eltechno

Project Title

One Paragraph of project description goes here

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

Prerequisites

eltechno

#! /usr/bin/python
print "\n*********************************************************************"
print "Cisco IOU License Generator - Kal 2011, python port of 2006 C version"
import os
import socket
import hashlib
import struct
# get the host id and host name to calculate the hostkey
hostid=os.popen("hostid").read().strip()
hostname = socket.gethostname()

eltechno

# what we want:
# client -> OpenVPN -> Tor -> Internet

# Install & configure OpenVPN
# https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04

# assumed OpenVPN configuration
# 10.8.0.1/24-Subnet
# tun0-Interface

eltechno

##
# for Ubuntu 16.04 Xenial Xerus
##

######################################
# INITIAL SERVER SETUP & HARDENING
######################################

# most VPS providers give you root user from the start
ssh [email protected]

eltechno

#
# Hardened OpenVPN server on Ubuntu 16.04
# repeatable config generation script at end
#
# TOC
# ----
# 1. SERVER
# 2. NETWORKING
# 3. CLIENTS
#   3.1. REPEAT FOR EACH CLIENT

eltechno

sudo add-apt-repository ppa:gns3/unstable
sudo apt-get update
sudo apt-get install gns3-gui
sudo apt install curl
curl -O https://download.docker.com/linux/ubuntu/dists/zesty/pool/stable/amd64/docker-ce_17.09.0~ce-0~ubuntu_amd64.deb
sudo dpkg -i docker-ce_17.09.0~ce-0~ubuntu_amd64.deb 
sudo gpasswd -a $USER docker
newgrp docker
sudo apt-get install xtightvncviewer

eltechno

# Running docker-compose as a systemd service

## Files

| File | Purpose |
| ---- | ---- |
| `/etc/compose/docker-compose.yml` | Compose file describing what to deploy |
| `/etc/systemd/system/docker-compose.service` | Service unit to start and manage docker compose |
| `/etc/systemd/system/docker-compose-reload.service` | Executing unit to trigger reload on `docker-compose.service` |
| `/etc/systemd/system/docker-compose-reload.timer` | Timer unit to plan the reloads |

eltechno

// Copyright (c) 2006 Damien Miller <[email protected]>
//
// Permission to use, copy, modify, and distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

eltechno

import java.security.SecureRandom;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.SecretKeyFactory;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;

/*
 * PBKDF2 salted password hashing.
 * Author: havoc AT defuse.ca

eltechno

PCI DSS

NOTE: Work in progress

TODO: Identity management, two-factor auth, OpenVPN, Logstash, log shippers, IIS logs, OSSEC, Snort, Suricata, snorby, restart iis w/o admin role,

PCI DSS. Guidelines

• PCI Compliance with Open Source at (Almost) Zero Cost. Part 1 - http://rafeeqrehman.com/2011/05/24/zero-cost-pci-compliance/
• PCI Compliance with Open Source at (Almost) Zero Cost. Part 2 - http://rafeeqrehman.com/2011/07/17/zero-cost-pci-compliance-part-2/