Install Secure Lab Tools in Fedora 26

I am working my way to dive in to the world of security testing. We have been going through the tasks on 30 days of security testing from Ministry Of Testing Dojo. The themed tasks is actually a really good way to keep up in learning new topics and deepening your knowledge on different issues at hand. Ministry Of Testing has a nice series of themed months on the catalogue and I warmly recommend to check them out.

We have been doing the themed months a bit differently. First of all, we accept the fact that there is weekends and people do not have to live, breathe and urinate testing. Even though it does help from time to time. So, our approach has been mainly to do 30 days of testing during the weekdays. Which means that instead of 4 weeks, we’ll accomplish it in approximately 6 weeks.

Anyhow, one of the things beside the security testing challenge has been us having a course on Ethical Hacking. The course is available in Udemy and it is reasonably priced, so I recommend that, at least if you’re not familiar with penetration testing and hacking techniques in general.

So, we go through tools and techniques and use Kali Linux for that. Which seems to be powerful to use. As I am running Fedora 26 on my workstation, I am running the penetration test stuff on Fedora Boxes (more stable than VirtualBox), but I noticed that it would actually be nice to have the tools on my actual workstation, too.

So I went and googled a bit and as I knew, someone had already solved my issue.  As I am using Finnish language on the laptop, my installation command was like this:

# sudo dnf groupinstall Turvallisuuslaboratorio

For most of the people who do not have the capability to understand Finnish, it would make sense to use something more, how to put it, understandable language, like English.

So, in that case I suppose the command should work like this:

# sudo dnf groupinstall security-lab


By the way, while writing this, I did write the Kali Linux on a USB disk. It actually feels better to have it there than fooling around with virtual machines (in this case). Even though I’ll have to reboot the computer if I want to run it.

Install jMeter in Fedora

I was a bit surprised for Fedora not having jmeter in the repository, but then I thought I could as well do the thingy in the old way 😀

First of all, we need to get the release:

wget http://apache.mirrors.spacedump.net//jmeter/binaries/apache-jmeter-3.1.tgz

Then we need to extract it:

sudo tar -xzf apache-jmeter-3.1.tgz -C /opt/

After that, we create the symlink to the jmeter -binary:

sudo ln -s /opt/apache-jmeter-3.1/bin/jmeter /usr/local/bin/jmeter

And as last, we create a desktop shortcut:

vi ~/.local/share/applications/jmeter.desktop

[Desktop Entry]
Type=Application
Encoding=UTF-8
Name=JMeter
Comment=JMeter
Exec=/usr/local/bin/jmeter
Icon=/opt/apache-jmeter-3.1/docs/images/jmeter_square.png
Terminal=false

 

That’s it. We’re done 😀

 

Run docker without sudo in Fedora 25

Sometimes things get weird. One could imagine that the documentation on docker (https://docs.docker.com/engine/installation/linux/fedora/) could be up to date. And when it comes to installation itself, it actually is.

The problem is/was that I was forced to run the docker with sudo (reasons are explained on both pages linked here, I’m not going to repeat them), and while both sites gave a solution, the docs.docker.com -instructions did not actually work. So I googled a bit more:
https://developer.fedoraproject.org/tools/docker/docker-installation.html

According to developer.fedoraproject.org, you’ll have to run the following two commands in order to get docker executed without sudoing.
Basically you’ll add a docker -group and add yourself to it.

$ sudo groupadd docker && sudo gpasswd -a ${USER} docker && sudo systemctl restart docker
 $ newgrp docker

Install XMind to Fedora

I’ve been using XMind a lot for mindmapping. It has fulfilled my needs somewhat well, at least I cannot come up with anything to nag about from the top of my head.

Except that there is only *.deb -package available for Linux. For the love of <pick your favorite deity here>. Not all of us are using Ubuntu. Don’t get me wrong, Ubuntu is ok to use. I’m not using it due to our servers are running CentOS. To get to know the issues you might run into when dealing with production, you should be using same (or at least one that is based on the same architecture) operating system on your workstation. So i do have Fedora, which is not CentOS, but close enough. I do admit being lazy here, there is CentOS -desktop available, but to get the tools needed to work with that is so much harder than with Fedora, that I did not even try this time. I might do that in the future, though.

Enough for OS rant.

  1. Download Xmind for linux from vendor site
  2. Uncompress the deb -package with ar
    1. [bluntinstrument@testing Downloads]$ ar -x xmind-x.y-xyz-linux_amd64.deb
  3. There will be 2 tarballs extracted, data.tar.gz & control.tar.gz
  4. Untar data.tar.gz:
    1. [bluntinstrument@testing Downloads]$ tar xf data.tar.gz
    2. You get a subfolder usr/
  5. [bluntinstrument@testing Downloads]$ sudo cp -r usr/bin/ /opt/xmind/
  6. [bluntinstrument@testing Downloads]$ sudo cp -r usr/lib/ /usr/
  7. [bluntinstrument@testing Downloads]$ sudo cp -r usr/share/ /usr/
  8. Untar control.tar.gz:
    1. [bluntinstrument@testing Downloads]$ tar xf control.tar.gz
    2. You get a script ‘postinst’
  9. [bluntinstrument@testing Downloads]$ sudo sh postinst
  10. Create symlink for XMind:
    1. sudo ln -s /opt/xmind/bin/XMind /usr/local/bin/XMind

And you’re good to go 😀

I used this guide as a reference: http://www.xmind.net/m/JKm6/ 

 

Excuses get in the way

I know, every excuse is just an excuse on failing to prioritise, but sometimes the prioritising actually gets you nailed down to something where you just have to concentrate and work on.  This week has been one of those.

So to say, releases flowing in from doors and windows and I find myself testing (or wanting to test) them all.

Which of course has meant that I haven’t been able to fulfil the 30 Days of Testing assignments. Currently I am lagging behind 1½ – 2 days. My plan is to get back on the track during this week, anyhow, meaning that I’ll do something during the weekend.

This is just to inform that I am aware of the situation.

Besides that, I ended up going through this tutorial yesterday and realised that this mochaJs-thing seems to be a neat way to learn JavaScript and some test development 😀 I might even give it a more thorough run later on. I also discussed with the author (Viktor Johansson) on collaborating and creating some neat tutorial with BDD & Robot Framework. Oh, and managed to install Skype on the Fedora, which is always an accomplishment 😉

We’ll see what tomorrow brings.