Monday, September 20, 2010

Network Booting a linux machine (PXE)

What exactly is this that i speak of? Think of booting up a machine with no hard-disk or cd drive. Of course you can do this with USB but if you have 5 diskless and cd driveless machines, that would mean you would need 5 unique USB drives to boot us a live linux OS. However, with network booting you can boot such diskless machines from one central server. This means administration is reduced to one central machine that all machines can boot from. It is also possible to boot a machine over the internet as well.

What i require on the server end is a pxe server. This will comprise of some services, mainly a tftp server and dhcp server and in some cases nfs or http server. In this example i will show you the most basic method for network booting a linux OS (tftp/dhcp server combo).

Note: I recomment using tftpd-hpa server over atftpd that comes with backtrack 4. Atftpd has a file size limitation in which it can download. Not sure exatcly what it is but i ran into a problem in downloading the initial ramdisk for ubuntu with syslog complaining about atftpd's inability to download certain sized blocks.

Will be using a simple linux OS called Tinycore

dhcpd.conf :

allow booting;
allow bootp;
default-lease-time 360;
max-lease-time 720;

subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.2 10.0.0.5;
option subnet-mask 255.255.255.0;
option routers 10.0.0.1;
option broadcast-address 10.0.0.255;
option domain-name-servers 10.0.0.1;
filename pxelinux.0;
nexe-server 10.0.0.1;
}

The filename portion is very important and is the bootloader that should be loaded over the network
The next-server specifies the tftp server that houses the bootloader.

Start up the dhcp server.

Set up the tftpd server. I usually do this from the commandline
# in.tftpd -l -v -s /root/tftpboot/

Copy the initrd and kernel files to the /root/tftpboot folder specified in your tftp service.
You would need to get the bootloader, gpxelinux.0, from syslinux packages. Just download syslinux and copy this file to your /root/tftpboot/ directory. Create a directory "pxelinux.cfg" and create a default text file with the following.

Prompt 0
Timeout 0
LABEL tinycore
KERNEL vmlinuz
APPEND initrd=initrd.gz


Now if your client's machines motherboard supports booting from lan, select this option in the boot menu and all should go well.
For PC's that do not support booting from lan, you can burn a gpxe image onto your usb key so your usb key would act like the pxe client. Head over to http://www.rom-o-matic.net/ and get a copy of the usb compatible gpxe image. Copy onto thumbdrive using dd:
# dd if=gpxe.img of=/dev/___.

Resouces/Good Reading: http://etherboot.orghttp://syslinuxzytor.com/wiki/index.php/PXELINUX



Sunday, September 12, 2010

Using Netcat and a symmetric algo (AES or 3DES) for secure commnuications

I was messing with netcat (again) transfering files back and forth from computer A to B. I know that the file transfer are indeed not secure and are transfered in plaintext and wanted to have netcat remedy this. Although there are secure alternatives to netcat (cryptcat and sbd), i love netcat, after all, netcat fathered most of these other tools. Plus i wanted a challenge. I wanted to use openssl's symmetric cyphers to encrypt data transfered through netcats client/server nodes.
Simple enough, it didn't take me long to put things together

Client:
# openssl enc -aes128 -nosalt -pass pass:mypass -in file.txt| nc -q 1 10.0.0.1 80

Server:
# nc -lvp 80 | openssl enc -aes128 -d -nosalt -pass pass:mypass -out file.txt