recover files with linux tools
by Emre Tugriceri on Jul.16, 2015, under Forensic, Linux, Recovery
dd
https://en.wikipedia.org/wiki/Dd_%28Unix%29
dd_rescue
http://www.garloff.de/kurt/linux/ddrescue/
PhotoRec
http://www.cgsecurity.org/wiki/PhotoRec
Foremost
http://foremost.sourceforge.net/
MagicRescue
http://www.itu.dk/people/jobr/magicrescue/
RecoverJpeg
http://www.rfc1149.net/devel/recoverjpeg.html
StrongSwan and Android configs
by Emre Tugriceri on Apr.27, 2013, under Linux, Security, StrongSwan
root@six #cat ipsec.conf
conn tugriceri.com
leftsubnet=0.0.0.0/0
left=209.208.63.204
leftcert=/cert/strongswan.pem
leftauth=pubkey
leftsendcert=yes
leftid=six.tugriceri.com
right=%any
rightid=%any
rightsourceip=10.0.5.0/24
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
auto=add
root@six #cat ipsec.secrets
# strongSwan IPsec secrets file
: RSA /cert/strongswan.key
six.tugriceri.com : RSA /cert/strongswan.key
testuser : EAP "secretpass"
root@six #cat openssl-req.cfg
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no
[ v3_req ]
# Extensions to add to a certificate request
#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = "DNS:six.tugriceri.com,DNS:www.tugriceri.com,IP:209.208.63.204,DNS:tugriceri.com"
#subjectAltName = @alt_names
[alt_names]
DNS.1 = six.tugriceri.com
DNS.2 = www.tugriceri.com
[ req_distinguished_name ]
CN = six.tugriceri.com
GN = six.tugriceri.com
OU = Tugriceri.com
O = Tugriceri.com
L = Istanbul
ST = Istanbul
C = TR
emailAddress = root@tugriceri.com
subjectAltName = six.tugriceri.com
subjectAltName is importend point of configuration. Your certificate must be have this.
root@six #cat certyarat.sh
rm -f strongswan.req
rm -f strongswan.pem
openssl req -new -out strongswan.req -key strongswan.key -config openssl-req.cfg
openssl ca -batch -notext -in strongswan.req -out strongswan.pem -config ca.conf
root@six #cat showcert
openssl x509 -in strongswan.pem -text -noout
Command Output :
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:six.tugriceri.com, DNS:www.tugriceri.com, IP Address:209.208.63.204, DNS:tugriceri.com
root@six #cat ca.conf
[ ca ]
default_ca = tugricerica
[ tugricerica ]
copy_extensions = copy
#Removed lines
copy_extension must be in your ca.conf
zarafa Response data requested from bus but it doesn’t have any data
by Emre Tugriceri on Nov.06, 2012, under Uncategorized
zarafa Response data requested from bus but it doesn’t have any data
check zarafa session directory. Directory must be writable with apache user. “/var/lib/zarafa-webapp/tmp/session/”

libgcc_s.so.1 must be installed for pthread_cancel to work
by Emre Tugriceri on Jul.30, 2012, under HTTP
If you are trying to use the chroot feature with a multithreaded Apache installation you may get the folllowing message “libgcc_s.so.1 must be installed for pthread_cancel to
work”. Add LoadFile /lib/libgcc_s.so.1
to your Apache configuration to fix this problem.

DRBD configuration with loop file
by Emre Tugriceri on Jul.18, 2012, under DRBD
dd if=/dev/zero of=disk1.raw bs=1073741824 count=20
1009 losetup -f disk1.raw
1010 losetup -a
1012 stat /dev/loop0
fdisk /dev/loop0
# rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm
# vi /etc/yum.repos.d/elrepo.repo
enabled=0
# yum –enablerepo=elrepo install drbd83-utils kmod-drbd83
SRV1# cat /etc/drbd.conf
#
# please have a a look at the example configuration file in
# /usr/share/doc/drbd83/drbd.conf
#
global {
minor-count 1;
usage-count no; # Participate in DRBD’s online usage counter at http://usage.drbd.org
}
resource zenoss {
protocol C;
startup {
wfc-timeout 30;
degr-wfc-timeout 60;
}
disk {
on-io-error detach;
fencing resource-only;
}
handlers {
pri-on-incon-degr “echo o > /proc/sysrq-trigger ; halt -f”; # reboot the system after a connection fail
pri-lost-after-sb “echo o > /proc/sysrq-trigger ; halt -f”;
outdate-peer “/usr/lib/heartbeat/drbd-peer-outdater”;
}
net {
after-sb-0pri discard-least-changes; # Self healing if split brean
after-sb-1pri call-pri-lost-after-sb;
max-buffers 2048; # datablock buffers used before writing to disk.
ko-count 4; # Peer is dead if this count is exceeded.
}
syncer {
rate 12M;
al-extents 257;
}
on SRV1 {
device /dev/drbd0;
disk /dev/loop0;
address 192.168.1.1:7789;
meta-disk internal;
}
on SRV2 {
device /dev/drbd0;
disk /dev/loop0;
address 192.168.1.2:7789;
meta-disk internal;
}
}
SRV1# cat /proc/drbd
SRV1# drbdsetup /dev/drbd0 primary -o
SRV1# cat /proc/drbd
SRV1# mkfs -t ext3 /dev/drbd0
SRV1# mkdir /mnt/drbd
SRV1# mount /dev/drbd0 /mnt/drbd
SRV1# cp /var/log/maillog /mnt/drbd
SRV1# ls /mnt/drbd
SRV1# umount /mnt/drbd
SRV1# drbdadm secondary zenoss
SRV2# drbdadm primary zenoss
SRV2# mkdir /mnt/drbd
SRV2# mount /dev/drbd0 /mnt/drbd
SRV2# ls /mnt/drbd

PHP 5.4 memcache
by Emre Tugriceri on Jul.03, 2012, under PHP
In file included from /usr/local/memcache-3.0.6/memcache.c:30:
/usr/local/memcache-3.0.6/php_memcache.h:75:1: warning: “IS_CALLABLE” redefined
In file included from /usr/local/php/include/php/main/php.h:34,
from /usr/local/memcache-3.0.6/memcache.c:26:
/usr/local/php/include/php/Zend/zend.h:576:1: warning: this is the location of the previous definition
/usr/local/memcache-3.0.6/memcache.c: In function ‘mmc_find_persistent’:
/usr/local/memcache-3.0.6/memcache.c:721: error: too few arguments to function ‘zend_list_insert’
/usr/local/memcache-3.0.6/memcache.c:738: error: too few arguments to function ‘zend_list_insert’
/usr/local/memcache-3.0.6/memcache.c: In function ‘php_mmc_pool_addserver’:
/usr/local/memcache-3.0.6/memcache.c:778: error: too few arguments to function ‘zend_list_insert’
/usr/local/memcache-3.0.6/memcache.c: In function ‘php_mmc_connect’:
/usr/local/memcache-3.0.6/memcache.c:839: error: too few arguments to function ‘zend_list_insert’
make: *** [memcache.lo] Error 1
https://407441.bugs.gentoo.org/attachment.cgi?id=304865
DSMC backup
by Emre Tugriceri on May.29, 2012, under Uncategorized
dsmc incremental /mnt/DB -subdir=yes

Resize LV 2
by Emre Tugriceri on Apr.16, 2012, under LVM
e2fsck -f /dev/mapper/VGeva-datavol0
fdisk /dev/mpath4 #Delete partition and then add again
pvresize /dev/mapper/mpath4p1
lvextend -r -L749.9G /dev/mapper/VGeva-datavol0

NFSEN SELinux Permission
by Emre Tugriceri on Mar.06, 2012, under SELinux
Summary:
SELinux is preventing /usr/sbin/httpd from using potentially mislabeled files
/var/local/nfsen/var/run/nfsen.comm.
Detailed Description:
SELinux has denied the httpd access to potentially mislabeled files
/var/local/nfsen/var/run/nfsen.comm. This means that SELinux will not allow
httpd to use these files. If httpd should be allowed this access to these files
you should change the file context to one of the following types,
lsassd_var_socket_t, abrt_var_run_t, httpd_tmpfs_t, setrans_var_run_t,
avahi_var_run_t, mysqld_var_run_t, httpd_var_run_t, nscd_var_run_t,
nslcd_var_run_t, slapd_var_run_t, sssd_var_lib_t, mysqld_db_t,
system_dbusd_var_run_t, postgresql_var_run_t, winbind_var_run_t,
postgresql_tmp_t, devlog_t, httpd_cobbler_rw_content_t,
httpd_munin_rw_content_t, httpd_bugzilla_rw_content_t, httpd_cvs_rw_content_t,
httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t,
httpd_nutups_cgi_rw_content_t, httpd_squid_rw_content_t, nscd_var_run_t,
pcscd_var_run_t, httpd_smokeping_cgi_rw_content_t,
httpd_apcupsd_cgi_rw_content_t, httpd_prewikka_rw_content_t,
httpd_awstats_rw_content_t, httpd_w3c_validator_rw_content_t,
httpd_user_rw_content_t. Many third party apps install html files in directories
that SELinux policy cannot predict. These directories have to be labeled with a
file context which httpd can access.
Allowing Access:
If you want to change the file context of /var/local/nfsen/var/run/nfsen.comm so
that the httpd daemon can access it, you need to execute it using semanage
fcontext -a -t FILE_TYPE ‘/var/local/nfsen/var/run/nfsen.comm’.
where FILE_TYPE is one of the following: lsassd_var_socket_t, abrt_var_run_t,
httpd_tmpfs_t, setrans_var_run_t, avahi_var_run_t, mysqld_var_run_t,
httpd_var_run_t, nscd_var_run_t, nslcd_var_run_t, slapd_var_run_t,
sssd_var_lib_t, mysqld_db_t, system_dbusd_var_run_t, postgresql_var_run_t,
winbind_var_run_t, postgresql_tmp_t, devlog_t, httpd_cobbler_rw_content_t,
httpd_munin_rw_content_t, httpd_bugzilla_rw_content_t, httpd_cvs_rw_content_t,
httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t,
httpd_nutups_cgi_rw_content_t, httpd_squid_rw_content_t, nscd_var_run_t,
pcscd_var_run_t, httpd_smokeping_cgi_rw_content_t,
httpd_apcupsd_cgi_rw_content_t, httpd_prewikka_rw_content_t,
httpd_awstats_rw_content_t, httpd_w3c_validator_rw_content_t,
httpd_user_rw_content_t. You can look at the httpd_selinux man page for
additional information.
Additional Information:
Source Context unconfined_u:system_r:httpd_t:s0
Target Context system_u:object_r:var_t:s0
Target Objects /var/local/nfsen/var/run/nfsen.comm [ sock_file ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host <Unknown>
Source RPM Packages httpd-2.2.15-5.el6.centos
Target RPM Packages
Policy RPM selinux-policy-3.7.19-54.el6_0.5
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name httpd_bad_labels
Host Name csn.tugriceri.com
Platform Linux csn.tugriceri.com
2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27
19:49:27 BST 2011 x86_64 x86_64
Alert Count 8
First Seen Tue Mar 6 14:02:04 2012
Last Seen Tue Mar 6 14:38:35 2012
Local ID 8433f07d-91df-46a0-ba75-5228a1a1180a
Line Numbers 7, 8, 43, 44, 75, 76, 87, 88, 119, 120, 155, 156,
251, 252, 257, 258
Raw Audit Messages
type=AVC msg=audit(1331037515.880:4652026): avc: denied { write } for pid=4402 comm=”httpd” name=”nfsen.comm” dev=dm-2 ino=23992283 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1331037515.880:4652026): arch=c000003e syscall=42 success=no exit=-13 a0=1a a1=7fffd0623350 a2=25 a3=632e6e6573666e2f items=0 ppid=4398 pid=4402 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=236800 comm=”httpd” exe=”/usr/sbin/httpd” subj=unconfined_u:system_r:httpd_t:s0 key=(null)
[root@legion ~]# grep httpd /var/log/audit/audit.log | audit2allow -M tugriceri_http
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i tugriceri_http.pp

Failed to open “/var/lib/dbus/machine-id”
by Emre Tugriceri on Mar.06, 2012, under Uncategorized
process 16780: D-Bus library appears to be incorrectly set up; failed to read machine uuid: Failed to open “/var/lib/dbus/machine-id”: No such file or directory
See the manual page for dbus-uuidgen to correct this issue.
D-Bus not built with -rdynamic so unable to print a backtrace
Aborted

TestDisk 6.12, Data Recovery Utility, May
by Emre Tugriceri on Jan.02, 2012, under Uncategorized
TestDisk 6.12, Data Recovery Utility, May 2011
Christophe GRENIER <grenier@cgsecurity.org>
http://www.cgsecurity.org
TestDisk is free data recovery software designed to help recover lost
partitions and/or make non-booting disks bootable again when these symptoms
are caused by faulty software, certain types of viruses or human error.
It can also be used to repair some filesystem errors.
Information gathered during TestDisk use can be recorded for later
review. If you choose to create the text file, testdisk.log , it
will contain TestDisk options, technical information and various
outputs; including any folder/file names TestDisk was used to find and
list onscreen.
Use arrow keys to select, then press Enter key:
>[ Create ] Create a new log file
[ Append ] Append information to log file
[ No Log ] Don’t record anything

Laptop Screen Brightness set via terminal
by Emre Tugriceri on Jan.02, 2012, under Uncategorized
echo 24 > /sys/class/backlight/acpi_video0/brightness

android system and / remount
by Emre Tugriceri on Jan.02, 2012, under Uncategorized
mount -o remount,ro -t yaffs2 /dev/block/stl9 /system
mount -o remount,rw -t yaffs2 /dev/block/stl9 /system
mount -o rw,remount -t rootfs /
mount -o ro,remount -t rootfs /

telnet to android
by Emre Tugriceri on Jan.02, 2012, under Uncategorized
/system/xbin/telnetd -l /system/xbin/sh

SELinux Tftp permission
by Emre Tugriceri on Nov.28, 2011, under Uncategorized
chcon -t tftpdir_rw_t /tftproot/*

SELinux FTP Home dir write permission
by Emre Tugriceri on Oct.07, 2011, under Linux, Security, SELinux
Connected to 127.0.0.1.
220 (vsFTPd 2.2.2)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): test1
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/var/ftp/test1
Login failed.
ftp> quit
[root@legion mnt]# getsebool ftp_home_dir
ftp_home_dir –> off
[root@legion mnt]# setsebool -P ftp_home_dir 1
[root@legion mnt]# getsebool ftp_home_dir
ftp_home_dir –> on

tacacs+ compile error
by Emre Tugriceri on Oct.04, 2011, under Linux
if you are getting this error when compiling tacacs+ , you should compile with –enable-maxsess option.
gcc -DHAVE_CONFIG_H -I. -I/usr/local/include -g -O2 -pthread -MT maxsessint.o -MD -MP -MF .deps/maxsessint.Tpo -c -o maxsessint.o maxsessint.c
maxsessint.c: In function ‘maxsess_check_count’:
maxsessint.c:60: error: ‘S_maxsess’ undeclared (first use in this function)
maxsessint.c:60: error: (Each undeclared identifier is reported only once
maxsessint.c:60: error: for each function it appears in.)
gmake[1]: *** [maxsessint.o] Error 1
gmake[1]: Leaving directory `/usr/local/tacacs+-F5.0.0a1′
make: *** [all] Error 2
./configure –sysconfdir=/etc –enable-maxsess

gnokii sms read from Huawei Mobile Connect Express E800
by Emre Tugriceri on Aug.26, 2011, under Uncategorized
[root@etugriceri ~]# gnokii –showsmsfolderstatus
GNOKII Version 0.6.29
No. Name Id #Msg
========================================================
0 Internal memory ME 1
1 Combined ME and SIM phonebook MT 1
2 SIM card SM 4
3 SMS Status Reports SR 4
[root@etugriceri ~]# gnokii –getsms SM 1 end
GNOKII Version 0.6.29
1. Inbox Message (Read)

Convert wav file Cisco Contact Center Express with ffmeg
by Emre Tugriceri on Aug.19, 2011, under Cisco
ffmpeg -i Sound1.wav -acodec pcm_mulaw -ar 8000 -ac 1 -ab 16 Sound1a.wav

ZFS deduplication test on Fedora 15 Linux
by Emre Tugriceri on Jun.18, 2011, under Linux, ZFS
I recently tested ZFS deduplication test on Fedora 15 Linux.
This is my test script. I tested only text file. For final report, other file format tests is unnecessary.
[root@etugriceri fast]# du -ch 0/textfile
6.5K 0/textfile
6.5K total
[root@etugriceri fast]# zpool list dimmpool
NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT
dimmpool 294M 262M 31.8M 89% 1.89x ONLINE
[root@etugriceri fast]# cat ded.sh
a=”1″
while [ $a -lt “1000” ];
do
mkdir $a
let b=$a-1
cp $b/textfile $a
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile
let a=$a+1
done
#####
[root@etugriceri fast]# zpool list dimmpool
NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT
dimmpool 294M 132M 162M 45% 1.00x ONLINE –
[root@etugriceri fast]# cat ded.sh
a=”1″
while [ $a -lt “10000” ];
do
mkdir $a
let b=$a-1
cp 0/textfile $a
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile
cat 0/textfile >> $a/textfile
let a=$a+1
done

Deny user for remote login
by Emre Tugriceri on Jun.06, 2011, under Linux, Security
sudo vi /etc/security/access.conf
-:root:ALL EXCEPT LOCAL

decrypt private key
by Emre Tugriceri on Mar.26, 2011, under Uncategorized
openssl rsa -in MYKEY.key >> MYKEY-NOCRYPT.key

Yum Proxy settings
by Emre Tugriceri on Mar.26, 2011, under Linux, Yum
[root@localhost ~]# vi /etc/yum.conf
- proxy=http://10.129.0.23:8080
- http_proxy=http://10.129.0.23:8080
[root@localhost ~]# declare -x ftp_proxy=”http://10.129.0.23:8080″
[root@localhost ~]# declare -x http_proxy=”10.129.0.23:8080″

Corrupted RPM database
by Emre Tugriceri on Feb.26, 2011, under Linux
1019 rm -f /var/lib/rpm/__db*
1020 rpm -vv –rebuilddb

Get Cisco router interface index numbers
by Emre Tugriceri on Feb.16, 2011, under Cisco
show snmp mib ifmib ifindex
