Sunday, April 29, 2018

systemd and rc.local

Once again while in systemd land I discovered something, how to re-re-enable rc.local. Granted, from what I’ve read rc.local should really go the way of the dodo but I don’t feel like writing the new systemd stuff.

Link here.

To summarize it up:

The solution 

As you can see from above, The unit file have no [Install] section. As such Systemd can not enable it. First we need to create a file:

sudo vi /etc/systemd/system/rc-local.service

Then add the following content to it.

[Unit]
 Description=/etc/rc.local Compatibility
 ConditionPathExists=/etc/rc.local

[Service]
 Type=forking
 ExecStart=/etc/rc.local start
 TimeoutSec=0
 StandardOutput=tty
 RemainAfterExit=yes
 SysVStartPriority=99
[Install]
 WantedBy=multi-user.target

Save and close the file. Make sure /etc/rc.local file is executable.

sudo chmod +x /etc/rc.local

After that, enable the service on system boot:

sudo systemctl enable rc-local

Output:

Created symlink from /etc/systemd/system/multi-user.target.wants/rc-local.service to /etc/systemd/system/rc-local.service.

Now start the service and check its status:

sudo systemctl start rc-local.service
sudo systemctl status rc-local.service
at No comments:

Kali default runlevel

As I’m customizing the Kali image for my pen bot I once again came across the hell that is systemd, what would have been rc.local is now of course a steaming pile of systemd stuff. The same goes for the default run level since init is now a thing of the past, this Stack Exchange answer was helpful. You can no longer just set the initdefault level in /etc/inittab.

Debian as-shipped boots towards the graphical target. You can see this yourself:
$ ls -l /etc/systemd/system/default.target...No such file or directory
$ ls -l /lib/systemd/system/default.target... /lib/systemd/system/default.target -> graphical.target

So to boot towards the multiuser target all you need do is to put in own target:
$ cd /etc/systemd/system/
$ sudo ln -s /lib/systemd/system/multi-user.target default.target


It is highly recommended not to mess with the manual symlink-ing, but rather use appropriate options of the systemctl command. In this case, to set the default target you should run:
# systemctl set-default multi-user.target
at

Saturday, April 28, 2018

OpenVPN server on a Raspberry Pi

I am in the middle of configuring a Raspberry Pi 3 to act as an OpenVPN server for my remote pen test bots to use as Command and Control (C2). Ultimately C2 will run in AWS but for now I'm prototyping at home using my crappy Comcast connection. The first issue to get around is the lack of a static IP for the clients to connect to so I'm setting up NoIP as the dynamic DNS for this, here's what I've done.

Step one, go to www.no-ip.com and create a free account. Once that’s done create a hostname for your dynamic connection.

Step two, obtain and install the No-Ip Linux client on the Pi like this:

cd /usr/local/src/
wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
tar xvf noip-duc-linux.tar.gz
cd noip-2.1.9.1/
make install

This leaves /usr/local/bin/noip2 in place, run it and you will be prompted to enter the username/password for the noip account created in step 1, this will create /usr/local/etc/no-ip2.conf

Step three, create an init script. Edit a file /etc/init.d/noip2 and add the following contents to it:

#!/bin/sh
# /etc/init.d/noip2

# Supplied by no-ip.com
# Modified for Debian GNU/Linux by Eivind L. Rygge <eivind@rygge.org>
# Updated by David Courtney to not use pidfile 130130 for Debian 6.
# Updated again by David Courtney to "LSBize" the script for Debian 7.

### BEGIN INIT INFO
# Provides: noip2
# Required-Start: networking
# Required-Stop:
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start noip2 at boot time
# Description: Start noip2 at boot time
### END INIT INFO

# . /etc/rc.d/init.d/functions # uncomment/modify for your killproc

DAEMON=/usr/local/bin/noip2
NAME=noip2

test -x $DAEMON || exit 0

case "$1" in
start)
echo -n "Starting dynamic address update: "
start-stop-daemon --start --exec $DAEMON
echo "noip2."
;;
stop)
echo -n "Shutting down dynamic address update:"
start-stop-daemon --stop --oknodo --retry 30 --exec $DAEMON
echo "noip2."
;;

restart)
echo -n "Restarting dynamic address update: "
start-stop-daemon --stop --oknodo --retry 30 --exec $DAEMON
start-stop-daemon --start --exec $DAEMON
echo "noip2."
;;

*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

Install it to run at startup using the command: update-rc.d noip2 defaults the run it via service noip2 start. You can check it via the command service noip2 status, you should be good to go.

at No comments:
Subscribe to: Posts (Atom)

Current Audible Reading List

Title You Never Forget Your First: A Biography of George Washington A Self-Made Man: The Politica...

  • OpenVAS Performance Tuning
    As part of a project I'm working on right now I wanted to know what the "optimal" settings were for running OpenVAS on an ODRO...
  • OpenVAS port 80
    By default the OPenVAS security assistant listens on port 80 and redirects connections to port 9392, this causes issues if you want to run a...
  • Installing and using Tor on Max OS/X
    I often have need to use Tor for various testing purposes, mainly to determine how an adversary uses it, and I often just want to run it fro...