Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Recently had an interview with a company. At some point an SELinux question came up and while I didn't provide the best answer ever (I'm hardly familiar with SELinux and mentioned that as well beforehand so they knew), it was technically correct and the reaction of the interviewers was funny.

TI (technical interviewer): say your php script isn't executed and after a while you find out that SELinux is blocking php script execution, how can you fix that?
Me: setenforce 0...? (essentially disabling SELinux at all)
TI: disabling it entirely for getting php execution to work?! That doesn't sound like a good solu...
HRI (HR (non technical) interviewer, also present): *turns to TI* - but, would it solve the problem?
TI: 😐 well, yes, but... That's a bad thing to do so I wouldn't count is corre..
HRI: *still aiming towards TI* but you simply asked him for a way to solve the php execution issue, would his answer work? Regardless of whether it's the best or worst solution, would it be a solution which works?
TI: well... yes...
HRI: then he answered correctly I'd say, next!

(yes, I'm aware that my answer wasn't good as for security at all but it would have solved that problem which is what was asked)

Working with a client...the resident """sysadmin""" hasn't actually been a sysadmin since the early 90s, the last OS he _actually_ managed was SunOS 5 or something. I can't remember what he said. He hasn't kept up AT ALL with modern technologies/terminologies. He's convinced SELinux is a security hardened kernel. We've explained to him several times that it's not but he sees Linux and thinks Linux 1.0 from the 90s. It's downright embarrassing.

Now this would all be well if I didn't have to interface with him often, but the client WILL NOT give me access to their systems. So I have to go through him to get anything done. Which is over webex. So I get to watch this guy type (and mess up) basic commands over and over (he isn't aware of tab completion of any of the bash features that are super useful). So I'm telling him what to type and the delay is always just enough for him to get too far in the command to back out, so its like SSH-over-incompetence with a 500ms ping. It's truly infuriating.

Every once in a while he'll get frustrated enough to hand me control of his webex session, which isn't as painful but once again the delay is bad enough it's still a pain.

Best part is that he looks EXACTLY like Milton from Office Space. So thats one plus to this whole situation!

Just now I was compiling a new kernel for my laptop because the last ones were from before my rootfs became LUKS-encrypted. Then I found that option about SELinux again.. NSA SELinux. A MAC system that linuxxx praised earlier. Should I tell him? 😜

!rant

Updating PHP from 5 to 7.2 on windows server at work the other day... Thought it would be easy, but I really find software management for windows a pain in the ass compared to package based solutions like apt, brew or pacman. It ended up taking way too long due to dependcies with the website, that weren't really documented, and setting up all the software that depended on PHP over again... I ended up writing 10 pages of documentation about how to updated PHP on windows, so the next programmer would have some idea of how to approach the problem.

Of course I suggested switching over to Chocolatey for windows, but my boss is skeptical since it's not the traditional way, and it seems like it will take too many resources. So now I have to make a presentation for her to convince her that package managers are superior to downloading stuff from phps website.

Wish me luck.

After using Linux every day for 3 years today I learned that listing directories requires the execute permission.

In a misdirected attempt to solve my problems I also learned the basic concepts of SELinux before realising that SELinux is disabled on the host and not present on the guest.

me@termux $ su -c pm list packages
android.os.DeadObjectException: Transaction failed on small parcel; remote process probably died at [...]

Hmm, strange.. wasn't that the proper command? 🤔
Maybe it's SELinux that's at it again? It's giving permission errors with /sys/class/power_supply/battery/capacity as well, which can only be solved by disabling SELinux it seems.

me@termux $ su -c setenforce 0
me@termux $ su -c pm list packages
(Gives list)

So it was SELinux after all.. FUCKING PIECE OF SHIT!!!

Windows users can't meme.

>tfw osx is more versatile than windows because of Unix structure
>tfw you don't have admin permissions
>tfw your doing important work but you get a forced update because you can't handle your own system

I am a Linux user myself but OSX is a lot more powerful, I don't understand windows fan boyism? The only thing good about windows is their application and game support and a lot of that can be fixed with wine on OSX and Linux

Fuck all authentication everywhere all the time. Fuck your passwords. Fuck your fingerprints. Fuck your rolling key fob. Fuck your aws secrets. Fuck your docker secrets. Fuck your oauth. Fuck your /etc/passwd. Fuck your groups. Fuck chmod and fuck chown and definitely fuck Kerberos. Fuck Saml. Fuck duo mobile. Fuck rotating pins. Fuck axiad. Fuck selinux. Fuck your fill out this form to get role based access. Fuck it doesn’t work because you can’t log in. Fuck it.

y'know it's nice to know that no matter what happens, some things in life never change. even if you want them to.

like no matter who you are, or what you're doing, SELinux will always be there to ruin your life....

Everytime you tell yourself "This time I'm going to make them stop putting the cart before the horse again!!! No more forced shit implementations!!! NO MORE ! I'm strong!!"

The last hour in the next week:
- Selinux: off
- Firewall: Any-Any
- Application data: Everything installed on OS disc.
- Documentation: At best, someone remembers the server supposed-to-be dns record
- Service Accounts: Your domain admin account and sysadmin for databases.
- Patching: DON'T EVER THINK ABOUT IT..AND NO REBOOTING! I have set very important runtime variables.
- Backup: Maybe someone else will set this up.
- Monitoring: Not needed since clients will create tickets if system fails.
- Production Status: vague at best. Sort of silently transitioned to production.
- Handover status: Probably, but I quit before the project closed.

!

Rule #1 : allways check selinux...

Anyone in here have experience with UML in the real entreprise world?

As a student I've learned a lot about documentation and software architectural design, I've worked 3 different places and worked with customers that were developers and all of them seemed to not really do architecture and documentation that well. Personally I find having an overview/guideline for bigger project really helpful

how come you don't see better software documentation and UML out there?

Maybe I just haven't found the right place yet

Well, well, well, Ubuntu. You piece of shit. Just installed selinux and guess what? Now it won't boot. Fuckin hell.

Next week I'm beginning a paid intership in an sysadmin/infrastructure manager/bit of devops position. My tutor already told me he would give me things to learn alone so we could work together on stuff, and I can't wait for it to begin.
However, in the meantime I don't have a lot of things to do, so I would like to put this downtime to use and start reading stuff.

I already know I'll be doing a lot of Linux (that, I already master pretty well), and also some Active Directory, Kubernetes, and a bit of DevOps. Those are the main keywords he throwed at me during the interview.

What subject would you advice me to start learning in advance ? Do you have nice resources/books/videos on those matters ?

I would have asked to my tutor but right now he's on holidays and I don't intend to piss him off with job related questions.

On a side note : do you have any good and complete documentation or learning resource about SELinux ? I've had issues with it on my main rig for some months and can't find any good answer so I decided to learn it as best as I can and come up with an answer on my own. Since I intend to work in the field, I should what there's to know about it anyway.

"XDebug is like the SELinux of PHP."

-"I know right? It's the thing you always have to disable when something weirds out."

- random dudes on the train home

as a seasoned systems eng myself, i had huge mental block of "i am not a programmer" whining when starting to incorperate agile/infrastructure as code for more seasoned syseng staff.

leadership made devops a role and not a practice so lots of growing pains. was finally able to win them over by asking them to look at how many 'scripts' and 'tools' they wrote to make life easier... and how much simpler and sustainable using puppet/ansible/chef/salt... and checking in all our sacred bin files and only approved 'scripts' would be pushed thru automation tool after post review.

we still are not programmers or developers, but using specific practices and source control took some time but saving us loads of time and gives us ability to actually do engineering

but just have 2 groups of younger guys that grew up wanting to be the bofh/crumudgen get off my systems types that are like not even 30... frustrating as they are the ones that should be more familiar with the shift from strictly ops to some overlap. and the devs that ask for root now that they can launch instances on aws or can launch docker containers and microservice..... ugggg. these 2 groups have never had to rack and stack servers, network gear, storage... just all magic to them because they can start 50 servers with a button click.

try to get past the iam roles, acls, facls, selinux and noshell i have been pushing. bitches.

I've been wondering about renting a new VPS to get all my websites sorted out again. I am tired of shared hosting and I am able to manage it as I've been in the past.

With so many great people here, I was trying to put together some of the best practices and resources on how to handle the setup and configuration of a new machine, and I hope this post may help someone while trying to gather the best know-how in the comments. Don't be scared by the lengthy post, please.

The following tips are mainly from @Condor, @Noob, @Linuxxx and some other were gathered in the webz. Thanks for @Linux for recommending me Vultr VPS. I would appreciate further feedback from the community on how to improve this and/or change anything that may seem incorrect or should be done in better way.

1. Clean install CentOS 7 or Ubuntu (I am used to both, do you recommend more? Why?)
2. Install existing updates
3. Disable root login
4. Disable password for ssh
5. RSA key login with strong passwords/passphrases
6. Set correct locale and correct timezone (if different from default)
7. Close all ports
8. Disable and delete unneeded services
9. Install CSF
10. Install knockd (is it worth it at all? Isn't it security through obscurity?)
11. Install Fail2Ban (worth to install side by side with CSF? If not, why?)
12. Install ufw firewall (or keep with CSF/Fail2Ban? Why?)
13. Install rkhunter
14. Install anti-rootkit software (side by side with rkhunter?) (SELinux or AppArmor? Why?)
15. Enable Nginx/CSF rate limiting against SYN attacks
16. For a server to be public, is an IDS / IPS recommended? If so, which and why?
17. Log Injection Attacks in Application Layer - I should keep an eye on them. Is there any tool to help scanning?

If I want to have a server that serves multiple websites, would you add/change anything to the following?
18. Install Docker and manage separate instances with a Dockerfile powered base image with the following? Or should I keep all the servers in one main installation?
19. Install Nginx
20. Install PHP-FPM
21. Install PHP7
22. Install Memcached
23. Install MariaDB
24. Install phpMyAdmin (On specific port? Any recommendations here?)

I am sorry if this is somewhat lengthy, but I hope it may get better and be a good starting guide for a new server setup (eventually become a repo). Feel free to contribute in the comments.

I had to work on a new apache server, after 3 hours of trying to figure out why this price of cap doesn't obey my will, I found out the SElinux in on(fuck you mode)

What is the point of having SElinux at all if every single product I install requires it to be turned off?

Setup a VPS from Linode today (they hair started offering 2 GB for 10 USD), and was really pissed when I discovered that their “cloud enhanced” kernel had disabled SELinux and generally removed all sorts of useful features and security features from the default CentOS kernel.

Created my first CentOS virtual machine to test code locally and at every step it seemed like SELinux was working against me. Has anyone else here spent hours trying to get just the right settings to run a webserver on an OS with SELinux or is it just me?