fbpx

Schannel Again in 2024

Getting loads of schannel errors in my log server every day, I decided to hunt them down.

Turns out that under Internet Options a GPO was misconfigured to allow sslv3 traffic.

Disabling this SSLv3 as shown below with a GPO or individually solves this log entry spam.

Apache Reverse Proxy Detail

edit the proxy.conf – vi /etc/httpd/conf.modules.d/00-proxy.conf

Load necessary modules

LoadModule rewrite_module modules/mod_rewrite.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

Load lbmethod modules

LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so

Load additional proxy modules

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_express_module modules/mod_proxy_express.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
~

Edit your sites’ .conf file – vi /etc/httpd/sites-enabled/service.domainname.com.conf

VirtualHost *:443
ServerName service.domainname.com

SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/yourcert.crt
SSLCertificateKeyFile /etc/pki/tls/private/yourprivatekey_privatekey.key
SSLCertificateChainFile /etc/pki/tls/certs/bundle.crt

RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule /(.*) "ws://backendserverIP:portnumber/$1" [P,L]

ProxyPreserveHost On
ProxyPass / http://backendserverIP:portnumber/
ProxyPassReverse / http://backendserverIP:portnumber/

ErrorLog /var/log/httpd/service.domainname.com/error.log
CustomLog /var/log/httpd/service.domainname.com/access.log combined

VirtualHost

Restart HTTPD and test out your new site!

HTTPS Security Settings for Apache

Well I got into some interesting spaces when I found this site :

https://securityheaders.com

and https://hstspreload.org

In order to get an A+ rating for my blog, I went through all the suggested routines and while I won’t detail them, below is what I have landed on for what works on my WordPress site.

Inject this into your .htaccess file on your Apache webserver

Header set Content-Security-Policy “upgrade-insecure-requests”

Header set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload”

Header set X-Xss-Protection “1; mode=block”

Header set Referrer-Policy “strict-origin”

Header set Permissions-Policy “geolocation=self”

Header set Access-Control-Allow-Origin “https://*yoursite.com*”

Header set Cross-Origin-Embedder-Policy “unsafe-none”

Header set Cross-Origin-Opener-Policy “unsafe-none”

Header set Cross-Origin-Resource-Policy “same-site”

Phishing Events and CyberSecurity

I can’t tell you guys how important it is to be vigilant over the next few months, you will be distracted with holiday events and other social engagements.

If not already, you will be bombarded with scam phone calls and emails. Please! DO. NOT. RESPOND. to those emails and phone calls. Mark them as SPAM and/or phishing and delete them.

The most recent examples relating to phone calls are for people looking to get your social security number, Medicaid, and credit card information. It will be a foreign sounding individual with a “normal” sounding name, like “Robin” or “John” – Hang up on that person immediately!

The most recent examples relating to scam emails is someone “responding” to an email and BCC’ing you with a “what’s this” or  “what is this” and below will be an invoice looking for payment. Mark as SPAM and DELETE THIS EMAIL!!!

There will be variations of this theme, but it is all the same, they want your money and your personal information so that they can trick other individuals to give them their money!

IF you use a password manager like LastPass, I strongly urge you to change all your passwords and keep them in either a different password manager or in a notebook in a safe place in your home.

Hacking is serious business, with serious consequences for those not careful to avoid from being hacked.

It is up to everyone here to keep your organization safe.

Installing Pi-Aware aka FlightAware

Buy the following:

Nooelec Dual-Band NESDR Nano 3 Premium ADS-B (978MHz UAT & 1090MHz 1090ES) Bundle for Stratux™, Avare, Foreflight, FlightAware & Other Applications. Includes 2 SDRs, 4 Antennas, 5 Adapters.

Nooelec Omnidirectional 7dBi ADS-B Antenna – 23″ Outdoor Fiberglass Antenna w/Female N-Connector, 10m RG58 Cable Extension w/SMA Connector & Mounting Hardware. Weatherproof. 1090MHz Center Frequency

https://www.amazon.com/gp/product/B076GWF6FF

https://www.amazon.com/gp/product/B08NRQF9TK

Once you have all the parts together, head over to FlightAware’s page for a download of the image, or you can hand load it, which is what I did. since the Pi I used also hosts this website.

Hand Load:

https://flightaware.com/adsb/piaware/install

Image Download:

http://piaware.flightcdn.com/piaware-sd-card-5.0.img.zip

Happy New Year 2021! – App_Offline

Greetings 2021! I’m in the middle of a software deployment right now. Hoping adoption goes well and that everyone enjoys using the application.

Some basic tool I learned a moment ago: Use the app_offline.htm file in your ASP.net 2.0 (minimum) to quickly notify your users that the page – or your app is down for maintenance.

Enable SNMP on a Raspberry Pi

sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install snmpd -y
sudo apt-get install snmp -y
sudo nano /etc/snmp/snmpd.conf
To get it running, you will need to modify the sudo nano /etc/snmp/snmpd.conf file:

First, I commented out this line:

#agentAddress udp:127.0.0.1:161

and below the line ‘#agentAddress udp:161,udp6:[::1]:161′ I added:

agentAddress udp:161

then below this line:

rocommunity public localhost

I added:

rocommunity public 190.0.10.0/24

Finally, restart the service:

service snmpd restart

Check-MK Debian Linux Agent Install

First you’ll need to install xinetd which is a requirement for the Check_MK agent:

apt-get install xinetd


Then, latest Check_MK agent installer from your Check_MK website and install:

cd /tmp/
wget http://%yourcheck_mk_server%/download/check-mk-agent_***.deb
dpkg -i check*

How to Enable SNMP ESXi 6.5

Open your favorite (Putty) ssh application and connect to your ESX host and then run the following commands:

esxcli system snmp set –communities public
esxcli system snmp set –enable true
esxcli network firewall ruleset set –ruleset-id snmp –allowed-all true
esxcli network firewall ruleset set –ruleset-id snmp –enabled true
/etc/init.d/snmpd restart

The –ruleset should be a dash dash not a bar, same with the –allowed and –enabled; I don’t know why WordPress does that.