Tag: linux

Installing Docker Engine on Debian Bullseye as an Ansible playbook

~ Tom's IT Cafe ~ 2 Comments

Docker Engine is an open source containerization technology for building and containerizing our applications. Docker Engine acts as a client-server application with a server with a long-running daemon process dockerd and APIs which specify interfaces that programs can use to talk to and instruct the Docker daemon. Docker Engine is available on a variety of Linux platforms, macOS and Windows 10 through Docker Desktop, and as a static binary installation. Docker Engine is the industry’s de facto container runtime that runs on various Linux (CentOS, Debian, Fedora, Oracle Linux, RHEL, and Ubuntu) and Windows Server operating systems.

Here’s an example playbook that we can use to install Docker Engine on Debian Bullseye after the base OS installation.

Continue reading “Installing Docker Engine on Debian Bullseye as an Ansible playbook”

How to install Hashicorp Vault on Debian

~ Tom's IT Cafe ~ Leave a comment

Hashicorp Vault is a popular tool for managing secrets and encryption in cloud environments. It allows us to store, access, and distribute sensitive data securely across different applications and platforms. In this blog post, I will show us how to install Hashicorp Vault on Debian 11 (Bullseye), the latest stable release of the Debian operating system.

Continue reading “How to install Hashicorp Vault on Debian”

Handling sensitive data with Ansible Vault: encrypting strings instead of files

~ Tom's IT Cafe ~ 1 Comment

Sometimes we may want to encrypt only a single variable value or a short piece of text that we need to use in our playbook or role. For example, we may want to encrypt a user password or an API key, and not an entire file. Encrypting single variables is also a good idea when we keep our files in Source Control Management like Git.

Ansible Vault has a function to encrypt only parts of files, to encrypt variables instead of the whole file.

Continue reading “Handling sensitive data with Ansible Vault: encrypting strings instead of files”

How to install ZoneMinder – an open source CCTV surveillance tool (and Android phones as IP cameras)

~ Tom's IT Cafe ~ Leave a comment

There are millions of CCTV and IP Camera tools and options on the market. If we want to protect our property then a camera system is a good idea. Physical security companies provide solutions with hardware, software and consultation, but if we want to play with the possibilities and the technology, then ZoneMinder is a great option.

Continue reading “How to install ZoneMinder – an open source CCTV surveillance tool (and Android phones as IP cameras)”

How to protect sensitive data with encrypted files (or elements) in Ansible – Ansible Vault

~ Tom's IT Cafe ~ Leave a comment

When we automate configurations we cannot avoid providing secrets to Ansible. The last thing we want is our secret data running around in plain text files on our control node. Luckily Ansible has a tool for this.

Ansible Vault is an integrated encryption tool in Ansible to manage sensitive data like passwords, keys and certificates. As with most parts of Ansible, we can start simple, and complexity can come later on.

Continue reading “How to protect sensitive data with encrypted files (or elements) in Ansible – Ansible Vault”

How to install LAMP stack on Debian Bullseye – the old way

~ Tom's IT Cafe ~ 1 Comment

The traditional “LAMP stack” means Linux, Apache2, MySQL/MariaDB and PHP for many IT practitioners. It is a collection of software and services for running dynamic web applications with database backends.

Linux is the Operating System kernel on which we run these services. Apache2 is a general web server for running static web sites. MariaDB is a relational database engine for storing persistent data. PHP is a lightweight, interpreted language for writing dynamic server side code for web applications.

A large slice of the known web sites run on the LAMP stack today.

Continue reading “How to install LAMP stack on Debian Bullseye – the old way”

How to install and manage VMWare Workstation Pro virtual machines?

~ Tom's IT Cafe ~ Leave a comment

If we want a cool personal lab environment, then we have to use cool tools and technology. Virtual machines are one of the best inventions for learning and practicing IT in isolated environments. We can simulate and test Operating System changes, kernel modifications and even network configurations from our chair on our PC or notebook. Let’s build a basic test lab!

Continue reading “How to install and manage VMWare Workstation Pro virtual machines?”

How to brute force a web application password with Burp Suite? Basic dictionary attack in practice!

~ Tom's IT Cafe ~ Leave a comment

With Burp Suite we can initiate dictionary attacks against a website. This time in this simulated attack we will brute force the login field of the Juice Shop web application. We already know the email address of an admin user, so we have to make sure to find the right password.

Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to brute force a web application password with Burp Suite? Basic dictionary attack in practice!”

How to brute force FTP users and passwords with Hydra? Ethical Hacking in real life!

~ Tom's IT Cafe ~ 1 Comment

In this article we will investigate other functionalities of the Cyber Security test tool Hydra. In one of the previous articles we cracked a user password on a Linux system through SSH. In this example we do not know the exact username of any FTP user. We will create a list of possible usernames along our password list. All of these operations happen in a personal lab.

Important note: hacking in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to brute force FTP users and passwords with Hydra? Ethical Hacking in real life!”

How to crack passwords with John the Ripper? Password hacking in real practice as an Ethical Hacker!

~ Tom's IT Cafe ~ 2 Comments

In the first part of this series we found out a user’s password with Hydra with simply attacking his account via SSH. It is a so called “dictionary attack”, and because of the lack of security measurements we could get into the remote system.

In this exercise we continue our Ethical Hacking journey and we will find a way to get root privileges on the remote machine. This is called privilege escalation.

Important note: cracking passwords in the wild is illegal! Do NOT do it out of the lab, unless you are a penetration tester with a signed contract!

Continue reading “How to crack passwords with John the Ripper? Password hacking in real practice as an Ethical Hacker!”

How and why to use software RAID on Linux?

~ Tom's IT Cafe ~ 2 Comments

RAID stands for Redundant Array of Independent Disks. It is used for performance, availability and security reasons. Different virtual and physical storage devices can be combined into logical RAID arrays in different configuration levels (like RAID 0 is striping and RAID 1 is mirroring). The array looks like a single device on the computer. RAID is useful when we want to handle a large amount of data. It enhances speed and increases our storage capacity. The possible data loss because of disk failure is mitigated by adding parity disks to our configuration.

Continue reading “How and why to use software RAID on Linux?”

How to install a Debian Linux Penetration Testing machine?

~ Tom's IT Cafe ~ Leave a comment

There are excellent Linux distributions for Cyber Security professionals like Kali. They ship all the the bells and whistles that is needed for the tasks. If we want to learn how to put together our own Penetration Testing system we can use a fresh Debian Linux box. I created a small setup from the NetInstall iso starting from the defaults.

Continue reading “How to install a Debian Linux Penetration Testing machine?”

Understanding the Linux Cron and Crontab

~ Tom's IT Cafe ~ Leave a comment

The UNIX/Linux systems have a powerful tool for scheduling tasks while the computer is running. The daemon that is responsible for initiating the tasks (called cronjobs) is called cron, while the tool that lets us edit the configuration is the crontab. Once we understand the basics of cron we can easily master editing the cron files.

Continue reading “Understanding the Linux Cron and Crontab”