Search This Blog
Showing posts with label Auth. Show all posts
Showing posts with label Auth. Show all posts

Tuesday, June 04, 2019

Web Interface for Parental Control

This continues the Parental Control post from last month.

First of all, in order to protect the web page, we need an authentication method. A simple user/password will do for the moment (it's not perfect, you can bypass it by accessing directly the /cgi-bin/script.sh, but for the purpose of this exercise is OK-ish) .

Make sure that in the lighttpd.conf, mod_auth and mod_access are loaded,
server.modules += ( "mod_access" )
server.modules += ( "mod_auth" )

and the host section is protected

 HTTP["url"] =~ "^/" {
auth.backend = "plain"
auth.backend.plain.userfile = "/jffs/lighttpd/.lighttpdpassword"
auth.require = ( "/" => (
"method" => "basic",
"realm" => "Password protected Parental Control",
"require" => "valid-user"
))}
(where /jffs/lighttpd/.lighttpdpassword contains the plaintext credentials, let's say parent:password)


The following index.html must be placed into the lighthttpd www root (/jffs/www/):

<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
   <title>Parental Control</title>
     <form action="../cgi-bin/ai.sh" method="POST">
     <button name="name" value="value" style="background-color:lime;height:150px;width:400px"> Allow internet </button>
     </form><p><br>
     <form action="../cgi-bin/ag.sh" method="POST">
     <button name="name" value="value" style="background-color:yellowgreen;height:150px;width:400px">  Allow games  </button>
     </form><p><br>
     <form action="../cgi-bin/ay.sh" method="POST">
     <button name="name" value="value" style="background-color:khaki;height:150px;width:400px">  Allow only YouTube  </button>
     </form><p><br>
     <form action="../cgi-bin/ni.sh" method="POST">
     <button name="name" value="value" style="background-color:red;height:150px;width:400px"> No internet </button>
     </form><p><br>
     <form action="../cgi-bin/ng.sh" method="POST">
     <button name="name" value="value" style="background-color:lightcoral;height:150px;width:400px">  No games  </button>
     </form><p><br>
     <form action="../cgi-bin/lst.sh" method="POST">
     <button name="name" value="value" style="background-color:cyan;height:150px;width:400px">  Show actual  </button>
     </form>
 </head>
</html>

The following scripts will be placed into the ./cgi-bin folder:

ag.sh
#!/bin/sh
OUTPUT=$('/jffs/allow_game ; sleep 1; iptables -L FORWARD | grep DROP | grep -v "DROP       0    --  anywhere             anywhere" | if grep -q "DROP       0    --  192.168.1.128/28    anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"

ai.sh
#!/bin/sh
OUTPUT=$('/jffs/del_fw ;sleep 1; iptables -L FORWARD | grep DROP | grep -v "DROP       0    --  anywhere             anywhere" | if grep -q "DROP       0    --  192.168.1.128/28    anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"

ay.sh
#!/bin/sh
OUTPUT=$('/jffs/allow_yt ; sleep 1; iptables -L FORWARD | grep DROP | grep -v "DROP       0    --  anywhere             anywhere" | if grep -q "DROP       0    --  192.168.1.128/28    anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"

lst.sh
#!/bin/sh
OUTPUT=$('iptables -L FORWARD | grep DROP | grep -v "DROP       0    --  anywhere             anywhere" | if grep -q "DROP       0    --  192.168.1.128/28    anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi;' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"

ng.sh
#!/bin/sh
OUTPUT=$('/jffs/disable_game && iptables -L FORWARD | grep DROP | grep -v "DROP       0    --  anywhere             anywhere" | if grep -q "DROP       0    --  192.168.1.128/28    anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"

ni.sh
#!/bin/sh
OUTPUT=$('/jffs/add_fw && iptables -L FORWARD | grep DROP | grep -v "DROP       0    --  anywhere             anywhere" | if grep -q "DROP       0    --  192.168.1.128/28    anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"

Now a very simple web page will allow you to control the kids internet from any browser:

at No comments:
Labels: , , , , , ,

Monday, May 01, 2017

Limit number of unix logins 

cat .profile


#!/bin/sh
limit=3

session=`ps -ef | grep '\-sh' | grep $USER | grep -v grep`


number=`echo $session | wc -l`

if [ $number -ge $limit ]; then
echo "No more logins / Il n'y a plus de login. You are already logged as:
$session "

sleep 5
exit 0
fi












# to timeout after 15min of inactivity and forbid users to change the tmout:
echo "TMOUT=900
readonly TMOUT
export TMOUT" > /etc/profile.d/tmout.sh && chmox +x /etc/profile.d/tmout.sh













at





No comments:
  













Labels:
,
,
,
,
,

















          

        

          

        

Wednesday, April 08, 2015


          

        









HP ILO Linux - reset password












(hpsum must be already installed)



Reset Administrator password to “newpass”:







vi reset-password.xml







<ribcl VERSION="2.0">



<login USER_LOGIN="Administrator" PASSWORD="something_without_importance">



  <user_INFO MODE="write">



   <mod_USER USER_LOGIN="Administrator">



    <password value="newpass"/>



   </mod_USER>



  </user_INFO>



</login>



</ribcl>







hponcfg -f reset-password.xml -l log.txt ; cat log.txt











Add user "admin" with password "nosecurity":







vi  adduser.xml







<ribcl version="2.0">



<login user_login="Administrator" password="blah_blah_it_doesnt_matter">



<user_info mode="write">



<add_USER



USER_NAME="admin"



USER_LOGIN="admin"



PASSWORD="nosecurity">



<reset_SERVER_PRIV   value = "Y" />



<admin_PRIV   value = "Y" />



</add_USER>



</user_info>



</login>



</ribcl>







hponcfg -f adduser.xml -l log.txt ; cat log.txt


















at





No comments:
  













Labels:
,
,
,
,

















          

        

          

        

Tuesday, November 04, 2014


          

        









Windows Shell for TS - without Domain Controller










On the RD Session Host Configuration ,the following (compiled as c:\windows\tssession.exe) script is executed as initial shell:



;(c)2014  sorinakis@g**il.com



;msgbox, Username: %A_UserName%

AuthUsers = Administrator|administrator

Loop Parse, AuthUsers, |

{

 ifEqual, A_LoopField, %A_Username%

 {

  Sleep, 500

  Run, explorer.exe

  ;MsgBox EXPLORER Executed.

  GoTo, End

 }

else

 {

  ;MsgBox In the ELSE branch.

  Sleep, 500

  Run, D:\Partages\apps\LCM\Bin\wrun32.exe -ws -c D:\Partages\apps\LCM\etc\CBLCONFI-RZ_APP.ini utmenu

  Sleep 500

  WinMaximize, ahk_class AcucobolWClass

  IfWinExist, Cie(01)

  {

   WinMaximize,  Cie(01)

   Sleep, 500

   WinWaitClose, Cie(01)

   Sleep, 500

   Run, shutdown /l

  }

  Return

 }

}

End:

Sleep, 100

;MsgBox At the END.











at





No comments:
  













Labels:
,
,
,
,
,
,
,

















          

        

          

        

Saturday, November 17, 2012


          

        









BES - enable http auth











Because the BlackBerry browser uses the BES server to render the pages, the default user for integrated authentication is always "besadmin"
In order to allow the user to authentify itself, we must enable Authentication support on the MDS. Follow KB15642 on bb site  or just

 For BlackBerry Enterprise Server 4.1:
         1. In BlackBerry Manager, select <BlackBerry_Enterprise_Server_name>_MDS-CS_1.
         2. Click Edit Properties. 
         3. In the Properties window, click HTTP.
         4. Under Authentication set the Support HTTP Authentication to True.


  For BlackBerry Enterprise Server 5.0
         1. Open the BlackBerry Administration Service.
         2. Expand the BlackBerry Solution topology.
         3. Expand the component view.
         4. Select MDS connection service.
         5. Select the http tab.
         6. Set authentication support enabled to yes.
         7. If you change this configuration, you will need to restart the BlackBerry MDS service in the Windows Services window.

Configure the MDSLogin.conf file to include your domain name. This will populate the domain field for the BlackBerry smartphone user when they are prompted for credentials on their BlackBerry smartphone. Complete the following steps:

1.On the BlackBerry Enterprise Server, go to C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\servername\config. 
2.Open the MDSLogin.conf file in a text editor. 
3.Edit the MDS_Default section by replacing COMPANY.COM with your domain name.

Note: If the domain name starts with a number, surround the domain name with quotes ("")

4.If you wish to force a particular authentication type you can change the relevant optional entry to required. 
 
 Save and close the file.
 
C. Configure the krb5.conf file to include details relevant to your specific Microsoft Active Directory environment as follows:
    On the BlackBerry Enterprise Server navigate to C:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\servername\config. 
 

1.Open and edit the krb5.conf in a text editor.

The default sections and entries contained within this file are as follows:
[libdefaults]
default_tkt_enctypes = des-cbc-md5 ; or des-cbc-crc
default_tgs_enctypes = des-cbc-md5 ; or des-cbc-crc
[realms]
# change COMPANY.COM to your Kerberos realm
# change KDC:88 to the hostname:port of KDC
COMPANY.COM = {
kdc = your_kdc.your_domain.com:88} 
2.Replace the COMPANY.COM entry under the [realms] section with your domain name. Ensure this entry is in UPPER case.  
3.Enter the Fully Qualified Domain Name (FQDN) of the KDC within your Microsoft Active Directory environment and port number (if changed from the default of 88). Ensure host names and domain names are in lower case.  
4.Restart the BlackBerry MDS Connection Server service in Windows Services












at





No comments:
  













Labels:
,
,
,

















        

      









Subscribe to:
Comments (Atom)