Kanashikute Yarikirenai

Japanese悲しくてやりきれない
RomanizedKanashikute Yarikirenai

This post refers to the cover by Kotoringo (コトリンゴ) for the movie “In this Corner of the World” (この世界の片隅に), released in 2016. I would have probably never found this piece if it wasn’t for the great movie.

You shouldn’t expect heavy action scenes in this movie though, as it is pretty much a slice-of-life anime revolving around a family during the end of WW2.

Great movie and definitely worth to watch, maby even more so than “Your Name” (君の名は)?

This is the cover by Kotoringo, which is used in the movie as an OST:

The original work by “The Folk Crusaders” (ザ・フォーク・クルセダーズ) from 1968:

Both versions are worth listening to!

SSH and Port Knocking

It turns out that SSH brute-force attacks, dictionary attacks or combinations of those are daily routines nowadays. Server logs are quickly filled with login attempts, in the hopes that one of them is right. The best prevention against these kind of attacks is to - obviously - have a secure password, or even better to force key-based authentication.

However, this won’t stop automated attacks from trying out dozens of usernames and passwords anyway, which is generally annoying. Thus, the approach to hide the SSH port, which by default is 22. One solution some people do is moving SSH to a non-standard port. Basically, some random number that won’t conflict with anything else.

Another interesting trick is to not immediately expose the SSH port, but only when a client is saying “Open Sesame”. Jokes aside, that’s roughly what port knocking allows us to do. There are many variants on port knocking and many programs that implement it. The following tutorial will use knockd as port-knocking server.

Install Prerequisites

Download and install the knock-server rpm package:

1
2
$ wget http://li.nux.ro/download/nux/misc/el6/i386/knock-server-0.5-7.el6.nux.i686.rpm
$ rpm -ivh knock-server-0.5-7.el6.nux.i686.rpm

Configuration

The configuration file can be found under /etc/knockd.conf.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[options]
logfile = /var/log/knockd.log

[openSSH]
sequence = 6000,7000,8000
seq_timeout = 15
command = /sbin/iptables -I INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn

[closeSSH]
sequence = 8000,7000,6000
seq_timeout = 15
command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn

In the above configuration, we’ve stated that any host that sends a TCP SYN message to port 6000, then 7000 and finally to 8000, within 15 seconds, will cause the iptables command to be run. As you can see, the use of iptables is not hard-coded to knockd at all, meaning that any command can be run when the port sequence is triggered, allowing us to do all sorts of fancy stuff. To close it up, we do the same sequence in reverse order (that’s because we have configured it to do so).

GPG Cheatsheet

GnuPG (GNU Privacy Guard) is a tool for encrypting and signing data. It is a completely free implementation of the OpenPGP standard (defined by RFC4880), which is also known as GPG. This post contains a brief overview of the most important commands you probably have to use when working with GnuPG.

Generating GPG Keys

1
$ gpg --gen-key

You will be asked what kind of key you want, simply proceed with the instructions that are given to you.

Listing GPG Keys

Listing public keys:

1
$ gpg --list-keys

Listing private keys:

1
$ gpg --list-secret-keys

Exporting GPG Keys

XML Introduction

A XML (short for Extensible Markup Language) document consists of:

  • the prolog (optional)
  • the document type definition (DTD, optional)
  • the root element (which furthermore consists of more elements, tree structure)

Comments and processing instructions can be defined outside of tags.

Prolog

The basic prolog looks like this: <?xml version="1.0" ?> An extended version: <?xml version="1.0" encoding="ISO-8859-1" standalone="yes" ?>

Attributes explained:

  • version: XML version
  • encoding: Character set, defaults to UTF-8
  • standalone: define if extern entities or DTDs are being referenced in this document

Document Type Definition

The DTD defines structure validation rules for our documents. We fundamentally construct elements with their respective type (analogous to the database schema).

Reasons to use DTD: