CLOUD SECURITY

Cloud computing is nearly synonymous with cost and usability improvements.  But among with these benefits are the security concerns; especially if your organization is looking to adopt the cloud for business critical applications that house your sensitive data.  Let’s take a look at one of  CTI’s Top Ten considerations checklist for choosing your cloud provider.

1. Where’s the data? Different countries have different requirements and controls placed on access.

security_pros   Because your data is in the cloud. You may not realize that the data must reside in a physical location. Your cloud provider should agree in writing to provide the level of security required for your customers.

2. Who has access? Access control is a key concern, because insider attacks are a huge risk. A potential hacker is someone who has been entrusted with approved access to the cloud.  Anyone considering using the cloud needs to look at who is managing their data and what types of controls are applied to these individuals.

3. What are your regulatory requirements? Organizations operating in the US, Canada, or the European Union have many regulatory requirements that they must abide by (e.g., ISO 27002, Safe Harbor, ITIL, and COBIT). You must ensure that your cloud provider is able to meet these requirements and is willing to undergo certification, accreditation, and review.

4. Do you have the right to audit? This particular item is no small matter; the cloud provider should agree in writing to the terms of audit.

5. What type of training does the provider offer their employees? This is actually a rather important item, because people will always be the weakest link in security. Knowing how your provider trains their employees is an important item to review.

6. What type of data classification system does the provider use? Questions you should be concerned with here include: Is the data classified? How is your data separated from other users? Encryption should also be discussed. Is it being used while the data is at rest and in transit? You will also want to know what type of encryption is being used. As an example, there is a big difference between WEP and WPA2.

7. What are the service level agreement (SLA) terms? The SLA serves as a contracted level of guaranteed service between the cloud provider and the customer that specifies what level of services will be provided.

8. What is the long-term viability of the provider? How long has the cloud provider been in business and what is their track record. If they go out of business, what happens to your data? Will your data be returned, and if so, in what format?

9. What happens if there is a security breach? If a security incident occurs, what support will you receive from the cloud provider? While many providers promote their services as being unhackable, cloudbased services are an attractive target to hackers.

10. What is the disaster recovery/business continuity plan (DR/BCP)? While you may not know the physical location of your services, it is physically located somewhere. All physical locations face threats such as fire, storms, natural disasters, and loss of power. In case of any of these events, how will the cloud provider respond, and what guarantee of continued services are they promising?

Add NRPE host to Nagios

NRPE (Nagios Remote Plugin Executor) is a Nagios agent witch allows for remote  system monitoring by executing scripts on a remote system allowing monitoring of disk usage, system’s load or number of users currently logged in and much more. Normally Nagios can only monitor public services such as HTTP & FTP. This is great if you only want to monitor public servers, however I bet that most people want to monitor their own servers and have access to private information, that’s were NRPE comes in. It works on a client server basis, you install a daemon on the machine you  want to monitor, then setup your Nagios server to connect to the remote daemon to gather information

nrpe_diag

nagios-config

So how do we set this up, well first we need to be running a Nagios server.Once you have a Nagios server setup you’ll need to download and install the NRPE daemon on the remote machine.

So lets get started first SSH into your remote machine and enter:

/usr/sbin/useradd nagios
passwd nagios

this will setup a new Nagios user, now we need to install some plugins:

wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.14.tar.gz
tar -xzf nagios-plugins-1.4.14.tar.gz
cd nagios-plugins-1.4.14
sudo ./configure --with-nagios-user=nagios --with-nagios-group=nagios
sudo make
sudo make install

This will download and install the Nagios plugins required for NRPE to run, now we need to give the plugins access via the new Nagios user:

chown nagios.nagios /usr/local/nagios
chown -R nagios.nagios /usr/local/nagios/libexec

NRPE require you install xinetd and libssl-dev so we’ll do that now

apt-get install xinetd
sudo apt-get install libssl-dev

Now that done its time to install the NRPE daemon itself:

cd ~/
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.12.tar.gz
tar xzf nrpe-2.12.tar.gz
cd nrpe-2.12
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd

now we need to configure the daemon so it will talk to our Nagios server, well do this buy editing /etc/xinetd.d/nrpe and adding our monitoring servers address:

nano /etc/xinetd.d/nrpe
Should Look Like:
# default: on
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
        flags           = REUSE
        socket_type     = stream
        port            = 5666
        wait            = no
        user            = nagios
        group           = nagios
        server          = /usr/local/nagios/bin/nrpe
        server_args     = -c /usr/local/nagios/etc/nrpe.cfg --inetd
        log_on_failure  += USERID
        disable         = no
        only_from       = 127.0.0.1 [NAGIOS SERVER ADDRESS]
}

Then add “nrpe 5666/tcp # NRPE” to /etc/services:

nano /etc/services
add:
nrpe 5666/tcp # NRPE

you can check this all been configured probably by typing:

netstat -at | grep nrpe

this should show something like

(tcp        0      0 *:nrpe                  *:*                     LISTEN)

If that worked correctly its time to setup your Nagios server to monitor your remote host, so ssh into your Nagios server. Now we are going to add separate host file for the new host so we need to edit the nano “nagios.cfg” file:

nano /usr/local/nagios/etc/nagios.cfg
add lines:
cfg_file=/usr/local/nagios/etc/objects/host1.cfg

Now we need to create the Host1.cfg:

nano /usr/local/nagios/etc/objects/host1.cfg

and enter the following code:

define host{
        use linux-server ; Inherit default values from a template
        host_name remotehost ; The name we're giving to this server
        alias Fedora Core 6 ; A longer name for the server
        address the-tech-tutorial.com; IP address of the server
}

define service{
        use generic-service
        host_name remotehost
        service_description CPU Load
        check_command check_nrpe!check_load
}

define service{
        use generic-service
        host_name remotehost
        service_description Current Users
        check_command check_nrpe!check_users
}

define service{
        use generic-service
        host_name remotehost
        service_description /dev/hda1 Free Space
        check_command check_nrpe!check_sda1
}

define service{
        use generic-service
        host_name remotehost
        service_description Total Processes
        check_command check_nrpe!check_total_procs
}

define service{
        use generic-service
        host_name remotehost
        service_description Zombie Processes
        check_command check_nrpe!check_zombie_procs
}

Run the nagios config check then restart nagios:

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
/etc/init.d/nagios restart

And hay presto you Nagios should now be monitoring your remote host, don’t worry if it says pending it can take up to 5 minutes for the information to come through.

If you want to add more hosts repeat the above steps and use host2.cfg instead of host1.cfg.

Finished

the critical in the above screen dump is because I had disabled ICMP on the remote server.

Installing Nagios on Ubuntu

Nagios is the Industry Standard Network Monitoring Engine. OK great so whats that mean, well nagios is a server that monitors your hosts and services and will inform you if something goes wrong and when it is fixed again. It can monitor network services, host resources and even network probes such as temperature and moisture.

These features as well as many more make nagios, by far, the most complete Network Monitoring tool on the market, however with all these features comes complexity and nagios has obviously been designed with the experienced Network Administrator in mind. But don’t worry too much, its not that difficult to learn as long as you take it one step at a time, and in today’s tutorial we’re going to look at the first step, actually getting it installed

 

First of all you will need a server running the LAMP Stack. Then you will need to setup a special user account and group for nagios, this allows nagios to have some rights over the server without giving it full root access, to do this first type:

sudo useradd -m -s /bin/bash nagios

to add the new user and group, then you’ll need to set the password, use:

sudo passwd nagios

Now create the ‘nagcmd’ group to allow external commands to be run, then add the nagios user and the apache user to the group:

sudo /usr/sbin/groupadd nagcmd
sudo /usr/sbin/usermod -a -G nagcmd nagios
sudo /usr/sbin/usermod -a -G nagcmd www-data

Now that’s all out of the way you’ll need to download Nagios (I recommend downloading it to its own directory, eg. ~/nagios-install):

wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.4.3.tar.gz

then extract the source code form the tar file and navigate into the new folder:

tar -xzf nagios-3.4.3.tar.gz
cd nagios-3.2.1

now we just need to download gcc, the c++ compiler,

sudo apt-get install gcc

Now its time to install nagios, we are going to do this buy compiling the source code, this can seem a little confusing the first time you do it, but don’t worry you don’t relay have to understand it yet (that comes when you start to make your own programs) just follow the lines and you will be ok:

./configure --with-command-group=nagcmd
sudo make all
sudo make install
sudo make install-init
sudo make install-config
sudo make install-commandmode

Now we just need to configure the contacts .cfg file so nagious can email us the report:

sudo vim /usr/local/nagios/etc/objects/contacts.cfg

and change the email field to your email address.

Because the installer thinks Apache is installed in /etc/httpd/ witch it isn’t, we need to make a symlink to /etc/apache2/. A symlink is a file or folder that contains reference to another folder/file, so when the installer thinks its installing into /etc/httpd its actually installing into apache2, to do this type:

sudo mkdir /etc/httpd
sudo ln -s /etc/apache2/* /etc/httpd/
sudo make install-webconf

now we need to add the password to login to our nagios site, remember this password you will need it later:

sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

restart apache

sudo /etc/init.d/apache2 reload

You don’t need to do the next step, however its extremely useful to install the base plug in pack to provide some extra functionality for nagios, to do this

cd ~/
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.14.tar.gz
tar -xzf nagios-plugins-1.4.14.tar.gz
cd nagios-plugins-1.4.14
sudo ./configure --with-nagios-user=nagios --with-nagios-group=nagios
sudo make
sudo make install

Configure Nagios to automatically start when the system boots.

sudo ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios

Verify the sample Nagios configuration files.

sudo /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.

sudo /etc/init.d/nagios start

now you can login to Nagios buy going to http://your_ip/nagios/ in your web browser and using the details:

username:nagiosadmin
password:[the password you set earler]

And that’s about it you should now have a nagios server set-up that is monitoring the local host

You may need to update nagios to its latest version, to do this type:

cd /usr/local/src
sudo wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.2.tar.gz
sudo tar xvzf nagios-3.2.2.tar.gz
cd nagios-3.2.2
sudo ./configure --prefix=/usr/local/nagios --with-nagios-user=nagios --with-nagios-group=nagios --with-command-group=nagcmd --enable-nanosleep --enable-event-broker
sudo make all
sudo make install
sudo make install-init
sudo make install-commandmode
sudo make install-config
sudo update-rc.d -f nagios defaults
cd ..

Linux Cool Tips and Tricks Log 7

Overview

Linux Tips and Tricks continued….

Convert unix timestamp to something readable

If you are a system administrator just like me, I bet you have a bitter sweet relationship with log files. They are the first thing we peek into when something goes wrong. One thing that you will find is the unix time stamp used by most of these. To convert these to human readable date and time format you can use the date command just like this


% date -d @1347213569

 

Find your favorite command

If you ever wish to find your most used command, try look through your history just like this


% history | awk '{a[$2]++}END{for(i in a){print a[i] " " i}}' | sort -rn | head

Linux Cool Tips and Tricks Log 6

Overview

Linux Tips and Tricks continued…

The destroyer command

If you are planning to throw or dump your old hard disk (Since you are big rich lad and can buy super cool SSDs) it is always advisable to wipe and erase data on your old one. You would like to make it as hard as possible for anyone to pull out any data out of your old thrown hard disk. Data can still be restored after you delete everything and perform a format. Shred is a popular utility that comes pre installed with almost every linux distribution. Lets use shred to remove anything from my second attached disk.

A word of caution, never try this on a disk you love, this would result in complete data loss.

shred -v -n 1 -z /dev/sdb-v : show progress
-n 2 : overwrite hard disk with two pass of random data (Advisable is to perform more than one pass of randaom data, the down side it is that the process takes bit long to complete)
-z : finish cleaning with one pass of zeros

 

Which process uses which files?

How many times have you tried unmounting a drive and faced with an error. The fuser command can tell you which user is still accessing the drive making it unmountable. You can easily kill the process then and unmount the drive.

List processes using the cdrom drive (usefull for a clean unmount):
/sbin/fuser -v /mnt/cdrom
List processes using the sound card:
/sbin/fuser -v /dev/dsp0

Cheers…

Linux Cool Tips and Tricks Log 4

Overview

Linux Tips and Tricks continued…

Find which operating system you are running

Finding the OS information is easy in Linux, I have seen most people jump to /etc/issue file to find it. This is absolutely correct however this file can be easily modified and changed by the sysadmin, to give you false information. A sure shot method of finding OS name and details is to fire this command on your terminal.

lsb_release -a
Example: when ran on my system
Distributor ID: Ubuntu
Description: Ubuntu 12.04 LTS
Release: 12.04
Codename: precise

Find all files larger than some value and less than some value

If you want to free up some disk space quickly and find all big files use the command below

find / -type f -size +100M -size -1G

Cheers…