Dynamic DNS updates for a RaspberryPi server

I posted about how I setup a RespberryPi for a work experiment. That server has a DNS name using the service https://dyn.com/ where they will keep my hostname pointed at the IP address my server is on. I need this because I have a residential cable modem connection to the Internet so my IP address can change at random. I wasn’t sure how easy or hard it would be to find a client to keep my record updated, but it turns out you only need 3 commands to configure this in the Terminal app or via SSH;

sudo apt-get update
sudo apt-get install libio-socket-ssl-perl
sudo apt-get install ddclient

When you type the third line above it will step through a simple wizard that asks what Dynamic DNS service you are using, and then asks for the username and password to use. Everything was up and running in about a minute. You can then tail /var/log/syslog to see status messages or look at /etc/init.d/ddclient or /etc/ddclient.conf if you want to adjust how it starts or is configured, but the defaults seem fine.

Easy SSL Cert for testing

Have you ever needed to test something with a web server that you stand up quickly, but don’t have an SSL cert for it, and don’t have access to a wildcard cert for the domain? Check out http://www.letsencrypt.org and be prepared to quickly and easily get an SSL cert. 

On a RaspberryPi system you start by installing certbot  via “sudo apt-get install python-certbot-apache” and then I ran in to some trouble trying to just use certbot’s automagic apache mechanism so I did this;

1. Enable SSL on Apache with “sudo a2enmod ssl”
2. Stop Apache with “sudo /etc/init.d/apache2 stop”
3. “sudo certbot certonly –standalone” to go through the process. It will launch a process that the certificate authority will connect to on TCP 80 to verify you control the DNS name you are trying to make a cert for so that name should resolve to this server.
4. Edit /etc/apache2/sites-enabled/default-ssl.conf to point to your SSL certs. These 3 settings must be changed and make sure the path matches where your files are stored;
   

SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem

Now you need to start Apache back up with “sudo /etc/init.d/apache2 start” and hopefully it should load. I don’t believe any steps are missing here, but please do let me know in the comments if you tried this and were totally stuck. Remember you’ll have to renew your certs each year, but certbot has a renew function as well. Super simple. 

Protecting a RespberryPi

So I had a need for work to setup an Apache server to test a feature of our product. It was easy enough to get it going;

1. Install Noobs to SD card
2. Boot up RaspberryPi 3B+ with Noobs
3. Install Raspian
4. Use apt-get to install apache2
5. Port Forward 80 and 443 to my RPi
6. Use DynDNS to direct a DNS name to my home IP

So all that was super easy. Next I started to worry about protecting my little pocket computer. I looked at DenyHosts, but it seems like the version in apt-get was super old and even the latest seems not maintained. So I did “apt-get install fail2ban” because that seems fairly current. So this is more of a question post than a helpful post for others. My question is if fail2ban via apt-get needs certain config changes or if it is good with default settings? If you read this and can comment with guidance it would help me, and hopefully others. If the steps above seem complicated and anyone wants a step by step posted then I’m happy to do so. If you’d like to try to beat up on my little computer that’s cool too. Nothing private is on it. http://absolute.jnux.net is the Apache2 instance.

LazyKali reboot

I am making available the beginning of a re-write of what I think is a helpful utility for Kali Linux systems. These systems are used for penetration testing, and are not typically day-to-day systems. I find myself doing the same installs and maintenance with every re-install of Kali so I wanted to create a tool to simplify this. It appears that until about 3 years ago someone else had a similar idea, but they seem to have abandoned it. If anyone knows if there is a current version of lazykali out there in the Interweb could you please point me to it so that I might contribute to that instead of maintaining this fork. If Reaperz73 sees this please contact me to let me know you are out there.

Continue reading “LazyKali reboot” →

Kali Linux install on a Lenovo T430s

I have been working with Kali Linux lately for the pentest tools, and to keep my skills current. To that end I wanted to put the latest version of Kali on a Lenovo T430s laptop. I started with the kali-linux-2016.1-amd64.iso download. Then I wrote that to a USB key using Universal USB Installer ( http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/ ) and tried to install Kali on my laptop.

Continue reading “Kali Linux install on a Lenovo T430s” →

40.937502
-75.826148

HP Mini 1101 Audio & Ubuntu NetBook Remix

If you have an HP Mini 1101 and try loading Ubuntu Netbook Remix and are sad your audio doesn’t work because it uses ALSA 1.0.18 then just follow these easy steps in this article to move to 1.0.20 and bam… sound… listening to Last.fm right now.

Upgrade Alsa (1.0.20) on Ubuntu Jaunty 9.04 | To a free world

 

Rootkit Hunter 1.0 released

So Rootkit Hunter 1.0 was released. For those that don’t know what a rootkit is; It is usually an automated way of taking control of a computer and it usually hides the intrusion. Usually you see rootkits on UNIX / Linux / BSD systems, but the term could refer to any platform I believe. The “root” part of rootkit refers to the root user on a UNIX box that has full control of the system, and “kit” is because it’s like a kit that is all set up nice for you with the tools needed to break in to a system. So anyways… the reason I’m happy about this release is because I have a few minutes of fame in the Changelog. If you read it you’ll see…

Continue reading “Rootkit Hunter 1.0 released” →