ make install, você pode adicionar para instalar os scripts necessários no boot da máquina:
$ make install-boot
OBS:(SOs suportados: Linux, FreeBSD, MacOS X, Solaris, HP-UX, AIX).
Assinar:
Postagens (Atom)