The Trick to compiling Modsecurity-nginx (>v.1.24) on Raspberry Pi

To any users trying to compile the ModSecurity module for nginx 1.21.5 and up, there are some changes to be made according to this github issue. 2.

The issue is related to a change in nginx (now nginx is built with the PCRE2 library by default).
PCRE2 support must be added to the library (libmodsecurity) and then to the connector. Applying just the connector’s PR will lead to enormous memory leaks in regex processing.

Long story short: use –without-pcre2 configure argument when building ModSecurity-nginx V3 connector module.

So your full module configure line should look like this:
./configure --with-compat --without-pcre2 --add-dynamic-module=/usr/local/src/ModSecurity-nginx

How to install Letsencrypt Certificates on Open VPN Access Server Web Interface

In this tutorial we are going to show you how to install letsencrypt certificates on your OpenVPN Access Server’s Web Interface. This tutorial assumes you are using an ubuntu or debian based distribution.

STEP 1:

SSH into your openvpn access server in your terminal, and install certbot:

sudo apt update && sudo apt install certbot

STEP 2:

Configure your DNS A records from your registrar to point to your server’s public IP address. If you are using cloudflare, it should look like this:

STEP 3:

Run certbot and enter the answers to its questions.

sudo certbot certonly

How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1

Enter email address (used for urgent renewal and security notices): contact@nerd-tech.net

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory

(A)gree/(C)ancel: A


Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: N


Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): vpn.yourdomain.com (ex: vpn.nerd-tech.net)
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vpn.nerd-tech.net
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/vpn.nerd-tech.net/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/vpn.nerd-tech.net/privkey.pem
    Your cert will expire on 2021-12-18. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    “certbot renew”
  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
  • If you like Certbot, please consider supporting our work by: Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

Now enter the following lines replacing vpn.mydomain.com with your domain prefaced with a vpn and a dot (ex: vpn.nerd-tech.net).

/usr/local/openvpn_as/scripts/sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/vpn.mydomain.com/privkey.pem" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/vpn.mydomain.com/cert.pem" ConfigPut
sudo /usr/local/openvpn_as/scripts/sacli --key "cs.ca_bundle" --value_file "/etc/letsencrypt/live/vpn.mydomain.com/chain.pem" ConfigPut
sudo /usr/local/openvpn_as/scripts/sacli start

RunStart warm None
{
“active_profile”: “Default”,
“errors”: {},
“last_restarted”: “Sun Sep 19 10:09:45 2021”,
“service_status”: {
“api”: “on”,
“auth”: “on”,
“bridge”: “on”,
“client_query”: “restarted”,
“crl”: “on”,
“daemon_pre”: “on”,
“db_push”: “on”,
“ip6tables_live”: “on”,
“ip6tables_openvpn”: “on”,
“iptables_live”: “on”,
“iptables_openvpn”: “on”,
“iptables_web”: “restarted”,
“log”: “on”,
“openvpn_0”: “on”,
“subscription”: “on”,
“user”: “on”,
“web”: “restarted”
}
}
WILL_RESTART [‘web’, ‘client’]

Now, restart your Openvpn Access Server.

sudo service openvpnas restart

Now you can browse to your new domain on port 943 (unless you changed openvpnas default web interface port).

So open your web browser and go to https://vpn.yourdomain.com:943/admin

You should see a lock icon in the top left corner of your browser, indicating that you are now using your secure letsencrypt certificates.

FINALLY, you need to log into your admin web interface, and change your hostname to the hostname you created for it.

And that is how you install letsencrypt certificates on the Openvpn Access Server Web Interface!

How to prepare, create, secure, organize and futureproof your children’s digital identity and assets in the modern age!

The other day I went over to my cousin’s, who has a wife and two kids. My cousin, is what you would call an average parent overwhelmed by our infinite momentum into the digital age. Like many parents and adults his age, his young children are starting to understand electronics, computers, and technology a lot faster and better than he does. For the majority of you running a family, this is pretty much inevitable. Although this is more so a good thing, it can potentially have unwanted affects and facilitate dubious, (or at the very least, unconventional) technological behavior by our children, without us even knowing. A major debacle that I’m sure you are familiar with, is properly organizing your digital life and identies (how many email addresses do you have by now, how many facebook profiles do you have, is your email for your linkedin account different than your email for facebook and instagram, do you also have a work email, do you and your spouse share an email address and thus, share contacts, possibly having duplicate contacts in each others address books? etc. etc.?) into a cohesive structure.

Read More »

Keepass 2.43, The best Password manager for Mac OS thats not for Mac OS… Until Now

I’ve always been fascinated with password managers, as without them, my life would be an utter mess. When trying different password managers for the Mac, I discovered that none of them were really perfect. Being a security freak, I frown upon security based applications that are riddled with private code and made from closed source. For those of you who don’t understand what that means, it means that only the company who creates the application can review and modify the code that the app is built on. This means, that the entire world outside of the developers for that company, are excluded from checking the app for security holes. Open source, is the exact opposite. Open source, allows the code for an app to be viewed transparently (as opposed to encrypted), by every software engineer or developer in the entire world. Often you will hear programmers screaming that open source is the most secure, and it is, because it effectively invites every programmer in the world to oversee the code and check it for bugs or security holes. There is a lot of strength when inviting the eyes of the world to check your work for errors, as opposed to only allowing the ten or fifteen people at your small company to check their code for errors. That being said, I wanted a cross platform open source password manager that stored my password database files locally or in my private cloud and had excellent encryption algorithms. After a lot of searching and sifting through apps on iOS, MacOS, windows, and ubuntu, I came to realize that the password manager of my desire didn’t actually exist.

I used to be an avid user of Datavault Password manager, which is a pretty decent app that is is with Mac OS and iOS. However, it has no compatibility with linux, and once again, is Closed source (untrustworthy). Same goes for the rest of the password managers for Mac and iOS. Well, except one, that technically, doesn’t exist for Mac (aside from closed source ports that aren’t compatible with keepass 2.4 databases). The app is an open source app made for windows called Keepass Password Safe, the most recent version being Keepass 2.4. It is full of great encryption features, security features, plugins, best of all, completely open source, and quite possibly, the most secure password manager in existence. Fortunately, it is also compatible with a great open source iOS app Called MiniKeePass, that is also a free for download. It’s compatible with Keepass 1 and Keepass 2 databases, meaning that you can sync your passwords from your iOS device to your Windows Keepass v2.4 app. This is AWESOME! But what about syncing it from iOS (or Windows for that matter) to your Mac? Well, until now, it wasn’t possible (at least not for the most up to date version of Keepass 2).Keepass 2.23 for mac on official keepass website, this is an outdated version of keepass for mac os.pngBut fortunately, Nerd-Tech has created a solution. We have used Wine for Mac, to port Keepass V2.40 to Mac OS, compatible with High Sierra. Furthermore, we have packaged it with the majority of plugins already installed. Our favorite, is the auto mount plugin for vera-crypt. Oh yes, Keepass 2 is compatible with Vera-crypt, one of the best if not the best, encryption solutions for private data, EVER!

If you are looking for the best cross platform password manager ever, look no further then our custom ported version of KeePass 2.43 for Mac OS! Download it and start tinkering. Shortly, we will post a much longer write up on how to sync all of your keepass apps in one single cloud database and auto update themselves across windows, Mac and iOS. Enjoy this free app, and feel free to post any questions!