Monday, April 25, 2016

Securing Ubuntu 16.04 LTS: Disable Guest Account

Disable Guest Account in Ubuntu 16.04 LTS

LightDM configuration files are located in /usr/share/lightdm and /etc/lightdm. Disabling Guest account can be easily done by adding a rule into one of the two directories. And below I made a change in /etc/lightdm:

First I created a folder inside  lightdm using the command
# sudo mkdir /etc/lightdm/lightdm.conf.d

Secondly I changed the working directory by entering the command
# cd lightdm.conf.d

Thirdly I created a file called '50-no-guest.conf' inside the above directory and add below two lines to the newly created file.
To create the file:
# sudo vi 50-no-guest.conf

Then add below entries to the file
[SeatDefaults]
allow-guest=false


This can be done by the command in a single step.
# sudo sh -c 'printf "[SeatDefaults]\nallow-guest=false\n" > /etc/lightdm/lightdm.conf.d/50-no-guest.conf'

In order to reenable the Guest account, you may use the command.
# sudo rm /etc/lightdm/lightdm.conf.d/50-no-guest.conf

Friday, April 22, 2016

Creating Encrypted Private/Separate Partition on Ubuntu 16.04 LTS

I wanted to convert an already configured partition to an encrypted partition. As the encryption utility, "cryptsetup" was used.

Since mine was a fresh installation, I was not worrying about loosing data on my Laptop. However if you are planning to do the same, please make sure to backup all the data before start conversion.

Below command shows you the details of available disks.
#fdisk -l

Device         Start       End   Sectors  Size Type
/dev/sda1       2048    923647    921600  450M Windows recovery environment
/dev/sda2     923648   1128447    204800  100M EFI System
.......

.......
/dev/sda6  567171072 582795263  15624192  7.5G Linux swap
/dev/sda7  582795264 781459455 198664192 94.7G Linux filesystem
/dev/sda8  781459456 976771071 195311616 93.1G Linux filesystem



Using the below command also shows you the details of partitioned disk.
 # df -h

Filesystem      Size  Used Avail Use% Mounted on
udev            3.9G     0  3.9G   0% /dev
tmpfs           788M  9.6M  778M   2% /run
/dev/sda7        94G  4.1G   85G   5% /
...........
...........
/dev/sda8      92G   60M   87G   1% /CERT


I wanted to convert /dev/sda8 partition to an encrypted partition. In oder to view the integration of /dev/sda8 disk, fstab file details. The fstab (/etc/fstab) (or file systems table) file is a system configuration file on Debian systems. The fstab file typically lists all available disks and disk partitions, and indicates how they are to be initialized or otherwise integrated into the overall system's file system. This conf file can be read using the command:
#cat /etc/fstab
# cat /etc/fstab
# /etc/fstab: static file system information.
#
#              
# / was on /dev/sda7 during installation
UUID=61050990-a94f-4629-81cb-14722123d668 /               ext4    errors=remount-ro 0       1
# /CERT was on /dev/sda8 during installation

UUID=424bae11-5e73-44e8-9ccd-d1eb3ef44f82 /CERT           ext4    defaults        0       2
# /boot/efi was on /dev/sda2 during installation
UUID=E413-CC25  /boot/efi       vfat    umask=0077      0       1
# swap was on /dev/sda6 during installation
UUID=1dd43a59-2bc7-49ce-b7b3-964ec836620f none            swap    sw              0       0


To encrypt the partition, I used the Disk Utility, which comes with Ubuntu 16.04. The below steps show the process of encrypting a partition.

Below figure shows the file system before the encryption.



Below figure shows the way of encrypting the partition. At this stage you need to enter a strong passphrase which complies with password security configuration best practices.


Below figure shows the file system configuration once the encryption is finished.


Finally I rebooted the system to check possible errors. After rebooting the OS, I manually mounted the encrypted partition.Below image shows a snap of manual mounting process. Passphrase needs to be entered here.



Errors encountered during the process of setting up an encrypted partition.

If you don't have already installed version of "cryptsetup". You will get the below error message when you try to create the encrypted partition.


Opz. I got the above error message and I installed cryptsetup using the below command and restarted the above encryption process.
#sudo apt-get install cryptsetup

If you forgot to comment/delete the existing entry pertaining to /dev/sda8 in /etc/fstab, you will encounter an error message during reboot. Unfortunately I was experiencing the same error. :(

I was ended up with a error message saying that:
"A start job is running for dev-disk-by\x....................device. " 

After waiting up to 90 seconds, I found myself in emergency mode.

I order to trouble shoot, I ran the below steps.
To view the active and inactive disk units, I used the below command.
#systemctl --full -a |grep x2duuid

When listing units, "-a" show all loaded units, regardless of their state, including inactive units. With the filter to show only "x2duuid", active and inactive disks could be viewed. The received output is:


The above output shows that the partition with the UUID 424bae11-5e73-44e8-9ccd-d1eb3ef44f82 is inactive. This is the the encrypted partition.

I commented the entry pertaining to above partition from fstab as show below.

# cat /etc/fstab
# /etc/fstab: static file system information.
#
#              
# / was on /dev/sda7 during installation
UUID=61050990-a94f-4629-81cb-14722123d668 /               ext4    errors=remount-ro 0       1
# /CERT was on /dev/sda8 during installation

#UUID=424bae11-5e73-44e8-9ccd-d1eb3ef44f82 /CERT           ext4    defaults        0       2
# /boot/efi was on /dev/sda2 during installation

As the final step I rebooted my system and fortunately It worked for me.

After OS is booted up, you can manually mount the encrypted partition by double clicking in file explorer.


Install Oracle VirtualBox 5.0.18 on Ubuntu 16.04 ("Xenial") Desktop AMD64


I was trying to install Oracle VirtualBox 5.0.18 on my newly installed Ubuntu 16.04 ("Xenial") Desktop AMD64.

VirtualBox 5.0.18 for Ubuntu 16.04 Desktop AMD64 edition can be downloaded from: http://download.virtualbox.org/virtualbox/5.0.18/virtualbox-5.0_5.0.18-106667~Ubuntu~xenial_amd64.deb

Once it is downloaded I entered the below command to install it.
#sudo dpkg -i virtualbox-5.0_5.0.18-106667~Ubuntu~xenial_amd64.deb

However I was getting the dependency errors listed below.
dpkg: dependency problems prevent configuration of virtualbox-5.0:
 virtualbox-5.0 depends on libqt4-opengl (>= 4:4.7.2); however:
  Package libqt4-opengl is not installed.


dpkg: error processing package virtualbox-5.0 (--install):
 dependency problems - leaving unconfigured
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (229-4ubuntu4) ...
Processing triggers for hicolor-icon-theme (0.15-0ubuntu1) ...
Processing triggers for shared-mime-info (1.5-2) ...
Processing triggers for gnome-menus (3.13.3-6ubuntu3) ...
Processing triggers for desktop-file-utils (0.22-1ubuntu5) ...
Processing triggers for bamfdaemon (0.5.3~bzr0+16.04.20160415-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for mime-support (3.59ubuntu1) ...
Errors were encountered while processing:
 virtualbox-5.0

 
I assume that you might have also encounted the same error while you are trying to install VirtualBox on Ubuntu 16.04.

To resolve the above error. I tried the below list of commands. Firstly I checked for latest updates using:
#sudo apt-get update

Then installed the missing packages using the command:
#sudo apt-get install libqt4-opengl

At this stage you may try the below command instead of individually installing missing packages.
#sudo apt-get -f install

This will fix the previously encountered error and recompile the VirtualBox and you will get the below output in your terminal.
Setting up virtualbox-5.0 (5.0.18-106667~Ubuntu~xenial) ...
Adding group `vboxusers' (GID 129) ...
Done.
Stopping VirtualBox kernel modules ...done.
Recompiling VirtualBox kernel modules

 ...done.
Starting VirtualBox kernel modules ...failed!
  (modprobe vboxdrv failed. Please use 'dmesg' to find out why)
Processing triggers for libc-bin (2.23-0ubuntu3) ...

Wednesday, April 20, 2016

Verify Package Integrity Using RPM

RPM is a great utility used to install, upgrade and verify software packages on your Red Hat system. It's the verify feature that we are most interested in as this can be used to check our files and make sure they have not been modified or replaced.

I was trying to check the package integrity using RPM. Unfortunately I was having hard time to read the output.

For example, how should I interpret the output.?

S.5....T.    /etc/init/serial.conf
.M.......    /usr/lib
.M....G..    /usr/sbin/cvuqdisk
missing     /lib/modules/2.6.32-300.25.1.el6uek.x86_64/extra



Herewith I'm sharing a way of interpreting the output of the command.
# rpm -qVa | awk '$2 != "c" {print $0}'

To explain the switches of the above command. The first is the "-V" switch which allows you to check the integrity of all files associated with a specific package. The output we receive may look like the above published output.

The only files that get listed are the files that fail the verification. Any files that are not listed are assumed to be OK. On the left of this output we have the reason why this particular file failed the verify check. A legend of the results would be as followed:

S = size change
M = permissions change
5 = MD5 changed
L = Symlink changed
D = Device change
U = User change
G = Group change
T = Date/Time change
missing = file is gone


When reviewing RPM's output, keep an eye out for very strange entries like a change in the MD5 value but the date/time stamp and/or file size is reported as being the same. This could be caused by an attacker who has modified or replaced files but is trying to cover their tracks. But for other files we need to check carefully to see whether the integrity has been compromised or not.

In order to analyze the results for example, in the above output, it says the file has been modified. But for configuration files this is common and it needs to be modified to suit the requirement. But we should ensure that it has been modified correctly and they are legitimate.