Generate a CSR with OpenSSL on Centos Linux

Check if Openssh installed:
# rpm -qa | grep -i openssl
Installing Openssl:
# yum install openssl openssl-devel
Create directories:
# mkdir ~/domain.com.ssl/
# cd ~/domain.com.ssl/
Creating private key:
# openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048
Creating CSR:
# openssl req -new -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
Verify:
# openssl req -noout -text -in ~/domain.com.ssl/domain.com.csr

Install XRDP Windows Terminal Server for Linux and connect with Windows RDP client



style="display:inline-block;width:728px;height:90px"
data-ad-client="ca-pub-2816557902734959"
data-ad-slot="4172041448">

Install/Update EPEL & RPMforge to CentOS 6.X
#rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-X.X.x86_64.rpm 
#rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-X.X.noarch.rpm 
#yum -y update
#yum repolist

Install needed Packages
#yum install -y xrdp tigervnc-server autoconf automake libtool openssl-devel pam-devel libX11-devel libXfixes-devel

Download and install the updated version of XRDP
I downloaded mine to roots home directory in order confirm that everything is being installed correctly
http://www.xrdp.org/ 
#tar -zxf xrdp-v0.X.X.tar.gz
#mv xrdp-v0.X.X/ /usr/lib64/xrdp-v0.X.X/
#cd /usr/lib64/xrdp-v0. X.X/

Now to install updated version of XRDP
#./bootstrap
#./configure
#make
#make install

Setup Users Groups
#groupadd tsusers
#groupadd tsadmins

Edit Groups file
#nano -w /etc/groups

Edit the following lines to look like this.
tsusers:x:501:YOURUSERNAME
tsadmins:x:502:root

Now to setup VNC Password for the user that you want to use XRDP Services
#su YOURUSERNAME
#vncpasswd
Insert your password twice
#exit
To return root user

Time to Edit the VNC Server
#nano -w /etc/sysconfig/vncservers

Insert at the end of file
VNCSERVERS="1:YOURUSERNAME"
VNCSERVERARGS[1]="-geometry 1024x768 -depth 16"

Now to hook XRDP Server to the rc.local file
#nano -w /etc/rc.local
or
#nano -w /etc/rc.d/rc.local

Add the following to the end of the file
/etc/xrdp/xrdp.sh start

Now to turn on the services and setup the Startup when you reboot
#chkconfig vncserver on
#service vncserver start
#/etc/xrdp/xrdp.sh start

Now you should be able to RDP to your linux system. Please keep in mind that you may need to port forward port 3389 if your firewall is enabled. If you are unable to connect try rebooting your systems and see if it will let you connect. I found it has a 50/50 chance to allow you to connect on the first time without a reboot. Below is a screen shoot of what you should see when you connect to system.

 

Cisco ASA 9 on GNS 3

Here I am going to show you how to configure the Cisco ASA 9 on GNS3.
You need a 64 bit computer with at least 8GB of memory!


style="display:inline-block;width:728px;height:90px"
data-ad-client="ca-pub-2816557902734959"
data-ad-slot="4172041448">


To get ASA 9 running on GNS3 plz follow the below steps:

1-Download and Install GNS3 from the below url:

http://www.gns3.net/download

2- Download the required files from the below location:


http://www.mediafire.com/download.php?ssadit26atl3llms1

3- Configure GNS3 preferrences -> QEMU -> ASA with below settings

RAM: 2048 MiB
Number of NICs: 8

Qemu options: -m 2048 -icount auto -hdachs 980,16,32

Initrd:          C:\ASA\asa90-initrd.gz
Kernel:          C:\ASA\asa90-vmlinuz
Kernel cmd line: -append ide_generic.probe_mask=0x01 ide_core.chs=0.0:980,16,32 auto nousb console=ttyS0,9600 bigphysarea=65536

 

Nagios Complete Monitoring System with Check_mk and pnp4nagios and mrtg


As we all know, nagios is one of the best and biggest open source moniroting systems available. With lots of extensions and modules, nagios is the most popular monitoring software.

I have been working on Nagios for the last couple of years and the combination of Nagios, pnp4nagios, mrtg and check_mk will give you a very nice complete monitoring solution.

pnp4nagios provides a nice history trend report for the services and check_mk is one of the strongest plugins for service monitoring. MRTG as we know it provides snmp monitoring and graphs.

Below are the installation steps:

1- Required packages on Linux are:

php, python, apache, mod_python, httpd-devel

nagios and nagios plugins

check_mk (need python,apache,xinetd,nagios)

pnp4nagios (requires rrdtools)

mrtg, snmp, snmp-utils

2- Install all the packages with yum or apt-get.

3- I am not going to explain the basic nagios installation and configuration as you can find it everywhere, but what you need to do to get the pnp4nagios working:

# You need to add configuration of nagios.conf from its sample configuration to the nagios configuraiton file.
(From /usr/local/pnp4nagios/etc/nagios.cfg to  /usr/local/nagios/etc/nagios.cfg)

# At the end of /usr/local/nagios/etc/objects/commands.cfg, add the command definitions:

define command{
command_name process-service-perfdata-file
command_line $USER1$/process_perfdata.pl –bulk=/usr/local/nagios/var/serviceperfdata
}
define command{
command_name process-host-perfdata-file
command_line $USER1$/process_perfdata.pl –bulk=/usr/local/nagios/var/hostperfdata
}

# There is one more step to complete the setup. We need to enable extended info in Nagios so that links
to the graphs are created for each applicable host and service.
Append two entries to /usr/local/nagios/etc/objects/templates.cfg:

define host {
name host-pnp
register 0
action_url /nagios/pnp/index.php?host=$HOSTNAME$
}
define service {
name srv-pnp
register 0
action_url /nagios/pnp/index.php?host=$HOSTNAME$&srv=$SERVICEDESC$
}

# These are templates that you add to each host and service definition with graphs:

define host {
use linux-server,host-pnp
host_name ubuntu
alias ubuntu
address 127.0.0.1
}
define service {
use local-service,srv-pnp
host_name ubuntu
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}

4- After installing nagios and its configuration and pnp4nagios, now it is time for check_mk installation and configuration.

Example of configuration for check_mk main configuration file:

/etc/check_mk/main.mk

all_hosts = [
 "xyzabc1|muc",
 'xyzabc2|ber',
 "xyzabc3|ber|test|some|other|tag",
 "xyzabc4|tcp",
 "10.0.34.35",
]

ipaddresses = {
  “xzyabc1″ : “10.0.34.18”,
  “xyzcba2″ : “192.168.0.17”,
}

Optional:    # if you want to ignore checking some services
ignored_checktypes = [ "systemtime", "logwatch", ]

and run the below commands to recreate the inventory and add nagios templates and objects.

check_mk -II
check_mk -O

If you don’t know the checks and services names of check_mk:

cmk -L to view check_types
cmk -D to view services

5- Now it is time to install mrtg for network monitoring.

Install mrtg and snmp and snmp-utils

create mrtg cfg files:

# cfgmake public@10.1.1.1 >> /var/lib/mrtg/10.1.1.1
# cat 10.1.1.1 >> /etc/mrtg/mrtg.cfg

# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg

create a bash file for above command and add it to crontab for every 5 min (if it is not in there already by default)

This will create log files on /var/lib/mrtg/*.log

use the log files for switch.cfg on nagios (you need check_mrtgtraf plugin installed)

##############################################
define service{

    use            generic-service,srv-pnp; Inherit values from a template

    host_name        Cisco-Switch

    service_description    Port 1 Bandwidth Usage

    check_command        check_local_mrtgtraf!/var/lib/mrtg/10.1.1.1_1.log!AVG!1000000,2000000!5000000,5000000!10

    }
##############################################

Enjoy!

Send SMS notifications with Nagios using a GSM modem

Follow the below steps to set up Nagios to send SMS notifications with a GSM modem

 


 

1) ############## Install the GSM modem ##############################

Physically connect your GSM modem and find out if it is installed and which tty it is using.

Check if it is installed properly:

lsusb        # you should see your device is listed

dmesg | grep tty       # will help you to find the proper tty for your device

2) ############## Install gammu #######################################

use yum to install gammu

yum install gammu

3) ###############    Specify device in gammu config file /etc/gammurc  ######################

    [gammu]
    port= /dev/ttyS0   #or /dev/ttyUSB0   #or /dev/ttyACM0
    connection = at115200

4) ############### Check and set the permissions on the device #####################################

ls -l /dev/ttyS0

crw-rw—- 1 root dialout 4, 64 2008-05-21 14:23 ttyS0

You can notice the usergroup is “dialout” and the owner is root.

You need to add www-data (or apache) and nagios to the dialoutgroup

sudo usermod -a -G dialout nagios
sudo usermod -a -G dialout www-data

5) ###################  Test it! #########################################

You can now try to send an SMS :

su nagios
echo “sms test” | /usr/bin/gammu –sendsms TEXT +336xxxxxxxxx

6) ############### Commands on Nagios #########################

define command{
        command_name    notify-host-by-sms
        command_line    /usr/bin/printf “%b” “Nagios Notification: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nTime: $LONGDATETIME$\n” | /usr/bin/gammu –sendsms text $CONTACTPAGER$
        }

define command{
        command_name    notify-service-by-sms
        command_line    /usr/bin/printf “%b” “Nagios Notification: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nTime: $LONGDATETIME$\n” | /usr/bin/gammu –sendsms text $CONTACTPAGER$
        }

7) ##################  Set up Contacts #################################

define contact{
    contact_name SMSUser
    alias SMS User
    service_notification_period 24×7
    host_notification_period 24×7
    service_notification_options w,u,c,r
    host_notification_options d,u,r
    service_notification_commands notify-service-by-email,notify-service-by-sms
    host_notification_commands notify-host-by-email,notify-host-by-sms
    email rassoulg@sbs.com.au
    pager 0413771358
}

8) ############# Add contacts and notifications to Objects ########################

define host{
        use                     linux-server            ; Name of host template to use
        host_name               nitrogen
        alias                   nitrogen
        address                 10.21.160.106
    contacts        SMSUser
    first_notification_delay    0
    notification_interval        30
    notification_period        24×7
        }

define service{
        use                             local-service         ; Name of service template to use
        host_name                       nitrogen
        service_description             PING
    check_command            check_ping!100.0,20%!500.0,60%
    contacts            SMSUser
    first_notification_delay    0
    notification_interval        30
    notification_period        24×7
        }

FTP Configuration and notes on Solaris

### ftp ##
FTP service on Solaris is:
wu-ftpd

To show the ftp service status:

svcs -l ftp

pkginfo -x | grep ftp
returns below:
ftpr (for root) and ftpu (for users)

SUNWftpu  – includes useful user packages
ftpcount  – dumps count of users per class
ftpwwho – return connected users & process information
ftpconfig – used to setup anonymous/guest FTP


SUNWftpr
/etc/ftpd  – contains most of the configuaration files
   – ftpaccess  – primary configuration file for wu-ftpd
   – ftphosts  – allow/deny access users from hosts
   – ftpservers – allows admin to define virtual hosts
   – ftpusers – users listed may NOT access the server via FTP
   – ftpconversions – faciliates tar, compress, gzip support

1. PORT – Active FTP
  – Client  -> TCP:21 (Server-Control-Conneciton)
  – Client executes ‘ls’ -> results in server initiating a conneciton back to the client usally on TCP:20(ftp-data)
2. PASV – Passive FTP
  – Client -> TCP:21(Server-Control-Connection)
  – Client executes ‘ls’ -> results in server opening a high-port and instructing the client to source(initiate) a connection to the server.
  – Client sources data connection to highport on server

# Guest users # won’t have access to the directories structure (e.g pwd doesn’t work on ftp)

To create a guest users you need to
1. Create a user with no shell
2. provide the home directory for him and give access
3. ftpconfig -d <homedirectory>   – this says directory is guest fdir
4. in the ftpaccess file add the below
guestuser  <guestusername>
5. reload the service

### Virtual hosts ###

wu-ftpd
1. Limited – relies upon primary config files /etc/ftpd {ftpaccess, ftpusers …}
Admin may define unique attaributes like banner, logfile, hostname, email,detinct IP address

2. Full – relies upon distinct config files in specified dirs
offers all in limited mode and also adds distinct config files
full-mode will use default config files in /etc/ftpd if the full virtual hosts instance is unable to find a distinct file.

### Limited virtual hosts configuration ###
/etc/ftpaccess
 virtual 192.168.1.51 root /var/ftp2
 virtual 192.168.1.51 hostname <virtualhostname>
 virtual 192.168.1.51 banner <banner>
 virtual 192.168.1.51 logfile /var/log/ftp2/xferlog
 virtual 192.168.1.51 allow unixcbt2

### Full virtual hosts configuration ###
/etc/ftpd/ftpservers
 #address <configuration_direction>
 192.168.1.51 /etc/ftpd/ftp2
 192.168.1.52 /etc/ftpd/ftp3

DNS Changer virus will break down your internet connectivity – Are you malware protected?!!


 



A known old malware called DNSChanger will block internet connectivity for lots of users on Monday 07/07/2012, and there’s a chance you could be one of them.

The FBI is shutting down domains that have been affected by the DNSChanger malware, which has been circulating the web since as far back as 2007. The malware redirected Internet traffic to sites with paid advertisements where cybercriminals reaped profit from unsuspecting visitors.

The trojan’s creators — six Estonian nationals — shut down their services when they were caught and arrested about eight months ago.

Although the FBI has been urging consumers for months to check if their systems have been affected by DNSChanger, about 275,000 computers are still at risk of not having Internet access on Monday, July 9.

The good news is that it’s easy to see if your system has been infected and fix it if needed. The DNS Changer Working Group (DCWG) launched a check tool — if you click on the link and the box is green, your computer is clean (If the box is red, your Internet will be dead).

Meanwhile, Symantec antivirus not only checks if you have the malware but it takes the challenging part out of manually updating Internet settings to correct the issue.

A list of other check tools are also listed on the official DNSChanger Check-up site.

Samba file sharing on Solaris

 
Joomla Hosting
 

Notes about Samba Client and Server on Solaris


### Samba client##

1. smbtree -network neighborhood text utility, enumerates workgroups, hosts, shares
smbtree -b   – relies upon broadcasts for resolutions workgroups/hosts
smbtree -D  – echoes discovered workgroups using broadcast/master browser
2. smbclient  – allows to connect to the share
smbclient service_name(//hostname/sharename)
smbclient -U username //hostname/sharename  – connect with username

smbclient -L servername  – enumerates the shares of the server
smbclient -A ./.smbpasswd //servername/sharename

.smbpasswd includes:
username=unixcbt
password=abc123

smbtar -faciliates backups of remote shares
smbtar -s servername -x sharename -t sharename.tar


### samba server ###

smbd  – files & print sharing
 SMB – TCP 139
 CIFS – TCP 445
nmbd – handles netbios names using primarily UDP connectivity
 UDP 137 & 138

/etc/passwd
/etc/sfw/smbpasswd  – handles translation of windows auth to unix
/etc/sfw/smbusers   – translation between unix & windows users

NFS Shares configuration on Solaris

### NFS ##


NFS components
1. NFS Client (mount, /etc/vfstab)
2. NFS Server
3. AutoFS

/etc/default/nfs   # default config for nfs

rpcinfo -p  # shows services related to nfs and ports
exportfs  # shows nfs shared directories

##to export edit /etc/exports onlinux and /etc/dfstab on Solaris
/tempnfs1   *(rw,no_root_squash)
/tempnfs2  192.168.1.50(rw,no_root_squash)

export -a   – will reread the /etc/exports file
and then
exportfs   – should show the shared folders

##on the remote machine to use nfs client and mount

mount -F nfs -o ro,vers=4 linuxcbtmedia1:/tempnfs1 /localfolder

## Change /etc/vfstab to make nfs share persistent

linuxcbtmedia1:/tempnfs1  –  /tempnfs1  nfs  –  yes   ro,vers=3

and mount -a


###NFS share on Solaris 
(server)

share -F nfs -d test_share /tempnfssun1

share  — will show if there is any share available

Put the same share command to /etc/dfstab to make it persistance

### AutoFS ###
Features:
1. provides just-in-time mounting of file system
2. Controlled by ‘automountd’ daemon
3. Managed via autofs service
4. Refrences map files to determine file systems to mount
5. Obviates need to distribute root password to non-privilege users

/etc/default/autofs  – contains configuration directoives for autofs

### AutoFS Maps ##
3 types
1. Master map  – /etc/auto_master
2. Direct map  – /etc/auto_direct
3. Indirect maps  – /etc/auto_*  – referenced from /etc/auto_master

### /etc/auto_master ###
/etc/auto_master is always read by autofs(automountd daemon)

/etc/nsswitch.conf will be used to find default location for automount

on auto_master

#mount_point    map_file    mount_options

/home           auto_home    -nobrowse

#### /etc/auto_home

#key          location(full NFS path)
unixcbt1     linuxcbtsun1:/export/home/unixcbt

ntp and time management and configuration on Solaris

 

### NTP ##


Hierarchical in design – 1 through 16 strata
Lower stratum values are more accurate time source
Stratum 1 servers are connected to external, more accurate time sources such as GPS

Obtaining clock from Stratum 1 time source will make us an Stratum 2 server for others.

Config file locaiton: /etc/inet

There are templates that can be copied on ntp.conf to use it in client or server mode
ls /etc/inet/ntp.*
ntp.conf
ntp.client  (need to specify “server a.b.c.d” in config file)
ntp.server


ntpq -p  #will reveal the ntp peers

svcadm enable ntp

ntpdate ntp_server # will do one time update with the ntp server(you can put the above command in cron to update the clock regulary, ntp daemon has to be off)

ntptrace  – traces path to external time source

ntpq -queries local or remote time source

Refer to www.ntp.org for more info about ntp.