Code signing.

A client is getting ready for NIAP certification. Part of this is verifying an ISO signature. The steps are Download SHA256SUMS and SHA256SUMS.gpg Get the key used for the signature Verify the signature Check the ISO with sha256sum Download sums and signature (SHA256SUMS and SHA256SUMS.gpg) from a mirror and save in a suitable working directory.[…]

MD5 and SHA512

A client was concerned that their password hash was MD5. A check of the /etc/shadow file showed: user:$6$UAxaIY9I$hAkj …   The first field annotated by a ‘$’ (: is the delimiter) is 6 = SHA256 (1 = MD5) And /etc/pam.d/common-password specifies it: ​ password        [success=1 default=ignore]      pam_unix.so obscure use_authtok try_first_pass[…]

FIPS 140-2 Testing

A client specified external testing of a Debian distro with another distro’s FIPS module compiled in. This was pretty interesting. We tested to make sure SSH1 doesn’t work at all and SSH2 does with the following cyphers: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc, rijndael-cbc@lysator.liu.se and the following keys: RSA, ECDSA, DSA

RedHat Linux

We’re becoming RHEL experts. This started when I wanted to install the terminator package. The terminator package is in the Extra Repositories for Enterprise Linux repository. Step 1: wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm Step 2: yum install epel-release-latest-7.noarch.rpm Step 3: yum repolist Step 3 above shows all the repos you have loaded and access to: Loaded plugins: ulninfo[…]

SNMPv3

Enable v3, disable v1 and v2c Need to use v3 only and disable v1 and v2c. In /etc/snmp/snmpd.conf delete or comment the community names that are used for v1 and v2c (for example): rocommunity public 127.0.0.1 Your default community names may not exactly be called “public” Restart the snmpd daemon. # /etc/init.d/snmpd restart Verify that[…]