How to Install the OSSEC HIDS in Linux

OSSEC HIDS Overview

OSSEC is a host based intrusion detection and prevention system (HIDS/HIPS). A host based based intrusion detection system or host based intrusion prevention system serves a similar function as antivirus software. A HIDS can warn you if it discovers that your system has an intrusion or virus, and a HIPS can warn you in real-time, if an intrusion is currently being attempted, and block it. This can greatly increase the security of your system, especially if you are running servers like a webserver. OSSEC is supported by the TrendMicro security company.

OSSEC Installation and Configuration

1. Elevate to root user. Download OSSEC, extract it, change directories and list the directory contents to look for the installation script. Before you can run the installation script you will need to install the GCC compiler.

$ su –
# wget
http://www.ossec.net/files/ossec-hids-2.7.tar.gz
# tar -xf ossec-hids-2.7.tar.gz
# cd ossec-hids-2.7
# ls
# yum -y install gcc

2. Run the installation script and choose hybrid install. Answer yes to everything else, but no to the active response, you can change that later. For the IP address or hostname of the OSSEC server type in localhost and press enter.

# ./install.sh

3. Run the service status and the service start commands. When you try to start the program, you will get an error that it is missing the client.keys file.

# service ossec status
# service ossec start

4. Run the ./ossec-control program to see the program options. Run the ./ossec-control enable client-syslog options. When you try to start the program, ./ossec-control start, you will get an error that it is missing the client.keys file. Create an empty client.keys file using the touch command, then start the ossec-control program.

# cd /var/ossec/bin/
# ls
# ./ossec-control
# ./ossec-control enable
# ./ossec-control enable client-syslog
# ./ossec-control start
# touch /var/ossec/ossec-agent/etc/client.keys
# ./ossec-control start

5. Using the cd command return to your home directory then download the web user interface using wget. Verify the checksum, extract the tar.gz file and move the contents of the directory to a new directory at /var/www/html/ossec.

 

# cd
# wget http://www.ossec.net/files/ossec-wui-0.3.tar.gz
# wget http://www.ossec.net/files/ossec-wui-0.3-checksum.txt

# cat ossec-wui-0.3-checksum.txt
# sha1sum ossec-wui-0.3.tar.gz

# tar -xf ossec-wui-0.3.tar.gz
# mv ossec-wui-0.3 /var/www/html/ossec
# cd /var/www/html/ossec/
# ls

6. Run the setup script you will be prompted to create a username and password.

# ./setup.sh

7. Recursively change the ossec folder owner and group to apache:apache.

# cd ..
# chown apache:apache -R ossec/

8. Now using Firefox go to the webpage for OSSEC at http://localhost/ossec and you will get a 403 forbidden error message. By examining the httpd error log you can find information related to the error. SELinux may be a potential cause to the problem.

# cat /var/log/httpd/error_log

9. Edit the group file with Vim or Nano. Arrow down to the bottom of the group file and add apache to the ossec group. In Vim you will need to press the i key in order to get to insert mode to edit the text, and the escape key and press the :wq keys in order to save the file.

# vim /etc/group


10. Check to see if selinux is enforced. A 1 means that it is enforced.

# cat /selinux/enforce

 

11. Since OSSEC was downloaded and extracted from a tar.gz file there was no security context associated with the files. This can be fixed by using the restore context program to restore the security context.

# restorecon -R /var/www/html/ossec/

12. Now change the security context for the OSSEC alerts.log file so it can be read by the Apache server.

# chcon -t httpd_sys_content_t /var/ossec/logs/alerts/alerts.log
# chcon -t httpd_sys_content_t /var/ossec/queue/syscheck/syscheck

13. Restart the Apache and OSSEC services.

# service httpd restart
# service ossec restart

14. Now go to the OSSEC homepage at http://localhost/ossec to see the latest events in your host based intrusion detection system.

 

 

How to Install WordPress in CentOS Linux

Installing WordPress in CentOS Linux Overview

WordPress is a PHP based framework for creating database driven websites. WordPress is referred to as a content management system or CMS. WordPress is free to download and install, and is the most popular CMS today, specializing in creating online blogs.

A WordPress site is created by downloading the WordPress packaged files and extracting them into a folder on a webserver. Often time the server is a Linux operating system and an Apache webserver. The server also needs PHP and MySQL installed. Having phpMyAdmin also installed is recommended.

The instructions below walk through the process of installing and configuring WordPress on a CentOS Linux webserver.

Installation Instructions

1. Open a Bash terminal and elevate to root privileges

$ su –
#

2. Using Yum install the MySQL server, PHP, and the Apache webserver.

# yum install mysql-server php httpd

3. You will need to install additional repositories in CentOS, in order to access to necessary software packages that are not available in the default repositories. Install the Extra Packages for Enterprise Linux (EPEL), the epel-release for the current version of Enterprise Linux (EL6). You can find it at the following website: http://fedoraproject.org/wiki/EPEL. A direct link to the RPM is in the command below.  Eventually the link will be outdated and need to be replaced.

# yum install http://ftp.osuosl.org/pub/fedora-epel/6/i386/epel-release-6-8.noarch.rpm

4. Next install PhpMyAdmin. Start the MySQL server, and then initialize the server. When you run the mysql_secure_installation you will be prompted for the MySQL root user password. By default, there is no root user password, so press the enter key for none. Next you will be prompted to create a root user password for MySQL. For security reasons, it is a good idea to change the MySQL root user password. Enter Yes for all other default settings.{loadposition adposition6}

# yum install phpMyAdmin
# service mysqld start
# mysql_secure_installation

5. Next start the Apache webserver.

# service httpd start

6. These commands will make sure that the services will start on system boot.

# chkconfig httpd on
# chkconfig mysqld on

7. Next install WordPress
# yum install wordpress

8. If you cat the WordPress configuration file, the first line of output shows that the web alias to WordPress is: /wordpress. This means that the address to reach WordPress is http://localhost/wordpress. Open Firefox and go to http://localhost/wordpress, and you will get a 404 Not Found page. Restart the Apache webserver and refresh the browser window and you will see that WordPress is found, but there is a Error establishing a database connection message. This is due to the fact that you have not yet created a MySQL database, and database user and password.

# cat /etc/httpd/conf.d/wordpress.conf
#
service httpd reload

 

 


9. Go to http://localhost/phpMyAdmin and login with your MySQL root user password. Click on Databases and create a database for your WordPress site.  Next click on Users and create a new MySQL user and password. Now that you have a database and a user you need to give your new MySQL user complete access permissions to the newly created database. Click on Users to refresh the user list. Locate your new user in the user list and click on Edit Privileges. Scroll down to Database-specific privileges and under Add privileges on the following database drop-down menu, select your new database. Now select Check all for privileges and scroll down to click the accept button.

10. Using Vim or Nano, edit the WordPress configuration file to add the useraccount, password, and database name information to the file. Save and exit. Now the WordPress configuration file has the information it needs to access the MySQL database. In Vim, press the i key to get to insert mode, use the arrow keys to move the cursor to the text that you want to edit, edit the file and then press the escape key and then :wq to save and quit.

# vim /etc/wordpress/wp-config.php

11. Now open Firefox and enter the following address http://localhost/wordpress in the address bar. Enter the necessary information in the WordPress installation page to initialize the WordPress site, and populate the database with the tables and information that WordPress needs to run.

12. Start exploring, adding content, and editing your new WordPress website!

 

Photoshop & Flash Animated Flickering Light Effect

Flash & Photoshop Animated Effect Overview

In this series of video tutorials, I demonstrate how to create a flickering light effect in a Flash movie. The idea is to create a mysterious dark atmospheric room where the light pulsates and comes to life. For this project, I tired to imitate flash techniques seen in many popular movie websites, and hunt and click mystery web games.

I created my sample project using a Canon EOS Rebel and a tripod to capture the images. I had to shoot the digital photographs in manual user mode, holding the shutter open for 1 to 4 seconds to get the desired lighting effects for the dark and light images. I did not use flash photography. Then I imported the photographs into Adobe Photoshop CS6 for aligning in layers, editing, and filtering. Each image layer was saved as a jpeg image and imported into Adobe Flash Professional CS6 for animating and final editing.

Here is the final finished sample project:

Video Tutorials

In part 1, I show the finished Flash project and discuss the process of using the tripod, and the camera, to capture the images and import them into Photoshop on separate layers.

In part 2, I show how to convert the images to black and white, adjust the darkness and contrast using levels, and add grain and texture to the images.

In part 3, I save the separate image layers as jpegs, import them into Flash, and then create the finished timeline animation.

Actionscript Basics – Functions

Functions with Actionscript Overview

Learning how to write and call functions is an important part of any programming language. Functions allow you to modularize your code into reusable groupings or routines. There are two main aspects to functions: how to create the function and then how to call the function. In the video tutorial below, I discuss the basic format of the function in Flash CS6 Actionscript 3. How to create or declare the function, how to call the function, and how to pass data to the function through parameters.

Video Tutorial

In this video, I show to create and call a function in Actionscript 3.0 and 2.0

 

Standard ACL Packet Tracer Challenge

Packet Tracer Challenge Overview

Learn the basics of using standard access lists with these Packet Tracer graded activities. In the activities, the networks have been pre-configured. All you need to do is write the access list, and decide where to apply it. Open the Packet Tracer files, follow the written instructions and the instructions on the topology diagrams.

Standard ACL Practice #1

In this Packet Tracer exercise, the goal is to create a simple standard ACL to permit one network and block the other. Follow the written instructions on where to apply the access list.

Download

The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will track your progress and give you a completion percentage and point total. You can download it here: standardACL-practice1.zip

Standard ACL Practice #2

In this exercise the goal is to permit two hosts, one from the yellow network and one from the blue network, to reach the green network. In this exercise you need to figure out where to apply the ACL so that the intended networks are effected. Hint: standard ACL are usually applied closest to the destination network effected.

 

Download

The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will track your progress and give you a completion percentage and point total. You can download the file here: standardACL-practice2.zip

Switch & VLAN Packet Tracer Challenge

Switch & VLAN Packet Tracer Challenge Overview

A Packet Tracer graded activity. It covers basic Cisco CCNA switch configurations, VLANs, native VLAN, trunk ports, port-security, and setting up secure remote administration with SSH. Great practice for the the Cisco CCNA!

Download

The Packet Tracer file is created with Packet Tracer 5.3.3. The Packet Tracer Activity file will track your progress and give you a completion percentage and point total. You can download it here: BasicConfig-VLAN-Trunk-PortSec-SSH-challenge.zip

Activity Instructions

Configure the Network according to the Topology Diagram and Labels.
When you are finished, the PCs on the Student VLAN should be able to ping each other and so should the PCs on the Faculty VLAN. The Admin PC should be able to SSH into S1 and S2 from the command prompt (Eg. PC>ssh -l admin 192.168.99.2)

PCs
1. IP address (see topology),
2. subnet mask (see topology),
3. default gateway address (first usable address in network)

Cisco 2960 Switches: S1 & S2
1. name: S1, S2
2. enable password, md5 encrypted: class
3. domain name: danscourses.com
4. message of the day banner: Unauthorized access is prohibited!
5. console password: cisco
6. vty 0 15 password: cisco
7. Security RSA Key size: 1024
8. SSH version 2
9. vty: ssh only
10. VLAN 10: student
11. VLAN 20: faculty
12. VLAN 99: Mgt
13. Interface VLAN 99: S1-IP address 192.168.99.2, S2-IP address 192.168.99.3
14. Native VLAN 99
15. fa0/1 Trunk
16. fa0/2-0/13 access VLAN 10
17. fa0/14-0/24 access VLAN 20
18. Gi1/1 access VLAN 99
19. Encrypt all passwords
20. Save running-config to startup-config

Cisco 2960 Switch: S1 Only
1. Gi1/1 Switchport Port-Security, sticky, maximum 1 mac address, violation shutdown

Week 3

{loadposition adposition4}

Overview

This week we will to continue to explore Actionscript basics like conditional statements, functions and event handlers, in order to add greater interactivity to our Flash movies. You will also get a chance to further explore your creativity and develop your skills in creating vector graphics and animation with the Flash tools and timeline.

{loadposition adposition5}You will want to visit these articles to watch the video tutorials on Actionscript basics:

Actionscript Basics – if statements 

 

Week 3 Assignment – Create a Flash Mr. Potato Head

In this assignment you will create an interactive Mr. Potato Head in Flash. Just like the actual Mr. Potato Head toy, your Flash Mr. Potato Head should be able to change: Hats, Eyes, Nose, Mouth, Ears, Arms etc. At least one of the changeable body parts should be animated, for instance the eyes might blink. Please be as creative as possible with your ideas. I will understand if your computer graphics are not the quality of a graphic designer. You may even choose to use photographic images for your body parts (eg. your hats could be acquired from digital images or photographs).

Create a Flash Mr. Potato Head – Actionscript 2.0

Due date: End of week 4

Please post your Mr. Potato Head assignment, Flash document (.fla) file and Flash movie (.swf) into the Danscourses Forum under the appropriate topic. See if you can embed your Flash movie (.swf) in to the post so everyone can see it easily.