Monday, March 30, 2009

DIY Encrypted Password Vault

This is something I've needed at various jobs/situations for years...a place to store the root/router/database/web passwords that only I can see. There are a lot of desktop/handheld apps for this but I always feel like I could lose the computer/handheld that it's on and I'd be boned. I'd rather have something I can stick on a server somewhere and access via a remote shell....or carry it around on a thumb drive. Here are the scripts:

encrypt.sh
#! /bin/sh 

openssl bf -a -salt -in $1.txt -out $1.bf && rm -v $1.txt
decrypt.sh
#! /bin/sh 

openssl bf -a -d -salt -in $1.bf

To use it, create a file named blah.txt that has your secret info in it. Run the encrypt script first:
$ ./encrypt.sh blah
enter bf-cbc encryption password:
Verifying - enter bf-cbc encryption password:
removed `blah.txt'
It will encrypt the file and remove it. Check the contents of the file:
$ cat blah.bf
U2FsdGVkX1/+ZGiXPSZX8MED9aXrm1NfIEjpv5vvFKo=
It's actually base 64 encoded so you can email it to yourself for safe keeping if you so choose.

To decrypt for reading:
$ ./decrypt.sh blah
enter bf-cbc decryption password:
secret host: secret password
secret host2: secret password2
Now take the encrypted output file and the 2 scripts, email it to yourself and store a copy on a thumb drive. :)

# posted by Nathan : 3/30/2009 10:33:00 AM  3 Comments Links to this post

Monday, March 23, 2009

Why all phones need a silent ring

Telemarketers, vendors and people I'd rather not communicate with frequently intrude on my early morning slumber (esp East Coast vendors), meetings, lunches, free time and life in general. And since they usually call from unrecognized numbers, I feel compelled to answer (could be something important, right?) A co-worker and I have been using a neat technique to remove these individuals ability to communicate with us...create a new contact called "Do Not Answer" with a custom silent ring tone. Each time they call from a new number, add them as an additional number to that contact. And with that silent ring, now they can't interrupt you in meetings, at home, early in the morning, etc.

I used iTunes to make a silent ringtone...you can download it here: iPhone Silent Ringone

# posted by Nathan : 3/23/2009 09:28:00 AM  0 Comments Links to this post

Friday, March 13, 2009

automated nmap scans

Whipped this up for work, figured I'd share with the world, since it's decently useful. Stick it in cron nightly, needs to run as root. It will run a diff on what it sees and email you if there are new ports/hosts that pop up on your networks. If you find errors or mods, use this: http://pastebin.com/f635a7517 to modify it and post in the comments.

#! /bin/sh

DIR="/opt/nmap/scans"
NETWORKS="192.168.1.0-255"
TODAY=`date +%Y%m%d`
YESTERDAY=`date -d yesterday +%Y%m%d`


for network in $NETWORKS
do
      nmap -n -sS $network -oG $DIR/$network.$TODAY.nmap
done


for network in $NETWORKS
do
      diff -I "^#" $DIR/$network.$TODAY.nmap $DIR/$network.$YESTERDAY.nmap  > $DIR/$network.$TODAY.diff
done

for network in $NETWORKS
do
      SIZE=`find $DIR/$network.$TODAY.diff -size +0b`
      if [ "$SIZE" = "$DIR/$network.$TODAY.diff" ]
      then
              cat $DIR/$network.$TODAY.diff | mail -s "Change Detected for $network"  user@host.com
      fi
done

# posted by Nathan : 3/13/2009 04:14:00 PM  2 Comments Links to this post

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]