samedi 25 février 2017

New year, new job, new country

2017 is well started already, and as I stated it in the title, this year start with a lot of new things.

After spending 2 years in Vietnam, sharing my tricks and my knowledge to my colleagues, solving problems and hacking the different internal tools, it was time for me to take a new challenge.

So I landed to Singapore, doing what I know and what I don't know yet for an international organization. 

I don't know if I'll succeed but one thing is sure : I am doing my best.


And later this year, actually it is supposed to start in March (really soon), I will follow the e-learning program about the CCNA CyberOps curriculum as a Cisco Global Scholarship recipient.

Anyway, it is late here so ...

Stay tuned.

vendredi 18 décembre 2015

Interfaces d'administration par le web

Un petit billet afin de parler de ce que j'ai l'occasion de faire de mes journées au Vietnam.

On a déployé un VMWare ESXi sur un de nos serveurs qui auparavant tourner des VMs sous Workstation.
Pas de grosse différences en soi, mis à part qu'on rentre un peu plus dans la légalité via la licence gratuite ESXi pour un CPU physique.
L'inconvénient majeur est qu'il faut un client Windows pour administrer l'ESXi.
En fait... plus vraiment, il y a depuis peu une interface Web à installer sur l'ESXi disponible sur le site de Wmware Labs - Flings (ici).

Ce n'est pas encore parfait: certaines fonctions ne fonctionnent pas avec ESXi (pas moyen de créer de nouvelles VMs par exemple). Mais on peut avoir l'accès console, et ça c'est déjà bien.

Sinon, il y a le projet Cockpit (ici) qui avec son module "Docker" permet de surveiller les performances des conteneurs en cours d'execution. Il est possible d'y joindre différents serveurs afin d'avoir au final un point d'administration centralisée.

jeudi 15 octobre 2015

Installation of RequestTracker on Centos7

Just a short note about the installation of RequestTracker (an open source help-desk tool).

You'll find great description about the installation here or you can simply follow the README.

Anyway, I checked the installation with rt-server and it worked but not with the apache configuration provided on the guide (link above).

Check the /etc/httpd/logs/erro_log and you'll find something like "[authz_core:error] [pid 1161] [client 10.250.0.132:60599] AH01630: client denied by server configuration: /opt/rt4/sbin/rt-server.fcgi"

Solution : just add in the apache config file "Require all granted".

mardi 25 août 2015

Sécurité : un éternel recommencement

La sécurisation de l'infrastructure est un travail de tous les jours.

Les systèmes d'aujourd'hui sont beaucoup plus puissants et accessibles qu'il y a 15 ans. Et les politiques et contre-mesures appliquées à l'infrastructure doivent être en conséquence remise à jour.

Dernièrement, la vulnérabilité "FREAK" (CVE-2015-0204), puis plus récemment la vulnérabilité "logjam" (CVE-2015-4000) illustrent bien le problème, lié aux tailles de clés utilisées.
Ce qui était cher temps et en argent ne l'est plus, et il est possible de faire déchiffrer des informations qui ne l'étaient pas à l'époque.

Il est donc temps de faire un petit tour au niveau des clés utilisées pour différents fonctions (signature numérique, authentification, chiffrement, échange de clés) : changer la taille des clés (passage de clés RSA-1028 vers RSA-2048 ), changer le type de cryptographie utilisée (utilisation d'algorithmes à base de courbes elliptiques : ECxx).

Pour avoir une idée de certaines recommandations : Recommandations NSA (en anglais)



vendredi 7 août 2015

First steps on Docker

Docker is a new way to "virtualize" applications.

Before Docker, to run multiple applications on the same host, we can install all the applications on the host (no virtualization), or put each application on a virtual machine (virtualized application).
On the first hand, because all the applications are running on the host, we may have to isolate each application to the others using chrooting. If the host fails, all the running applications are unavailable. But all the physical ressources are used by the host and the applications. 
On the other hand, each application is running on a separate virtual machine. For this reason, it requires more physical ressources (for each application, one virtual OS is running). But each application is isolated to the others, and if the host running the application fails, the others are still running (by "host", I mean the virtual machine running the application. It is obvious that if the host server fails, all the VMs will fail)

With Docker, the things are a bit different. Each application is in a Docker "container".  And Docker acts as a virtual machine on which all those containers run. Each container is isolated to the others unless links are made between containers or from the container to the host machine. The ratio of the ressources available for applications to the ressources used by the OS is better here than using virtual machines. And as virtual machine, when we need to remove the application and keep the whole system clean, it is as simple as a virtual machine : remove and delete the container.
Another interesting thing about Docker : versioning. It is possible to run an application using a specific configuration. For example, you have a web application which require tomcat server, when you are doing your container for this application, you can choose between using the latest version of Tomcat, or a specific one (version 6, 7 or 8) using a tag while loading the image.

Imagine a networking tool using Docker containers, based on different manufacturer OS dockerized images.

So now, about how to use Docker?

Just download it from docker.io and install it on your system.
By the way, if you have any error messages on Linux systems, ensure docker service is started and run the docker commands using sudo or with as a member of docker group. And if you still have error messages, delete the file in docker folder and restart the service.

If the install is working, you should be able to run your first docker container based on the hello-world image : docker run hello-world

So the commands to play with your containers:

  • docker run
    • To launch a container in background (as a daemon) or in interactive mode
  • docker build
    • To build a docker image, by reading instructions from a Dockerfile (puppet/chef style)
  • docker stop
    • To stop a running container
  • docker rm
    • To delete the container