Information Security

Backtrack 5 : Information Gathering : Web Application Analysis : CMS Identification : wpscan

One of my favorite apps in Backtrack Linux that I recently discovered is wpscan. There are a ton of WordPress sites in the wild and using wpscan is an excellent way to begin an audit on a WP site. There are a couple things that wpscan does that is really amazing such as enumerating logins from WordPress sites and enumerating WordPress plugins that are installed. Below are a couple examples of how wpscan can be useful for WordPress web site analysis.

Information Security

SELinux prevented ruby from reading files stored on a NFS filesytem

While working on a server farm for a client I kept running into some issues with one of the servers. The issue appeared to be a single CentOS Linux server in a cluster of ten CentOS Linux servers configured exactly the same as the other nine CentOS Linux servers was having issues writing to a network storage device. Initially I figured that the CentOS Linux server having the issues had some permission issues with the directory that was mounted to the SAN (Storage Area Network) however after minimal troubleshooting it was verified that the permissions were identical to the other servers. I started looking through other logs on the server having the issue and located some SELinux errors that were noticeably related to the issue at hand. Below I describe where the SELinux error was located, what the specific errors were, and how I was able to resolve the errors on this specific CentOS Linux server.

Technology Insights

Redmine: The following error occured while sending email notification: 530 5.7.0 Must issue a STARTTLS command first.

Recently while working on a CentOS Linux server I downgraded Ruby version 1.8.7 p302 to Ruby version 1.8.6 p399 because of a project that was built for Ruby 1.8.6. The server is a development CentOS Linux server with numerous other projects already operational on it and so downgrading Ruby caused a couple issues one of which was with Redmine project management software. The issue was with sending email notifications for things such as file uploads, added issues, issue updates, etc. Below I describe the error in more detail, the reason for the error, and how to resolve the error sending email notifications.