Certificate » Password
makepasswd --chars 16 --count 10 --crypt-md5
:'
wTwezXF4sNLoWBsI $1$OCSDx0zn$U9WW0udI8pYfIrCCuz2Md1
pfHyhrtvHC4p3oW5 $1$6b/SQRXF$UwLDhHZMyWfsw/S0g6GgZ1
WLNv9CD8XcR3poHp $1$oVsmVh6Q$Vq4amLARt2iMezos.pT1N.
cCJvJU8rFeHbu4Ix $1$qlaCpIFj$jWqjkdALO535Ww58k3KE2/
7WeBH8nwMXR78Gdd $1$afyCWr0p$6bMRrvCnrBeo/BdVJi70E1
IxGjQAogqv3e18rj $1$60UWcAxR$bFfRlXHzVvZkjTripK9v..
JXveCv0LjsAix5cp $1$FANZ3WNf$hq2BPd1SXdL.2yvKf0/.7/
eoFqedaFpKKDqVCw $1$4TCNgJCv$v1z4Y8IR5a4Nan5VkAAe8/
9npSy42dxUH2w15y $1$APixN7OV$XIe.K3qPi/aezzWyhf7F./
SuwCWQ39RNKUcKAM $1$qnnfDUE1$ucuWcIpNBuCvCBjCiHaoG/
'
Certificate » RootCA
ROOTCA_CNF="$(mktemp -u)"
cat <<'CNF'|tee ${ROOTCA_CNF} >/dev/null
[ req ]
prompt = no
distinguished_name = dn
[ dn ]
C = MY
ST = WP Kuala Lumpur
L = Kuala Lumpur
O = Chorke, Inc.
OU = Chorke
CN = chorke.org
emailAddress = info@chorke.org
CNF
echo -n 'Password: ';read -s ROOTCA_PASS_PHRASE;export ROOTCA_PASS_PHRASE;echo
# Password: pfHyhrtvHC4p3oW5
openssl genpkey -algorithm RSA -out rootCA.key -aes256 -pass file:<(echo "${ROOTCA_PASS_PHRASE}")
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config ${ROOTCA_CNF} -passin file:<(echo "${ROOTCA_PASS_PHRASE}")
Certificate » RootCA » SubCA
SUBCA_CNF="$(mktemp -u)"
cat <<'CNF'|tee ${SUBCA_CNF} >/dev/null
[ req ]
prompt = no
distinguished_name = dn
attributes = req_attrs
[ dn ]
C = MY
ST = WP Kuala Lumpur
L = Kuala Lumpur
O = Chorke, Inc.
OU = Academia
CN = chorke.org
emailAddress = info@chorke.org
[req_attrs]
challengePassword = ChangeIt
unstructuredName = Chorke Academia, Inc.
CNF
echo -n 'Password: ';read -s SUBCA_PASS_PHRASE;export SUBCA_PASS_PHRASE;echo
# Password: wTwezXF4sNLoWBsI
openssl genpkey -algorithm RSA -out subCA.key -aes256 -pass file:<(echo "${SUBCA_PASS_PHRASE}")
openssl req -new -key subCA.key -out subCA.csr -config ${SUBCA_CNF} -passin file:<(echo "$SUBCA_PASS_PHRASE")
openssl x509 -req -in subCA.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out subCA.pem -days 1024 -sha256 -passin file:<(echo "${ROOTCA_PASS_PHRASE}")
Certificate » RootCA » SubCA » Server
SERVER_CNF="$(mktemp -u)"
cat <<'CNF'|tee ${SERVER_CNF} >/dev/null
[ req ]
prompt = no
distinguished_name = dn
attributes = req_attrs
[ dn ]
C = MY
ST = WP Kuala Lumpur
L = Kuala Lumpur
O = Chorke, Inc.
OU = Academia
CN = chorke.org
emailAddress = info@chorke.org
[req_attrs]
challengePassword = ChangeIt
unstructuredName = Chorke Academia, Inc.
CNF
openssl genpkey -algorithm RSA -out server.key
openssl req -new -key server.key -out server.csr -config ${SERVER_CNF}
openssl x509 -req -in server.csr -CA subCA.pem -CAkey subCA.key -CAcreateserial -out server.crt -days 1024 -sha256 -passin file:<(echo "${SUBCA_PASS_PHRASE}")
Playground
nmap vpn.shahed.biz --reason -Pn --top 20
nmap vpn.shahed.biz --reason -Pn -p25,465,587,993
|
sudo tail -n100 -f /var/log/auth.log
sudo tail -n100 -f /var/log/kern.log
|
sudo cat /etc/shadow|grep nobody
last
|
|
sudo apt-get install makepasswd
echo 'sadaqah!'|makepasswd --crypt-md5 --clearfrom=-
|
makepasswd --chars 12 --count 5 --crypt-md5
makepasswd --chars 12 --count 5 --crypt
|
makepasswd --chars 12 --count 5
makepasswd --chars 12
|
References