Brandy Preserved Oranges

Ingredients

  • Small Oranges (Depending on size 10-20 oranges)
  • Zest of 3 oranges
  • 350g Sugar
  • 300ml Water
  • 300ml Brandy

Info

  • 2 x 1 litre Jars Sterilised
  • Medium Pan

Method

  1. Peel all the oranges with a knife removing the skin and pith so all the orange segments are exposed
  2. Combine sugar and water in the pan and heat gently to dissolve the sugar. Stirring to avoid burning the sugar
  3. Bring the sugar syrup to a simmer and then add the oranges to the syrup for 2 minutes. You can do this in batches if need be. Roll the oranges around to ensure they get even coverage. Remove oranges and place in the jars
  4. Add the zest to the syrup and remove from the heat and allow to cool. Then add brandy. If the brandy is added when the syrup is hot the syrup will go cloudy
  5. Fill the jars with the syrup and brandy mixture ensuring the oranges are covered. The oranges may want to float, but should sink after a few days
  6. Seal the jars and allow to age for at least a month. Store in a cool dark place and it should last for up to a year. The oranges will break down the longer they are left. Store in fridge once opened

Mikrotik Sliding Scale Blacklist

Mikrotik Sliding Scale Blacklist

This is an overview for building a set of rules that are a sliding scale to blacklisting IP addresses attempting to brute force SSH logins. This can be simply adapted to ports other than SSH. As the Mikrotik uses IPTables, the rules are put into the list in reverse order.

The information below is a set up for SSH, TCP port 22. To have the rules work against SIP adjust the protocol to UDP and the port to 5060,5061.

Rule 1

General Tab

Chain == input
Protocol == 6 (tcp)
Dst. Port == 22

Advaned Tab

Src. Address List == ssh_blacklist

Action Tab

Action == drop

Rule 2

General Tab

Chain == input
Protocol == 6 (tcp)
Dst. Port == 22
Connection State == new

Advaned Tab

Src. Address List == ssh_stage3

Action Tab

Action == add src to address list
Address List == ssh_blacklist
Timeout == 10d 00:00:00

Rule 3

General Tab

Chain == input
Protocol == 6 (tcp)
Dst. Port == 22
Connection State == new

Advaned Tab

Src. Address List == ssh_stage2

Action Tab

Action == add src to address list
Address List == ssh_stage3
Timeout == 00:01:00

Rule 4

General Tab

Chain == input
Protocol == 6 (tcp)
Dst. Port == 22
Connection State == new

Advaned Tab

Src. Address List == ssh_stage1

Action Tab

Action == add src to address list
Address List == ssh_stage2
Timeout == 00:01:00

Rule 5

General Tab

Chain == input
Protocol == 6 (tcp)
Dst. Port == 22
Connection State == new

Action Tab

Action == add src to address list
Address List == ssh_stage1
Timeout == 00:01:00

Install Seccubus for OpenVAS

Install Seccubus For OpenVAS

This is the Seccubus software that works in tandem with the OpenVAS.

  • Install Perl core modules

# yum install -y perl-core

  • Install the Mojolicious perl module

# curl -L https://cpanmin.us | perl - -M https://cpan.metacpan.org -n Mojolicious

  • Set up the MariaDB version 10 repository

# vi /etc/yum.repos.d/MariaDB.repo

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

  • Install MariaDB

yum install -y mariadb-server mariadb-client

  • Enable MariaDB to run at boot and start the daemon

# systemctl start mariadb
# systemctl enable mariadb

  • Secure MariaDB by running the following command and following the prompts

# mysql_secure_installation

  • Install other packages that will appear broken to yum on the rpm install

# yum install -y mailcap perl-Algorithm-Diff perl-Business-ISBN perl-Crypt-PBKDF2 perl-Digest-HMAC perl-Digest-SHA3 perl-Encode-Locale perl-File-Listing perl-HTML-Parser perl-HTML-Tagset perl-HTTP-Cookies perl-HTTP-Daemon perl-HTTP-Message perl-HTTP-Negotiate perl-IO-HTML perl-IO-Socket-IP perl-IO-Socket-SSL perl-JSON perl-LWP-MediaTypes perl-LWP-Protocol-https perl-Mozilla-CA perl-Net-HTTP perl-Net-IP perl-TermReadKey perl-WWW-RobotRules perl-XML-NamespaceSupport perl-XML-Parser perl-XML-SAX perl-XML-SAX-Base perl-XML-Simple perl-libwww-perl

  • Download the Seccubus rpm package

wget https://github.com/schubergphilis/Seccubus/releases/download/2.36/Seccubus-2.36.1-172.1.fc26.noarch.rpm

  • Install the Seccubus package using RPM. This will still say that the Mojolicious dependency fails, so use the –nodeps to skip the dependency logic. If the above is done, this ‘should’ be ok.

rpm -Uvh Seccubus-2.36.1-172.1.fc26.noarch.rpm --nodeps

  • Create the database for Seccubus

# mysql -u root -p _PASSWORD_ << EOF
create database seccubus;
grant all privileges on seccubus.* to seccubus@localhost identified by 'seccubus';
flush privileges;
EOF

  • Import the database structure and data to the newly created database

# mysql -u seccubus -pseccubus seccubus < /opt/seccubus/var/structure_v10.mysql
# mysql -u seccubus -pseccubus seccubus < /opt/seccubus/var/data_v10.mysql

Install OpenVAS on CentOS 7

Install OpenVAS CentOS 7

Install the OpenVAS scanning software into a CentOS 7 minimal install server.

  • Disable SELINUX (edit /etc/selinux/config) and reboot
  • Update your CentOS installation and reboot if necessary

# yum -y update

  • Install the follow packages
  • # yum install -y wget bzip2 texlive net-tools alien gnutls-utils

    • Add Atomicorp repo (see https://wiki.atomicorp.com/wiki/index.php/Atomic)

    # wget -q -O - https://www.atomicorp.com/installers/atomic | sh

    • Install OpenVAS 9

    # yum install openvas -y

    • Edit /etc/redis.conf. Add/uncomment the following

    unixsocket /tmp/redis.sock
    unixsocketperm 700

    • Restart Redis

    # systemctl enable redis && systemctl restart redis

    • Follow instructions and remember your admin password. If rsync throws error, check that your network allows outgoing TCP 873 to internet

    # openvas-setup

    • Open firewall port for tcp/9392

    # firewall-cmd --permanent --add-port=9392/tcp
    # firewall-cmd --reload
    # firewall-cmd --list-port

    • Go to https://_IP-ADDRESS_:9392 and login.

Change Permissions Recursively CentOS

Change Permissions Recursively on CentOS

Adjusting permissions on files and directories recursively is normally needed a lot. Usually when needed it’s to correct issues in web site directories.

For directories

[root@]# find /var/www/html -type d -exec chmod 755 {} \;

For files

[root@]# find /var/www/html -type f -exec chmod 644 {} \;

The find command with an -exec option is ok for small numbers of files and directories. There is a shortcoming with this though as it creates a sub process for each file or directory and wil perform quite badly where large numbers are involved.

Another way of doing this that would be much faster is using xargs. This does rely on a good implementation of find and xargs on the OS. CentOS is good for this

For files

[root@]# find /var/www/html -type f -print0 | xargs -0 chmod 644

For directories

[root@]# find /var/www/html -type d -print0 | xargs -0 chmod 755

A third way is based on the find man page. This will still be slower than using xargs but will only need to traverse the filesystem once to make the changes

[root@]# find /var/www/html \
> \( -type f -exec chmod 644 {} \; \) , \
> \( -type d -exec chmod 755 {} \; \)