Tag Archives: Linux

Simple MySQL Diff

Dead simple way to diff two MySQL databases (probably applicable to others as well).  Just create a new file with the following:

#!/bin/sh

mysqldump database1 --no-data -u username -p > db1.sql
mysqldump database2 --no-data -u username -p > db2.sql
diff db1.sql db2.sql | grep \( -B 1

Make sure to chmod o+x the file to enable execution. This will output the locations of changes in your databases, and you can go to the line numbers to find the actual changes.

How to Disable Strict Host Key Checking on Local Network

If you do a lot of ssh-ing on a local network with constantly changing hardware, you’re going to run into problems where stored known RSA keys don’t match up if the next device to use an IP address has a different signature.

Something like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
e8:73:0c:61:f8:cc:4c:95:25:ed:76:bc:35:bc:5d:c4.
Please contact your system administrator.
Add correct host key in /home/heidi/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/heidi/.ssh/known_hosts:1
remove with: ssh-keygen -f "/home/sam/.ssh/known_hosts" -R 192.168.1.25
RSA host key for 192.168.1.25 has changed and you have requested strict checking.
Host key verification failed.

To fix this, just add the following lines above Host * in your ssh config file. This file can be found at /etc/ssh/ssh_config on Ubuntu systems, but might be somewhere else on your system. You’ll need to sudo edit it to make changes.

Host 192.168.1.*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null

You can also specify other settings if you’d like, such as default user and port.

Setting up a new Rackspace Cloud Server with Debian 6, Name.com, and PHP/MySQL

Another instructional blog post as I try to figure out something.

Configuring a website with Rackspace.com is much different than setting one up with a shared hosting service such as Dreamhost or GoDaddy.  I could write more about this, but it’s not really productive.

Anyways, here are the steps I went through:

1. Buy a domain.

I chose Name.com, for their cheap prices and no-bullshit/non-shady website (e.g. GoDaddy).  For $8.25/month (after coupon code), you get a .com domain.

2. Configure Google Apps

With Name.com, this is very simple, there’s a button for it.  After that, follow Google’s very detailed instructions.  I chose this option instead of configuring mail on my own server because it’s simpler, and a very pretty interface.  Plus, all the people working with me on the site already have gmail.

3. Set up a Rackspace.com Cloud Server Account

Pretty simple, not many options to choose.  At first, all you need will be a cloud server.

4. Set up your server on Rackspace.com

I went with a Debian 6.0 server with 512MB of RAM after about 10 minutes of internet research.  I have some experience with CentOS, Ubuntu, and Fedora, but the internet said “Debian” so I went with that.

5. Set up DNS on Name.com

First, delete the “A” DNS records on name.com.  These can be found under “Domain Management” » “DNS Record Management.”  Next, add a new “A” record with “*” in the Record Host field and your Rackspace IP in the Record Answer field.  Add another one with a blank Record Host field and the same IP.

6. Log in to your server as root, install everything

Using the provided root password from Rackspace, open up a terminal (on Windows use PuTTY).  Enter
#apt-get install apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql
At this point, your DNS information will take a little while to propagate across the internet.  However, if you type your url into your address bar, you should get a page that says “It works!” (As of Debian 6).
Missing data…
Next add the following to your .htaccess for compression and www-removal.  Make sure to change “domain.com” to your domain.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !^domain.com$ [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [L,R=301]

# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

Installing OpenVAS 3.1 on CentOS 5.5

Was having some issues installing the latest version (3.1.0) of OpenVAS in a CentOS 5.5 VM today, so I thought I’d throw up a walkthrough in case anyone else was having similar issues. I’m not really a Linux expert, so it may look kind of backwards at times. I’m going to skip the long and tedious Google searches that make me look stupid, and just give you the good parts. There exists limited documentation for versions 1.0 and 2.0, but anything 3.0 and above is a mystery.

First thing, download all the sources. You might also want to run yum update just to be safe. Since this was a brand new VM, this required about 300MB of updates.
Currently, the “full setup” lists the following:

I downloaded and untar’d them all for later. From the limited documentation on the site, I deduced that openvas-libraries should be installed first. cd to that directory.

openvas-libraries

For the cheat codes, skip to the end.

To build and install from source, the usual process is ./configure; make; make install.

To isolate errors, you should run each individually, so ./configure first.

Alright, this has to be written down somewhere, let’s check the install_readme. Apparently we need:

  • libglib >= 2.12
  • libgnutls >= 2.0
  • libpcap
  • libgpgme >= 1.1.2
  • gcc
  • bison
  • flex

To install all of these, run yum -y install glib2-devel gnutls-devel libpcap-devel gcc bison flex. The rest aren’t in the standard CentOS repo.

Now to try ./configure. We get configure: error: "gcrypt.h not found". Now you should be seeing a pattern. Let’s fix this by yum -y install libgcrypt-devel.

We are missing library gpgme. Yum comes up with no results for gpgme, but the script has a link to http://www.gnupg.org/gpgme.html. Download the source code, and extract it to a folder. We have to build and install this before we can get back to the main openvas-libraries installation.
Apparently you need GnuPG2, which can be installed by yum -y install gnupg2. This installs some dependencies, but g13 is still missing. You also need libassuan and libgpg-error, which can be downloaded from http://gnupg.org. Extract both, and ./configure; make; make install. Install libgpg-error first, as it is required for libassuan.

Apparently e2fsprogs-devel is required, but nothing will tell you that. Instead, the program complains about not having uuid and the development libraries. Of course, this took a little while to figure out, since uuid and uuid-devel aren’t in the standard CentOS repos. Instead, you need to install additional repos, and then find out that it still complains. Only after some clever Google searches did I find out about e2fsprogs. yum -y install e2fsprogs-devel.

To build openvas-libraries, you need cmake. Download and install cmake from http://cmake.org. To install cmake, you need to have gcc-c++, and use a different script. yum -y install gcc-c++ to get the c++ compiler. Instead of the usual ./configure; make; make install, you need to ./bootstrap; gmake; make install. Not sure if you really need to use gmake instead of make, but the output of ./bootstrap told me to.

Then, go back to openvas-libraries and make; make install

TL;DR:
Note: file versions may be out of date, please visit the homepages for these tools to get the latest versions.
# yum -y install glib2-devel gnutls-devel libpcap-devel gcc bison flex libgcrypt-devel gnupg2 e2fsprogs-devel gcc-c++
# wget http://wald.intevation.org/frs/download.php/767/openvas-libraries-3.1.2.tar.gz
# wget ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.3.0.tar.bz2
# wget ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.1.tar.bz2
# wget ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.9.tar.bz2
# wget http://www.cmake.org/files/v2.8/cmake-2.8.2.tar.gz
# tar xzf openvas-libraries-3.1.2.tar.gz
# tar xjf gpgme-1.3.0.tar.bz2
# tar xjf libassuan-2.0.1.tar.bz2
# tar xjf libgpg-error-1.9.tar.bz2
# tar xzf cmake-2.8.2.tar.gz
# cd libgpg-error-1.9
# ./configure; make; make install
# cd ../libassuan-2.0.1
# ./configure; make; make install
# cd ../gpgme-1.3.0
# ./configure; make; make install
# cd ../cmake-2.8.2
# ./bootstrap; gmake; make install
# cd ../openvas-libraries
# ./configure; make; make install

openvas-scanner

Next, to install openvas-scanner, extract the files, change to that directory, and
build it.

# wget http://wald.intevation.org/frs/download.php/754/openvas-scanner-3.1.0.tar.gz
# tar xzf openvas-scanner-3.1.0.tar.gz
# cd openvas-scanner-3.1.0
# ./configure; make; make install

Then, add /usr/local/sbin to your PATH variable by adding the following to /etc/profile, before the line that begins EXPORT PATH
PATH=$PATH:/usr/local/sbin

openvas-manager

Next is the manager.

The manager requires sqlite and doxygen, so

# yum -y install sqlite-devel doxygen
Then # cmake .; make; make install

openvas-cli

OpenVAS-Administrator seems to still be in beta, so let’s skip that and go to the CLI.

# cmake .; make; make install

Configuring

First step is to generate a certificate. If you’re like me, you didn’t add /usr/local/sbin to your PATH, so you have to type it manually for this part.

# /sbin/ldconfig /usr/local/lib
# /usr/local/sbin/openvas-mkcert

Follow the instructions and generate your certificates.

Next, run # /usr/local/sbin/openvas-adduser to add a new user. http://www.openvas.org/compendium/adding-new-users.html has details on this. To create an admin user, give the rule default accept.

Run the NVT sync to grab the latest tests:
# /usr/local/sbin/openvas-nvt-sync

openvas-client

Guess what, you need gnutls for this. What’s that you say, you already have gnutls? Nope, apparently the CentOS repo has a version too old for the client.

Get a new version from ftp://ftp.gnu.org/pub/gnu/gnutls/ and install it.

When installing, use ./configure --prefix=/usr/ to specify the location of the installed files.

To be continued…

gsa-desktop

To be continued…