irregular spline

So, the case of the missing kernel headers continues with installing VMware Tools on Kali 2.0... As some of you may know, this issue was seen with Kali 1.0.5 when using it as a virtual machine on VMPlayer. Thankfully the fix is fairly easy. The specific error you might see is: Searching for a valid kernel header path... The path "" is not a valid path to the 4.0.0-kali1-amd64 kernel headers. Would you like to change it? [yes]  Or, if you're like me and just press enter: The path "" is not a valid path to the 4.0.0-kali1-amd64 kernel headers. Would you like to change it? [yes]  Okay, so let's get this fixed. My experience was similar to what was done in version 1.0.5, but with a small modification form what was done with the previous version (Titan Tech documented what to do in the previous version  HERE ). Here's what happened with me. Exit out of the install of VMware Tools and hammer through the following commands: echo cups enabled ...

So, this will be the start of a series that will build a python script for GPG/PGP file encryption. In this post, we'll look at installing gnupg for python and using python to setup the keystore, create a private key, exporting the associated public key, and importing a public key. Now everything done here can be done with simple gnupg commands, but learning how to do this with python will help in understanding the script we'll be building to complete file encryption. I will be covering non-python gnupg commands in a future post. Additionally, the folks at the python-gnupg site over at pythonhosted.org have done a really great job at documenting everything (link to their site at the bottom). The stuff I'll be going over will be more of a start-to-finish for anyone that may get lost in the muck of doing stuff with python. Full Disclosure #1: Any key identifier throughout the series of posts is FICTITIOUS and DOES NOT represent any real key, either associated with myself or...

Windows 10, so far, not that bad. I'll do some reviews of it in the very near future. But since my previous post on configuring privacy settings during the setup of Windows 10 (found HERE ), I've had a few people ask me, "Well, what if I used the Express Settings when I installed Windows 10?" My response, that's an easy fix. I'll quickly run through the changes that you'll need to make if you don't want to share things like you internet to spread updates, or WiFi passwords to you contacts, etc. So, here we go... Privacy Settings Most everything can be changed in the new Settings app, under the Privacy section. Let's take a look at whats there: General Settings Under the General section, you have the option to change things like letting apps use you ID for a 'universal experience' and providing information for targeted advertising. You also have the Smart Screen Filter there in between the two. As you can see from my screen shot, I h...

Here's something that I've come across a few times; you create a new Linux VM (either in a player like VirtualBox or VM Player or on an ESX host), and its not connecting to the network. For most people, the first things that are check are the router/firewall to make sure it was assigned to the appropriate groups for access, maybe turn off IPTables, check the resolv.conf file and even the hosts file. Well... what about checking to make sure that networking comes on in the first place. I've noticed that with some distributions of Linux that networking in general is off, on boot, by default (fun times). It's an easy enough fix, but annoying just the same. Here's how it's fixed. From the command prompt enter the following: sudo vi /etc/ sysconfig/network-scripts/ifcfg-eth0 In that fun little file, you should see a value like this: ONBOOT=off Change that 'off' value to 'on' (no quotes), save the file and restart the system. From then on, you...

From time to time, I have to set up some scheduled tasks that required a dedicated account to run. And when doing so, I'll usually forget that the dedicated account usually isn't given any more permissions than what it needs to complete the task at hand. So, after setting up the task, Windows will usually yell at me and say "The account needs batch job rights". So here's how to grant batch job permissions on your server. Go to your start menu, and start searching for Local Security Policy In the left pane of the MMC that opens up, expand Local Policies, and highlight User Rights Assignment. Now, in the left right pane, locate "Log on as a batch job" and double click it. In the properties window that opens up, add the user or group that needs this permission. I find that if you have multiple service accounts running different tasks on the same server, it's easier to just add a group verses the individual a...

I want to talk a little about MD5's, because every once in a while when downloading a file you might see something like: MD5: DrunkenTwoYearOldTypingOnAKeyboard So, let's do some explaining. MD5 is a fingerprint or "message digest" (the actual meaning of MD), AKA checksum, of a file. The MD5 algorithm is intended to provide a digital signature for large files that are compressed, and before they are encrypted with a private (or secret) key. The idea is that if a file has been tampered with, or the download was unsuccessful, you will receive a different MD5 checksum than the original or the one provided is. In short, MD5 is used to verify data's integrity. You can check out the MD5 Wiki HERE if you want more information. Now, in this post we will look at verifying a MD5 checksum. This could be one that a friend provided you for a file or message, or could be one that was provided with a download (more common). Especially if you are like me and have a tendency...

Sometimes you need to setup an SFTP account with a user name and password... Other times you're asked to provide a RSA key for authentication. I'll be going over the setup of an account using RSA authentication. For this setup, I have a CentOS Linux box sitting in the DMZ that has been hooked into Active Directory (AD) using Centrify (more about Centrify HERE ). I have Centrify scoped to only allow logins to users in two groups within AD, "Domain Admins" and "SFTP-Only-Users". The configuration/setup of Centrify is beyond the scope of this, but any documentation for setting up group based access can be found by searching through their KB articles. I also use Centrify enabled Samba to share the folders to the internal systems. This makes it easy to setup a task to move files from the SFTP directories to an internal file server, or to grant access to your internal users. Setting up the user account  With that said, the user account is created in AD, and as...

So...I had a piece of monitoring software that didn't play nice with the RHEL default rsyslog for log collection. The software was developed to only work with syslog-ng. I'll be going over the steps that I took, that worked for me, in replacing rsyslog with syslog-ng. I would imagine that these same steps should work for any Linux system similar to RHEL (Fedora, CentOS, etc.). For others (like Debein based distributions), I would need to look into that (coming in a future update to this post). First, remove rsyslog. You will need to keep the dependencies as they will be needed for syslog-ng: sudo rpm -e --nodeps rsyslog Next we will need to add the EPEL repository (more info can be found HERE ): wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm sudo rpm -ivh epel-release-6-8.rpm sudo yum repolist That last command will list all the installed repositories. You are simply verifying that the EPEL package has been installed. Now that we fi...

I've recently learned that it's not a bad idea to register ASP.NET with new instances of IIS. This tends to aid in resolving various issues with ASP.NET web extensions. Here's the quick and easy way to get that done. Open command prompt as Administrator and issue the following: cd c:\Windows\Microsoft.NET\Framework64\v4.0 The last directory 'v4.0' may be different depending on what version is installed. You will want to select the latest version that is available on your system. Now, in that directory, issue the following: aspnet_regiss -i You should see the following output: From there you need to reset IIS by issuing the following: iisreset Once that completes you should be good to go.

So... Windows 10 really likes to share your data with Microsoft and others. Most of the below settings are adapted from an Ars Tech article (found HERE ) plus my own personal experience with the setup of Windows 10. Just note that with increased privacy and/or security settings comes a decrease in features (such as disabling Cortana). You don't have to do all of these, but some of them I'd highly recommend. On the instillation screen you'll see a large button that says "Use Express Settings". Instead look for the small "Customize Settings" button and select that. The first customization page has settings for personalization, targeted advertising and location tracking. Go ahead and disable everything on this page. The second page has some useful options. Turn off the following options: Predictive Web Browsing; Connecting to open Wi-Fi hot spots; and Wi-Fi Sense Finish the install as directed. The rest of the changes will need to b...

Sometimes you're given all the certificate files you need. Other times you're given a PFX file... If you don't know by now, the PFX file is used primarily on Windows based IIS servers. But sometimes, if you run an Apache server, or load balancer, you need multiple files (cert, key, cert chain) in order to update the certificate information. This issue can arise if you're using a shared cert (like a wildcard), or if the person that manages the certs in your IT shop pulls a PFX without thinking. The easiest option is usually just to request the separate files from your Cert Issuing company, but sometimes that takes too long (if you aren't the one that manages it), or could potentially cost extra money. The process I outline below was completed on a Linux server with OpenSSL. Now, this can be completed on a Windows system, as long as OpenSSL is installed. I'll detail some Windows specific stuff, but this post will not be going over how to install OpenSSL. If you...