Heartbleed

So, there’s a new vulnerability out that affects SSL and pretty much all forms of encryption on the internet.

Fortunately, the OpenSSL library has been patched and assuming that you’re running a standard installation of Linux, all you have to do is:

sudo apt-get upgrade

before restarting any services that use SSL (email, web server, etc.)

You’ll also need to decide whether or not you want to regenerate any SSL certificates that you use on your server (for HTTPS or authentication, for example). Cloudflare proved that private keys can be stolen from your server while it’s vulnerable. As a fairly low-profile website, I’ve decided to only regenerate the keys needed for the secure sections. It’s unlikely that in the day or two from the exploit becoming public and me patching the server that someone’s managed to get the keys. However, if someone has stolen the private key for the blog, then I’m afraid it is possible for someone to snoop on you as you read this.

Source: xkcd

Installing Nginx as a Daemon

When you compile and install Nginx from source it’s not installed as a daemon, as it would be if you ran:

 sudo apt-get install nginx

Why would you install from the source? Many reasons. Unlike Apache, modules in Nginx need to be added at compile time. A list of modules is available here, and only a few of these are available by default.

So, let’s install Nginx as a daemon. Copy and paste the below text into /etc/init.d/nginx. You’ll need to be root to do this. Once you’ve done this, you can run the following code

 /usr/sbin/update-rc.d -f nginx defaults

to start nginx with the system.

You can then restart the webserver using “sudo service nginx restart”.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#! /bin/sh
 
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
 
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/nginx
NAME=nginx
DESC=nginx
 
test -x $DAEMON || exit 0
 
# Include nginx defaults if available
if [ -f /etc/default/nginx ] ; then
. /etc/default/nginx
fi
 
set -e
 
. /lib/lsb/init-functions
 
case "$1" in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --pidfile /etc/nginx/logs/$NAME.pid \
--exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile /etc/nginx/logs/$NAME.pid \
--exec $DAEMON || true
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile \
/etc/nginx/logs/$NAME.pid --exec $DAEMON || true
sleep 1
start-stop-daemon --start --quiet --pidfile \
/etc/nginx/logs/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
start-stop-daemon --stop --signal HUP --quiet --pidfile /etc/nginx/logs/$NAME.pid \
--exec $DAEMON || true
echo "$NAME."
;;
status)
status_of_proc -p /etc/nginx/logs/$NAME.pid "$DAEMON" nginx && exit 0 || exit $?
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|reload|force-reload|status}" >&2
exit 1
;;
esac
 
exit 0

Using Matlab to Map a Network

The following Matlab code will get all the hostnames from a /16 subnet.

It takes two arguments:

  • The first two octets of the subnet, in the form “xxx.xxx”
  • The DNS server that you wish to query. For best results this should be in the same subnet. It should be in the form “xxx.xxx.xxx.xxx”.

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
function hostnames = rdns(address,dns)
hostnames = cell(254,254);
for i = 1:254
    for j = 1:254
 
        T = evalc(sprintf('system(''nslookup %s.%d.%d %s'');',address,i,j,dns));
        C = strsplit(T,'\n');
        Name = C{4};
        Hostname = Name(10:end);
        hostnames{i,j} = Hostname;
    end 
end
sortHost(address,hostnames);
 
function TF = isalive(hostname)
out = evalc(sprintf('system(''ping -n 1 %s'')',hostname));
C = strsplit(out,'\n');
req_str = C{3};
TF = strcmp(req_str,'Request timed out. ');
end
 
function sortHost(address,hostnames)
outcells = cell(254*254,3);
for i = 1:254
    for j = 1:254
        idx = (i-1)*254+j;
        outcells{idx,1} = sprintf('%s.%d.%d',address,i,j);
        outcells{idx,2} = hostnames{i,j};
        outcells{idx,3} = isalive(sprintf('%s.%d.%d',address,i,j));
    end
end
xlswrite('Hostnames',outcells);
end

I’ll probably rewrite this script in Python at some point, or compile it as a .exe so that it can be used by anyone. I also aim to expand it so that it will work for any CIDR subnet.

Adding Python Packages in Windows

This is dead easy.

Up-to-date installations (the Python 3.4.0 installer can be found here) of Python in Windows come with ‘easy_install’ pre-installed.

Run this program, passing it  the filename of any package you wish to install (.egg, .zip or .tar.gz) and it will install it and place the files on the Python path to be used.

For popular packages, such as SciPy, you don’t need to download any packages. Just type into your command window:

easy_install scipy

This will only work if you have the prerequisite packages (SciPy requires NumPy, for example).

Welcome

Raspberry Pi

This site is essentially a blog of all programming, hacking and other engineering-y electronics-y things I get up to.