Create MySQL accounts from command line

mysql --user="root" --password="your_root_password"

CREATE USER 'new_username'@'localhost' IDENTIFIED BY 'password_for_new_username';

GRANT ALL ON *.* TO 'new_username'@'localhost'; (change for your security/access situation)

exit

MySQL error: ERROR 1045 (28000)

PROBLEM
Trying to login MySQL with a newly created user, error:

mysql -u username-p
Enter password: xxxxx
ERROR 1045 (28000): Access denied for user 'xxxxx'@'localhost' (using password: YES)

SOLUTION
Restart MySQL
( sudo /etc/init.d/mysql restart )

RRDtool

RRDtool is the OpenSource industry standard, high performance data logging and graphing system for time series data. Use it to write your custom monitoring shell scripts or create whole applications using its Perl, Python, Ruby, TCL or PHP bindings.

http://oss.oetiker.ch/rrdtool/

The BlindElephant Web Application Fingerprinter

The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.

http://blindelephant.sourceforge.net

Project Razorback

Project Razorback™ is an undertaking by the Sourcefire VRT.

Razorback is a framework for an intelligence driven security solution. It consists of a Dispatcher at the core of the system, surrounded by Nuggets of varying types.

Project hosting for Razorback and the surrounding Nuggets is provided by Sourceforge. The following links will take you to the Sourceforge hosted sites.

http://labs.snort.org/razorback/

MRTG error: Creating templock /var/lock/mrtg/_xxx.cfg No such file or directory at /usr/bin/mrtg line

MRTG stopped working after restart of the server.

Error in mrtg.log:
MRTG error: Creating templock /var/lock/mrtg/_xxx.cfg No such file or directory at /usr/bin/mrtg line

SOLUTION
mkdir /var/lock/mrtg

Cacti

Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

http://www.cacti.net

Shinken

Shinken is a new, Nagios compatible monitoring tool, written in Python. The main goal of Shinken is to allow users to have a fully flexible architecture for their monitoring system that can easily scale to large environments. It’s as simple as in all the marketing “cloud computing” slides, but here, it’s real!
Shinken is backwards-compatible with the Nagios configuration standard and plugins. It works on any operating system and architecture that supports Python, which includes Windows and Mac OS X/Darwin.

http://www.shinken-monitoring.org

NSClient++

NSClient++ aims to be a simple yet powerful and secure monitoring daemon for Windows operating systems. It is built for Nagios, but nothing in the daemon is actually Nagios specific and could probably, with little or no change, be integrated into any monitoring software that supports running user tools for polling.

http://nsclient.org

MySQL Control Center

MySQL Control Center is an excellent GUI front end for MySQL database creation and administration. It allows multiple concurrent MySQL server connections, MDI (or not under Linux), stored login credentials, point and click dump file imports and more.

http://sourceforge.net/projects/mysqlcc/

Change keyoboard layout Debian Linux

After installing OSSIM I disovered that they keyboard layout was qwerty and I needed azerty. Using the command below will help you to change to a different layout:

dpkg-reconfigure console-data

FreeTDS

FreeTDS is a set of libraries for Unix and Linux that allows your programs to natively talk to Microsoft SQL Server and Sybase databases.

http://www.freetds.org

Lynx - text based browser (Linux)

Lynx is a text-only Web browser for use on cursor-addressable character cell terminals. It is released as Free software under the GNU General Public License. Supported protocols are Gopher, HTTP, HTTPS, FTP, WAIS, and NNTP.

Installation instructions:
sudo apt-get install lynx



http://lynx.isc.org

PsGetsid

PsGetsid allows you to translate SIDs to their display name and vice versa. It works on builtin accounts, domain accounts, and local accounts.

http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

Eggdrop

Eggdrop is the world's most popular open source Internet Relay Chat (IRC) bot. Originally created by Robey Pointer in December 1993 for use on a channel called #gayteen, it has spawned an almost cult like following of users. It is a feature rich program designed to be easily used and expanded upon (using Tcl scripting) by both novice and advanced IRC users on a variety of hardware and software platforms.

http://www.eggheads.org

Security event manager (SEM)

A security event manager (SEM) is a computerized tool used on enterprise data networks to centralize the storage and interpretation of logs, or events, generated by other software running on the network.

Click here for more information @ Wikipedia

iSCSI

In computing, iSCSI (pronounced /aɪˈskʌzi/ "eye-scuzzy"), is an abbreviation of Internet Small Computer System Interface, an Internet Protocol (IP)-based storage networking standard for linking data storage facilities. By carrying SCSI commands over IP networks, iSCSI is used to facilitate data transfers over intranets and to manage storage over long distances. iSCSI can be used to transmit data over local area networks (LANs), wide area networks (WANs), or the Internet and can enable location-independent data storage and retrieval. The protocol allows clients (called initiators) to send SCSI commands (CDBs) to SCSI storage devices (targets) on remote servers. It is a popular storage area network (SAN) protocol, allowing organizations to consolidate storage into data center storage arrays while providing hosts (such as database and web servers) with the illusion of locally-attached disks. Unlike traditional Fibre Channel, which requires special-purpose cabling, iSCSI can be run over long distances using existing network infrastructure.

Click here to read more @ Wikipedia

LUN

In computer storage, a logical unit number or LUN is the identifier of a SCSI logical unit, and by extension of a Fibre Channel or iSCSI logical unit. A logical unit is a SCSI protocol entity which performs classic storage operations such as read and write. Each SCSI target provides one or more logical units. A logical unit typically corresponds to a storage volume and is represented within a computer operating system as a device.

Click here for more info @ Wikipedia

FirePlotter

FirePlotter is a real-time session monitor for your firewall. FirePlotter, simply shows you the traffic that is flowing through your internet connection moment to moment - in real-time. FirePlotter can also be described as a firewall vizualization tool, or a bandwidth analyzer or a connection monitor for your Cisco ASA/PIX firewall or FortiNet FortiGate firewall. FirePlotter can replay all the session data it collects.

http://www.fireplotter.com

Tobi Oetiker's MRTG - The Multi Router Traffic Grapher

You have a router, you want to know what it does all day long? Then MRTG is for you. It will monitor SNMP network devices and draw pretty pictures showing how much traffic has passed through each interface.

http://oss.oetiker.ch/mrtg

Simple Network Management Protocol (SNMP)

Simple Network Management Protocol (SNMP) is a UDP-based network protocol. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.

SNMP exposes management data in the form of variables on the managed systems, which describe the system configuration. These variables can then be queried (and sometimes set) by managing applications.

Click here for more information @ Wikipedia

SEC - simple event correlator

SEC is an open source and platform independent event correlation tool that was designed to fill the gap between commercial event correlation systems and homegrown solutions that usually comprise a few simple shell scripts. SEC accepts input from regular files, named pipes, and standard input, and can thus be employed as an event correlator for any application that is able to write its output events to a file stream. The SEC configuration is stored in text files as rules, each rule specifying an event matching condition, an action list, and optionally a Boolean expression whose truth value decides whether the rule can be applied at a given moment. Regular expressions, Perl subroutines, etc. are used for defining event matching conditions. SEC can produce output events by executing user-specified shell scripts or programs (e.g., snmptrap or mail), by writing messages to pipes or files, and by various other means.

http://simple-evcorr.sourceforge.net

Burp Scanner

Burp Scanner is a tool for performing automated discovery of security vulnerabilities in web applications. It is designed to be used by penetration testers, and to fit in closely with your existing techniques and methodologies for performing manual and semi-automated penetration tests of web applications.

http://portswigger.net/scanner/

DenyHosts

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

http://denyhosts.sourceforge.net

Install Ubuntu security updates from command line

You can install Ubuntu (security updates) from command line by typing:

sudo apt-get dist-upgrade
(dist-upgrade, in addition to performing the function of upgrade, also intelligently handles changing dependencies with new versions of packages)

OR

sudo apt-get upgrade
(upgrade is used to install the newest versions of all packages currently installed on the system)