Yearly Archives: 2022

How to upgrade all Python packages with pip

21 September 2022 in Python tagged install / outdated / package / pip / update by Tux

Below is the command that we use to update all outdated packages in pip.

pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1  | xargs -n1 pip install -U;

Participation of Cyprus in the European Cyber Security Challenge ECSC 2022

7 September 2022 in Cyprus Computer Society / Cyprus Cyber Security Challenge tagged CCS / CCSC / cyprus computer society / Cyprus Cyber Security Challenge / ECSC / European Cyber Security Challenge by Tux

Next Monday, September 12, 2022, the National Cyber Security Team travels to Vienna to participate in the European Cyber Security Competition 2022.

33 countries participate in the ECSC competition with people aged 14-25 pupils, students, professionals, hackers, security researchers, as well as self-taught in the field of cyber security.

The Cypriot delegation consists of Simon Loizidis (Team Leader), Vasilis Charalambous, Andreas Tsouloupas, Odysseas Stavrou, Eleni Ioakeim, Christodoulos Sotiriou, Panagioti Gavriil, Christos Falas, Joseph Modestou, Marios Kailis, and Evangelos Liudakis. The team will be accompanied by the mentors: Marios Nicolaides, Christos Makrides, and Nicolas Markitanis, and on behalf of the European Coordinating Committee, George Michael.

The corresponding CCSC Pancyprian competition is organized annually by the Cyprus Computer Society (CCS) and the CyberMouflons Hacking Community. CCSC 2022 is sponsored by the Ministry of Defence, the Ministry of Education, Culture, Sports and Youth, the Cyprus Police, and the Digital Security Authority through the Office of the Communications Commissioner.

CCSC 22 Sponsors: Adacom Cyber Security, Defense.com, Deloitte, European University Cyprus, Exness, Frederick University, Grant Thornton, KPMG, Odyssey Cybersecurity, Oracle Academy, Try Hack Me, University of Central Lancashire (UCLan) Cyprus, and XM as well as supporters HostingB2B, MVPS.net, ICSI, Offensive Security, RedPoint, Robo Cy and SCP Academy, Silensec, Cyber Ranges.

Good luck to the participants!

You can see the team’s official video clip here:

Information on the website https://www.ccsc.org.cy and social networks on Facebook (@CCSC.Cyprus) and Twitter (@CCSC_Cyprus).

Cloudflare certificate on tomcat windows server

7 September 2022 in Windows tagged cloudflare / keystore / keytool / server / tomcat / windows by Tux

Use Keytool to Create a New Keystore at your Windows Server

Step 1

At your server, generate the Keystore file using keytool command at your command line window with the following command:

keytool -genkey -alias tomcat -keyalg RSA -keystore your_site_name.keystore -validity 3650

In the command above, your_site_name should be the name of the domain you want to secure with this SSL/TLS certificate.
When prompted for the first and last name, type the Fully Qualified Domain Name (FQDN) for the site you are securing with this certificate (e.g., www.yourdomain.com, mail.yourdomain.com).

Step 2

Generate a Certificate Signing Request (CSR) from your New Keystore using the keytool command:

keytool -certreq -alias tomcat -file certreq.csr -keystore your_site_name.keystore -keysize 2048

When prompted, enter the password you created earlier (when you created your new Keystore).
In your current directory, certreq.csr now contains your CSR.

Create the certificate from Cloudflare using the certificate request that you created from your Windows Server

Step 3

Open your Cloudflare account, select your domain, open the SSL/TLS tab and click on Origin Server to create the certificate

Step 4

Select the option I have my own private key and CSR where you will Copy-Paste the certificate you saved on the txt file from your Windows Server (certreq.csr), fill in the hostnames, select the expiration years, and press Create

Step 5

Copy-Paste in PKCS#7 key format the certificate in a text file and save the file

Import Cloudflare Origin CA root certificate at your Windows server

Step 6

Copy the Cloudflare Origin CA — RSA Root certificate from the Cloudflare website, save to a file and transfer it to your Windows Server.
[https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/#4-required-for-some-add-cloudflare-origin-ca-root-certificates]
Filename: origin_ca_rsa_root.pem

Step 7

Import the root certificate into your Keystore file.

keytool -import -alias root -keystore your_site_name.keystore -trustcacerts -file origin_ca_rsa_root.pem

Add the public certificate from Cloudflare to your Windows Server

Step 8

Copy the file with the PKCS#7 certificate from Cloudflare at your Windows Server

Step 9

Run the following command to import the public certificate at your Keystore

keytool -import -alias tomcat -keystore your_site_name.keystore -file your_site_name.p7b

You should get a confirmation that the “Certificate reply was installed in Keystore.”

Use the newly created server origin certificate from Cloudflare for your website.

Step 10

Find your Tomcat server configuration (server.xml file), make the following changes at your Connector, and save the file.

<Connector executor="tomcatThreadPool" port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\SysAidServer\ keystore your_site_name.keystore" keystorePass="XXXXXXXXXXXXXX" />

Step 11

Restart the Tomcat service

Bind for 0.0.0.0:443 failed: port is already allocated

30 August 2022 in Docker tagged bind / docker / docker-compose / images / pull / restart / service / timeout / update by Tux

On a Docker installation that we have, we updated the image files for our containers using the following command:

docker images --format "{{.Repository}}:{{.Tag}}" | grep ':latest' | xargs -L1 docker pull;

Then we tried to update our container, as usual, using the docker-compose command.

export COMPOSE_HTTP_TIMEOUT=180; # We extend the timeout to ensure there is enough time for all containers to start
docker-compose up -d --remove-orphans;

Unfortunately, we got the following error:

export COMPOSE_HTTP_TIMEOUT=180;
docker-compose up -d --remove-orphans;

Starting entry ... 
Starting entry ... error

ERROR: for entry  Cannot start service entry: driver failed programming external connectivity on endpoint entry (d3a5d95f55c4e872801e92b1f32d9693553bd553c414a371b8ba903cb48c2bd5): Bind for 0.0.0.0:443 failed: port is already allocated

ERROR: for entry  Cannot start service entry: driver failed programming external connectivity on endpoint entry (d3a5d95f55c4e872801e92b1f32d9693553bd553c414a371b8ba903cb48c2bd5): Bind for 0.0.0.0:443 failed: port is already allocated
ERROR: Encountered errors while bringing up the project.

We used the docker container ls command to check which container was hoarding port 443, but none was doing so. Because of this, we assumed that docker ran into a bug. The first step we took (and the last) which solved the problem was to restart the docker service as follows:

sudo service docker restart;

This command was enough to fix our problem without messing with docker further.

Bytefreaks.net – a place for hacks