Daily Archives: 18 February, 2021

How to stop a package from being updated in ubuntu apt with apt-mark

How to stop a package from being updated in ubuntu apt with apt-mark

Apt-mark is a command line tool that can help you choose which applications to be updated disabled or halted. You can set various settings for a package, such as
marking a package as being automatically/manually installed or changing dpkg selections such as hold, install, deinstall and purge.

For automatic and manual installation of packages you have several options like auto ( auto is used to mark a package as being automatically installed, which will cause the
package to be removed when no more manually installed packages depend on this package ), manual ( package as being manually installed, which will prevent the
package from being automatically removed if no other packages depend on it. ), showauto ( to print a list of automatically installed packages ) and showmanual ( can be used in the same way as showauto except that it will print a list of manually installed packages instead )

Here is an exmaple:

To prevent changes for a package we have the commands hold ( used to mark a package as held back, which will prevent the package from being
automatically installed, upgraded or removed ), unhold ( used to cancel a previously set hold on a package to allow all actions again ) and show hold ( used to print a list of packages on hold in the same way as for the other show commands ).

Here is an example:

In conclusion, we would say that the apt-mark command is one of the tools we need to know and be aware of its capabilities. For example, if you use the squid application and do not want the whole company to crash from one of its updates with the apt-mark command, you can easily defend yourself and test before launching the new update.

How to create a custom wordlist (password generator dump file) using Crunch

Create a custom wordlist (password generator dump file) using Crunch

What is Crunch?

Crunch is a great linux tool used for generating passwords. You can tell him what combination you need and it will generate it. If you need all the password combinations containing 6 digits and for example “abcde1234!” it will generate a file with all of them. The output from crunch can be sent to the screen, file, or to another program.

The syntax is really simple:

./crunch <from-len> <to-len> [-f <path to charset.lst> charset-name] [-o wordlist.txt or START] options: -f /path/to/charset.lst charset-name Specifies a character set from the charset.lst -o wordlist.txt Specifies the file to write the output to, eg: wordlist.txt ./crunch 8 8 -f charset.lst mixalpha-numeric-all-space -o wordlist.txt crunch should generate a 8 character wordlist using the mixalpha-number-all-space character set from charset.lst and will write the wordlist to a file named wordlist.txt. The file will start at cbdogaaa and end at " dog " For compleate manual please visit crunch man page.
Code language: Bash (bash)

Installation in Ubuntu linux

sudo apt install crunch

Installation in Debian linux

sudo apt-get install crunch
Code language: JavaScript (javascript)

Example 1 generating a 6 digit file containing “abcde1234!”

crunch 6 6 'abcde1234!' -o exportfile.txt
Code language: JavaScript (javascript)
crunch 6 6 'abcde1234!' -o exportfile.txt

Example 2 generating a 8 digit file containing special characters

crunch 8 8 pentest\@\#\$\%\^\&\! -o textnum.txt
Code language: PHP (php)
crunch 8 8 pentest\@\#\$\%\^\&\! -o textnum.txt

Here is a simple video using crunch

Conclusion

Crunch is used from penetration testing teams to generate random passwords to test wireless systems, firewalls and other IoT systems, it simple, easy to use and it’s fast.

If you are interested you can check How to generate a random password in linux using /dev/random

CertBot install ubuntua

How To Install a Let’s Encrypt SSL Certbot for Apache and Ubuntu 20.04

Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server.

Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate is. Certbot and Let’s Encrypt can automate away the pain and let you turn on and manage HTTPS with simple commands. Using Certbot and Let’s Encrypt is free, so there’s no need to arrange payment.

Installation of CertBot:

sudo apt update && sudo apt install certbot python-certbot-apache

Now lets get our new CertBot certificate

sudo certbot --apache

You will be asked some questions like your email, do agree to the Terms of Service and so on. Please fill them for your needs.

Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): Enter an email address where you can be contacted in case of urgent renewal and security notices. Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: Press a and ENTER to agree to the Terms of Service. Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: Press n and ENTER to not share your email address with EFF. Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: example.com 2: www.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):
Code language: PHP (php)

Now lets test our certificate

The site ssllabs.com/ssltest/ is perfect for testing

Auto Renewal

As Let’s Encrypt certs expire after 90 days, they need to be checked for renewal periodically. Certbot will automatically run twice a day and renew any certificate that is within thirty days of expiration.

To test that this renewal process is working correctly, you can run:

sudo certbot renew --dry-run

Conclusion

In conclusion Certbot is one of the best tools for the job. It’s automatic, it’s free and on top of that is very easy to install and maintain.