About Brian Hatch

Brian Hatch is Chief Hacker at Onsight, Inc and author of Hacking Linux Exposed and Building Linux VPNs. Brian can be reached at brian@hackinglinuxexposed.com.

File and Email Encryption with GnuPG (PGP) Part Six

Last time I showed you how to exchange and verify public PGP keys with an individual. After you’ve verified a user’s key (KeyID, bits, type, fingerprint, and user’s actual identity) you should sign their key.

File and email encryption with GnuPG (PGP) part five

Verification is part of any security system. SSH, FTP, POP, and IMAP servers ask for your password before it lets you log into the machine, get your files, or snag your email. NTP can be configured to require keys before it’ll let you mess with it’s clock. CIFS requires a password or kerberos tickets before granting you access to shares.

File and Email Encryption With GnuPG (PGP) Part Four

GnuPG and other PGP implementations allow you to encrypt (scramble the data so only intended recipients can read it) and/or sign (provide proof that the data has been unaltered in transit). As you should remember, PGP keys are made up of two parts, a public key and a private key. The public key can (and in most cases should) be available to anyone – there’s no harm in allowing it out to the entire world. The private key should be kept somewhere secure, protected with a strong passphrase.

File and Email Encryption with GnuPG (PGP) Part Three

Last time[1] we’d created our PGP key. Let’s jump in with some encryption and decryption examples.

File and Email Encryption with GnuPG (PGP), Part Two

Jumping right in, let’s create our PGP public/private key pair. I’ll use GnuPG, the Gnu Privacy Guard, available at http://www.gnupg.org, and which is very likely already available with your Linux distribution. If you want to use older free or commercial PGP versions, the commands are very similar. Any GUI front end will also have the same functionality.

File and Email Encryption with GnuPG (PGP) Part One

File and mail security is easy to achieve with the right tools. PGP has proven itself the leader, and GnuPG is the tool of choice in the Linux world.

Running Programs in Response to Sniffed DNS Packets – Stealthily Managing Iptables Rules Remotely, Part 2

Last time we set up a Perl script that would use the Net::Pcap module to sniff the network and print information about DNS requests to standard output. The output looks like this

sourceipaddr -> destipaddr: dnshostname

Nmap Version Detection Rocks

Most people have heard of Nmap, the ubiquitous portscanner and more, available at http://www.insecure.org/nmap/. Recently, a new version of Nmap was released with a new and frequently requested feature – version scanning.

The Wrong Way to Upgrade Your RPMs

Most Linux distributions use the RPM[1] format for their software packages. RPMs are managed by the rpm program, which typically lives at /usr/bin/rpm.[2]

The Mysteriously Persistently Exploitable Program

This week, we’ll take a look at a successful and somewhat puzzling machine compromise. The machine in question was a production machine that had been up and running for about a year – one of those machines that had so much on it that you’re afraid to ever reboot it, lest something not come back up.

Sniffing with Net::Cap to stealthily managing iptables rules remotely, Part 1

In our saga that began several weeks ago, we’re trying to create a firewall setup that allows no inbound access by default that can be modified remotely to allow a small window of inbound SSH connectivity. Remember that this machine must have no inbound TCP ports accessible to pass muster with the Windows-biased IT administrators, yet we want to allow inbound SSH dynamically when needed.[1]

Linux File Permission Confusion

File permissions, the most basic form of security control that exists on Unix-like systems, is still misunderstood by many.