Category Archives: Random

Linux, Random, Security, Wordpress

Configure apache to log the real client IP instead of cloudflare IP in http access logs (WordPress)

Leave a comment

If you are running a WordPress site and you have cloudflare setup, you may have noticed that the http access logs log the IP of cloudflare instead of the actual client IP. This is a guide to enable logging of the real client IP instead of the cloudflare IP in the apache2 logs. This was tested on a Ubuntu 20.04 machine + apache2 and traffic is proxied from cloudflare.

Install Prerequisites:

sudo apt-get install apache2-dev libtool git

Git clone the mod_clouflare repo from cloulflare:

cd ~/
git clone https://github.com/cloudflare/mod_cloudflare.git
cd mod_cloudflare

Use the Apache extension tool to convert the .c file into a module:

apxs -a -i -c mod_cloudflare.c

Restart Apache:

sudo apachectl restart

Verify that the module is active:

apache2ctl -M|grep cloudflare

The output should show “cloudflare_module (shared)

Now your apache logs should show the real client IP instead of the cloudflare IPs.

tail -f /var/log/apache2/access.log

-Below is screenshot of access log that shows the real client IP(right click and open image in new lab for high res image):

access.log screenshot

Sources/Credits/References:

Cloudflare
Noirth Security

Random

How to search for IOCs on a Linux machine using Loki IOC and Yara scanner

Leave a comment

This is a quick guide to running Loki APT Scanner to check for IOCs on a Linux machine.

Debian/Ubuntu:

– Run the below commands to setup Loki:

sudo su -
apt-get install libssl-dev -y
apt-get install python3.8-venv -y
git clone https://github.com/Neo23x0/Loki.git
cd Loki
python3 -m venv .
source bin/activate
pip install colorama yara-python psutil rfc5424-logging-handler netaddr
python3 loki-upgrader.py

– Run Loki Scanner as root to check for IOCs, you the below command:

 python3 loki.py

 

– You can also search for IOCs in a particular directory using -p flag . For example:

python3 loki.py -p /var/log/apache2/

 

RHEL/CentOS systems:

On CentOS based system, you can run the below to use find IOCs using APT:

sudo su -
yum install python3 python3-pip python3-devel openssl openssl-devel -y
pip install colorama yara-python psutil rfc5424-logging-handler netaddr
git clone https://github.com/Neo23x0/Loki.git
cd Loki
python3 loki-upgrader.py
python3 loki.py

Credits/Sources/References:
Neo23x0

Hope this helps! Happy Hunting Protectors! 🙂

ΞXΤЯ3МΞ

Random, Technology, Virtualization

Install MacOS Ventura on Proxmox 8.x

3 Comments

This is a guide on how to configure and install MacOS Ventura on Promox 8.x.x. (This was tested in my lab which runs Proxmox 8.0.3 and 8.0.4. It should work for other versions as well)

Requirements:

  1. Proxmox 8.x.x
  2. Opencore ISO [ Link: https://github.com/thenickdude/KVM-Opencore/releases . https://github.com/thenickdude/KVM-Opencore/releases/tag/v20]
  3. MacOS Ventura ISO (You can get this from archive.org)
  4. Root access to Proxmox to edit config

Steps to configure:

Download the OpenCore-v20.iso.gz  from KVM-Opencore and extract it. [Link: https://github.com/thenickdude/KVM-Opencore/releases/tag/v20 ].

Create a VM in Proxmox with the below settings:

  • Select ISO Image as Opencore iso
  • Set Guest OS type to “Other
  • Set Graphics card as “Vmware compatible”, Machine type “q35
  • Set BIOS to OMVF UEFI, add EFI Disk and select disk. Un-select Pre-enroll keys. Select SCSI Controller to “VirtIO SCSI
  • Set hard disk as “VirtIO Block” , size = 64GB, cache = Write back unsafe
  • CPU: Set 1 Socket, 4 Cores, Type as “Host”
  • 4GB Min RAM
  • Set NIC to Vmware vmxnet3
  • Then add second cd, select Bus/Device as defaults(IDE) and add MAC OS ISO.
  • Change boot order so that opencore is first and then second is macos

Minor Changes needed for it to work:

  • SSH into the Proxmox host and edit the VM config: (the VM ID = 100 for my newly created VM. It may be different in yours)

/vim /etc/pve/qemu-server/100.conf

  • If your Proxmox server is running on an Intel CPU, then below line in top of the file:


args: -device isa-applesmc,osk="ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc" -smbios type=2 -device usb-kbd,bus=ehci.0,port=2 -global nec-usb-xhci.msi=off -global ICH9-LPC.acpi-pci-hotplug-with-bridge-support=off -cpu host,vendor=GenuineIntel,+invtsc,+hypervisor,kvm=on,vmware-cpuid-freq=on

  • If your Proxmox host is running on an AMD CPU, use the below line instead:


args: -device isa-applesmc,osk="ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc" -smbios type=2 -device usb-kbd,bus=ehci.0,port=2 -global nec-usb-xhci.msi=off -global ICH9-LPC.acpi-pci-hotplug-with-bridge-support=off -cpu Haswell-noTSX,vendor=GenuineIntel,+invtsc,+hypervisor,kvm=on,vmware-cpuid-freq=on

Now, change the media=cdrom to cache=unsafe. Here is a sed command to do so:


sed -i 's/media=cdrom/cache=unsafe/g' /etc/pve/qemu-server/100.conf

Below is my config for reference (/etc/pve/qemu-server/100.conf):


args: -device isa-applesmc,osk="ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc" -smbios type=2 -device usb-kbd,bus=ehci.0,port=2 -global nec-usb-xhci.msi=off -global ICH9-LPC.acpi-pci-hotplug-with-bridge-support=off -cpu host,vendor=GenuineIntel,+invtsc,+hypervisor,kvm=on,vmware-cpuid-freq=on
balloon: 0
bios: ovmf
boot: order=ide2;ide0;virtio0;net0
cores: 4
cpu: host
efidisk0: local-lvm:vm-100-disk-0,efitype=4m,size=4M
ide0: local:iso/macOS Ventura 13.0.1.iso,cache=unsafe,size=13073658K
ide2: local:iso/OpenCore-v20.iso,cache=unsafe,size=150M
machine: q35
memory: 8096
meta: creation-qemu=8.0.2,ctime=1690969304
name: MAC-OS
net0: vmxnet3=D6:41:D1:8F:B5:49,bridge=vmbr0,firewall=1
numa: 0
ostype: other
scsihw: virtio-scsi-pci
smbios1: uuid=57a6ce4a-a710-483a-8577-28c1feae47d4
sockets: 1
vga: vmware
virtio0: local-lvm:vm-100-disk-1,cache=unsafe,iothread=1,size=64G
vmgenid: a9dee6c6-376d-48b9-bc20-3c586856ffb4

Here is a screenshot for reference of the settings page in Proxmox for the MacOS VM:

 

Proxmox MacOS Ventura Settings

– Here is a screenshot of the boot order settings:

– Now Boot the MacOS VM, and select UEFI boot when prompted.
– At boot prompt, run the below:


System\Library\CoreServices\Boot.efi

Installation:

– Open Disk Utility
– Click “View” => Show All Devices.
– Select the First option that shows 64GB disk and click on “Erase”. Once done, close disk utility and click option to start installer.
– Select the disk and continue the install on it

The rest of the installation is pretty straightforward. It did take a very long time for the install to complete along with a few restarts. But, at the end you should be able to boot into the Proxmox VM.

-Here is a screenshot of my VM post install.

MacOS VM login screen after installaton

 

Hope this helps! Cheers

Credits/References:
https://github.com/thenickdude/KVM-Opencore/releases/tag/v20
https://i12bretro.github.io/tutorials/0775.html

Random

Install Signal Desktop and setup the tray for i3-gaps [Linux Mint / Ubuntu]

Leave a comment

This is post on installing + setting up Signal Desktop application on an i3 / i3-gaps setup and enabling signal’s tray icon on your status bar.

Requirements:

1. Linux Mint/Ubuntu [This was tested on Linux Mint 20.2 ]
2. Window Manager – i3 or i3-gaps [ I am using i3-gaps ]
3. i3-bar / py3status
4. Signal Desktop Linux [ Ref: https://signal.org/download ]

Section 1: Install Signal Desktop

1. Install signal’s offical public software signing key.

wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
cat signal-desktop-keyring.gpg | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null

2. Add repository to your list of repositories

echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\
  sudo tee -a /etc/apt/sources.list.d/signal-xenial.list

3. Update your package database and install signal

sudo apt update && sudo apt install signal-desktop

[Note: The above instructions are from https://signal.org/download as of Sep 2021. Please refer to their website for the latest install instructions.]

Section 2: Setting up Signal for i3-gaps

If you invoke signal directly via rofi or manually from your terminal using signal-desktop, it works great but it does not enable tray icon by default which could be problamatic if you need to to minimize to the system tray (or to run in the background) if you quit out of the app. Arg!!

Luckily, signal-desktop ships with an additional flag that allows you to use the tray icon which will allow the Minimize function to work properly. To run signal with the tray icon, run the following:

signal-desktop --use-tray-icon > /dev/null &

Here is a screenshot from my setup with the signal tray seen in the bar. (You could right click image and open in new window for better viewing)

Screenshot of signal-desktop application with the system tray enabled

Adding keybindings i3 config:

I am sure there is a better way to do this. For now, I created a script start-signal.sh that calls signal-desktop with the additional argument.

vim ~/start-signal.sh

#!/bin/bash
signal-desktop --use-tray-icon > /dev/null &

Then make it executable:

chmod +x ~/start-signal.sh

I have configured my keybinding to Mod key + S (Windows key and s) to start signal-desktop and Mod + Shift + s (Windows key + Shift + s) which will kill signal. You can modify the text in bold below as per your liking. Here is a snippet of my i3 config file for reference:

vim ~/.config/i3/config

set $mod Mod4
set $terminal terminator
set $signal_with_tray ~/start-signal.sh
set $exec exec –no-startup-id

# Start Signal using Mod key + s
bindsym $mod+s $exec $signal_with_tray

# Kill Signal using Mod key + Shift + s
bindsym $mod+Shift+s $exec $terminal -e ‘pkill signal-desktop’

 

Regards,
ΞXΤЯ3МΞ

Linux, Random, Technology

Mount TrueNAS Core Samba share on Linux

Leave a comment

This is a guide that describes on how to mount a remote Samba share configured on TrueNAS on to a Linux machine.

 

Login in your Linux machine. (I am using a Linux Mint 19.3 in this demo. This should technically work on other Debian/Ubuntu based systems as well).

Use the following commands to get your current user’s user ID (UID) and group ID (GID) respectively.

id -u $USER
id -G $USER

Create a file /etc/.truenas_creds. This is where you would store the samba credentials.

Replace text in red with the username and password of the remote SMB share which was configured in TrueNas.

cat /etc/.truenas_creds
username=enter_username_here
password=enter_password_here

Modify the file permissions so that root is the owner and set the file permission to 600.

sudo chown root: /etc/.truenas_creds
sudo chmod 600 /etc/.truenas_creds

In your linux machine, create a folder to where you want the contents of the remote samba share to be mounts. For example: create a directory named /mnt/truenas/.

sudo mkdir /mnt/truenas/

-Below is a sample syntax that can be used for populating /etc/fstab.

//ip-of-nas-server/enter-remote-samba-share/location /enter-local-mount/location/here/ cifs credentials=/etc/.truenas_creds,iocharset=utf8,uid=enter_your_uid_here,gid=enter_your_gid_here,noperm 0 0

-Here is what that I added in /etc/fstab.

//192.168.1.12/mnt/truenas /mnt/truenas/ cifs credentials=/etc/.truenas_creds,iocharset=utf8,uid=1000,gid=1000,noperm 0 0

My TrueNAS server’s IP => 192.168.1.12

Remote samba share => /mnt/truenas

Local mount location => /mnt/truenas/

Credentials for samba share => /etc/.truenas_creds

-Once complete, run the following to mount all entries looking at /etc/fstab.

mount -a

-If there are no errors in the above command, check your local mount path to verify that the mount was successful.

ls -l /mnt/truenas/

References:

linuxize

Askubuntu

Linux, Random, Technology

Bash script to loop through values in a file with space as a separator

3 Comments

Lets say we have a file with list of IPs that are space separated and you want to read each of the values to pass to a loop to perform an operation. Here is an example file with IP Addresses separated  by a space:

cat ips.txt
192.168.1.1 192.168.1.10

Now, lets say you want to loop through these IPs and run a ping command against each of them.

cat ping.sh
#!/bin/bash

# IFS is an internal bash variable. Here, we set its value as space.
IFS=$" "
# Read the file "ips.txt" and store the list of values to a variable "ips"
ips="$(cat ips.txt)"

# Run the following loop which will loop through each of the ips and run a ping test
for ip in $ips; do ping -c 1 $ip; done
# Unset the IFS variable so that it wont mess with the reset of the script
unset IFS

-Running this loop, will loop through the list of IP addresses and perform a ping.

./ping.sh
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.660 ms

--- 192.168.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.660/0.660/0.660/0.000 ms
PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data.
64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.108 ms

--- 192.168.1.10 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.108/0.108/0.108/0.000 ms

Hope this helps!

Happy scripting folks! 🙂

Source/References: Link

Random

Hello world!

Leave a comment

Welcome to TechAntidote. This is our first post and we are very excited to let you know that the website will be operational soon.

 

Minor tweaking is underway and will up soon. Do subscribe and stay tuned for future updates!

Regards,
ΞXΤЯ3МΞ