Tugriceri Web Notes

Author Archive


StrongSwan and Android configs

by on Apr.27, 2013, under Linux, Security, StrongSwan

root@six #cat ipsec.conf

conn tugriceri.com
leftsubnet=0.0.0.0/0
left=209.208.63.204
leftcert=/cert/strongswan.pem
leftauth=pubkey
leftsendcert=yes
leftid=six.tugriceri.com
right=%any
rightid=%any
rightsourceip=10.0.5.0/24
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
auto=add

root@six #cat ipsec.secrets

# strongSwan IPsec secrets file
: RSA /cert/strongswan.key
six.tugriceri.com : RSA /cert/strongswan.key
testuser : EAP "secretpass"

root@six #cat openssl-req.cfg

[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no

[ v3_req ]

# Extensions to add to a certificate request

#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = "DNS:six.tugriceri.com,DNS:www.tugriceri.com,IP:209.208.63.204,DNS:tugriceri.com"
#subjectAltName = @alt_names

[alt_names]
DNS.1 = six.tugriceri.com
DNS.2 = www.tugriceri.com

[ req_distinguished_name ]
CN = six.tugriceri.com
GN = six.tugriceri.com
OU = Tugriceri.com
O = Tugriceri.com
L = Istanbul
ST = Istanbul
C = TR
emailAddress = root@tugriceri.com
subjectAltName = six.tugriceri.com

subjectAltName is importend point of configuration. Your certificate must be have this.

root@six #cat certyarat.sh

rm -f strongswan.req
rm -f strongswan.pem
openssl req -new -out strongswan.req -key strongswan.key -config openssl-req.cfg
openssl ca -batch -notext -in strongswan.req -out strongswan.pem -config ca.conf

root@six #cat showcert

openssl x509 -in strongswan.pem -text -noout
Command Output :
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:six.tugriceri.com, DNS:www.tugriceri.com, IP Address:209.208.63.204, DNS:tugriceri.com

root@six #cat ca.conf

[ ca ]
default_ca = tugricerica
[ tugricerica ]
copy_extensions = copy
#Removed lines

copy_extension must be in your ca.conf

Comments Off on StrongSwan and Android configs more...

zarafa Response data requested from bus but it doesn’t have any data

by on Nov.06, 2012, under Uncategorized

zarafa Response data requested from bus but it doesn’t have any data

check zarafa session directory. Directory must be writable with apache user. “/var/lib/zarafa-webapp/tmp/session/”

Comments Off on zarafa Response data requested from bus but it doesn’t have any data more...

libgcc_s.so.1 must be installed for pthread_cancel to work

by on Jul.30, 2012, under HTTP

If you are trying to use the chroot feature with a multithreaded Apache installation you may get the folllowing message “libgcc_s.so.1 must be installed for pthread_cancel to
work”. Add LoadFile /lib/libgcc_s.so.1 to your Apache configuration to fix this problem.

Comments Off on libgcc_s.so.1 must be installed for pthread_cancel to work more...

DRBD configuration with loop file

by on Jul.18, 2012, under DRBD

 dd if=/dev/zero of=disk1.raw bs=1073741824 count=20
 1009  losetup -f disk1.raw
 1010  losetup -a
 1012  stat /dev/loop0
fdisk /dev/loop0
# rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm

# vi /etc/yum.repos.d/elrepo.repo

enabled=0

# yum –enablerepo=elrepo install drbd83-utils kmod-drbd83

SRV1# cat /etc/drbd.conf
#
# please have a a look at the example configuration file in
# /usr/share/doc/drbd83/drbd.conf
#
global {
   minor-count 1;
   usage-count no; # Participate in DRBD’s online usage counter at http://usage.drbd.org
}

resource zenoss {
    protocol C;
    startup {
       wfc-timeout        30;
       degr-wfc-timeout   60;
    }
    disk {
       on-io-error detach;
       fencing resource-only; 
    }
    handlers {
       pri-on-incon-degr “echo o > /proc/sysrq-trigger ; halt -f”; # reboot the system after a connection fail
       pri-lost-after-sb “echo o > /proc/sysrq-trigger ; halt -f”;
       outdate-peer “/usr/lib/heartbeat/drbd-peer-outdater”; 
    }
    net {
       after-sb-0pri discard-least-changes; # Self healing if split brean
       after-sb-1pri call-pri-lost-after-sb;
       max-buffers 2048; # datablock buffers used before writing to disk.
       ko-count 4; # Peer is dead if this count is exceeded.
    }
    syncer {
       rate   12M;
       al-extents 257;
    }
    on SRV1 {
       device      /dev/drbd0;
       disk        /dev/loop0;
       address     192.168.1.1:7789;
       meta-disk   internal;
    }
    on SRV2 {
       device      /dev/drbd0;
       disk        /dev/loop0;
       address     192.168.1.2:7789;
       meta-disk   internal;
   }
}

SRV1# cat /proc/drbd
SRV1# drbdsetup /dev/drbd0 primary -o
SRV1# cat /proc/drbd
SRV1# mkfs -t ext3 /dev/drbd0
SRV1# mkdir /mnt/drbd
SRV1# mount /dev/drbd0 /mnt/drbd
SRV1# cp /var/log/maillog /mnt/drbd
SRV1# ls /mnt/drbd

SRV1# umount /mnt/drbd
SRV1# drbdadm secondary zenoss

SRV2# drbdadm primary zenoss
SRV2# mkdir /mnt/drbd
SRV2# mount /dev/drbd0 /mnt/drbd
SRV2# ls /mnt/drbd

Comments Off on DRBD configuration with loop file : more...

PHP 5.4 memcache

by on Jul.03, 2012, under PHP

In file included from /usr/local/memcache-3.0.6/memcache.c:30:
/usr/local/memcache-3.0.6/php_memcache.h:75:1: warning: “IS_CALLABLE” redefined
In file included from /usr/local/php/include/php/main/php.h:34,
                 from /usr/local/memcache-3.0.6/memcache.c:26:
/usr/local/php/include/php/Zend/zend.h:576:1: warning: this is the location of the previous definition
/usr/local/memcache-3.0.6/memcache.c: In function ‘mmc_find_persistent’:
/usr/local/memcache-3.0.6/memcache.c:721: error: too few arguments to function ‘zend_list_insert’
/usr/local/memcache-3.0.6/memcache.c:738: error: too few arguments to function ‘zend_list_insert’
/usr/local/memcache-3.0.6/memcache.c: In function ‘php_mmc_pool_addserver’:
/usr/local/memcache-3.0.6/memcache.c:778: error: too few arguments to function ‘zend_list_insert’
/usr/local/memcache-3.0.6/memcache.c: In function ‘php_mmc_connect’:
/usr/local/memcache-3.0.6/memcache.c:839: error: too few arguments to function ‘zend_list_insert’
make: *** [memcache.lo] Error 1

https://407441.bugs.gentoo.org/attachment.cgi?id=304865

Comments Off on PHP 5.4 memcache : more...

DSMC backup

by on May.29, 2012, under Uncategorized

dsmc incremental /mnt/DB -subdir=yes

Comments Off on DSMC backup more...

by on Apr.16, 2012, under Aa_Protected_image

image

Comments Off on more...

by on Apr.16, 2012, under Protected

image

Comments Off on more...

testss

by on Apr.16, 2012, under Protected

tesstt

Comments Off on testss more...

Resize LV 2

by on Apr.16, 2012, under LVM

e2fsck -f /dev/mapper/VGeva-datavol0
fdisk /dev/mpath4 #Delete partition and then add again
pvresize /dev/mapper/mpath4p1
lvextend -r -L749.9G /dev/mapper/VGeva-datavol0

Comments Off on Resize LV 2 more...

NFSEN SELinux Permission

by on Mar.06, 2012, under SELinux

Summary:

SELinux is preventing /usr/sbin/httpd from using potentially mislabeled files
/var/local/nfsen/var/run/nfsen.comm.

Detailed Description:

SELinux has denied the httpd access to potentially mislabeled files
/var/local/nfsen/var/run/nfsen.comm. This means that SELinux will not allow
httpd to use these files. If httpd should be allowed this access to these files
you should change the file context to one of the following types,
lsassd_var_socket_t, abrt_var_run_t, httpd_tmpfs_t, setrans_var_run_t,
avahi_var_run_t, mysqld_var_run_t, httpd_var_run_t, nscd_var_run_t,
nslcd_var_run_t, slapd_var_run_t, sssd_var_lib_t, mysqld_db_t,
system_dbusd_var_run_t, postgresql_var_run_t, winbind_var_run_t,
postgresql_tmp_t, devlog_t, httpd_cobbler_rw_content_t,
httpd_munin_rw_content_t, httpd_bugzilla_rw_content_t, httpd_cvs_rw_content_t,
httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t,
httpd_nutups_cgi_rw_content_t, httpd_squid_rw_content_t, nscd_var_run_t,
pcscd_var_run_t, httpd_smokeping_cgi_rw_content_t,
httpd_apcupsd_cgi_rw_content_t, httpd_prewikka_rw_content_t,
httpd_awstats_rw_content_t, httpd_w3c_validator_rw_content_t,
httpd_user_rw_content_t. Many third party apps install html files in directories
that SELinux policy cannot predict. These directories have to be labeled with a
file context which httpd can access.

Allowing Access:

If you want to change the file context of /var/local/nfsen/var/run/nfsen.comm so
that the httpd daemon can access it, you need to execute it using semanage
fcontext -a -t FILE_TYPE ‘/var/local/nfsen/var/run/nfsen.comm’.
where FILE_TYPE is one of the following: lsassd_var_socket_t, abrt_var_run_t,
httpd_tmpfs_t, setrans_var_run_t, avahi_var_run_t, mysqld_var_run_t,
httpd_var_run_t, nscd_var_run_t, nslcd_var_run_t, slapd_var_run_t,
sssd_var_lib_t, mysqld_db_t, system_dbusd_var_run_t, postgresql_var_run_t,
winbind_var_run_t, postgresql_tmp_t, devlog_t, httpd_cobbler_rw_content_t,
httpd_munin_rw_content_t, httpd_bugzilla_rw_content_t, httpd_cvs_rw_content_t,
httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t,
httpd_nutups_cgi_rw_content_t, httpd_squid_rw_content_t, nscd_var_run_t,
pcscd_var_run_t, httpd_smokeping_cgi_rw_content_t,
httpd_apcupsd_cgi_rw_content_t, httpd_prewikka_rw_content_t,
httpd_awstats_rw_content_t, httpd_w3c_validator_rw_content_t,
httpd_user_rw_content_t. You can look at the httpd_selinux man page for
additional information.

Additional Information:

Source Context                unconfined_u:system_r:httpd_t:s0
Target Context                system_u:object_r:var_t:s0
Target Objects                /var/local/nfsen/var/run/nfsen.comm [ sock_file ]
Source                        httpd
Source Path                   /usr/sbin/httpd
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           httpd-2.2.15-5.el6.centos
Target RPM Packages          
Policy RPM                    selinux-policy-3.7.19-54.el6_0.5
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   httpd_bad_labels
Host Name                     csn.tugriceri.com
Platform                      Linux csn.tugriceri.com
                              2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27
                              19:49:27 BST 2011 x86_64 x86_64
Alert Count                   8
First Seen                    Tue Mar  6 14:02:04 2012
Last Seen                     Tue Mar  6 14:38:35 2012
Local ID                      8433f07d-91df-46a0-ba75-5228a1a1180a
Line Numbers                  7, 8, 43, 44, 75, 76, 87, 88, 119, 120, 155, 156,
                              251, 252, 257, 258

Raw Audit Messages           

type=AVC msg=audit(1331037515.880:4652026): avc:  denied  { write } for  pid=4402 comm=”httpd” name=”nfsen.comm” dev=dm-2 ino=23992283 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=sock_file

type=SYSCALL msg=audit(1331037515.880:4652026): arch=c000003e syscall=42 success=no exit=-13 a0=1a a1=7fffd0623350 a2=25 a3=632e6e6573666e2f items=0 ppid=4398 pid=4402 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=236800 comm=”httpd” exe=”/usr/sbin/httpd” subj=unconfined_u:system_r:httpd_t:s0 key=(null)

[root@legion ~]# grep httpd /var/log/audit/audit.log | audit2allow -M tugriceri_http
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i tugriceri_http.pp

Comments Off on NFSEN SELinux Permission more...

Failed to open “/var/lib/dbus/machine-id”

by on Mar.06, 2012, under Uncategorized

process 16780: D-Bus library appears to be incorrectly set up; failed to read machine uuid: Failed to open “/var/lib/dbus/machine-id”: No such file or directory
See the manual page for dbus-uuidgen to correct this issue.
  D-Bus not built with -rdynamic so unable to print a backtrace
Aborted

dbus-uuidgen > /var/lib/dbus/machine-id
Comments Off on Failed to open “/var/lib/dbus/machine-id” more...

TestDisk 6.12, Data Recovery Utility, May

by on Jan.02, 2012, under Uncategorized

TestDisk 6.12, Data Recovery Utility, May 2011                                                                                                                                           
Christophe GRENIER <grenier@cgsecurity.org>                                                                                                                                              
http://www.cgsecurity.org                                                                                                                                                                
                                                                                                                                                                                         
                                                                                                                                                                                         
TestDisk is free data recovery software designed to help recover lost                                                                                                                    
partitions and/or make non-booting disks bootable again when these symptoms                                                                                                              
are caused by faulty software, certain types of viruses or human error.                                                                                                                  
It can also be used to repair some filesystem errors.                                                                                                                                    
                                                                                                                                                                                         
Information gathered during TestDisk use can be recorded for later                                                                                                                       
review. If you choose to create the text file, testdisk.log , it                                                                                                                         
will contain TestDisk options, technical information and various                                                                                                                         
outputs; including any folder/file names TestDisk was used to find and                                                                                                                   
list onscreen.                                                                                                                                                                           
                                                                                                                                                                                         
Use arrow keys to select, then press Enter key:                                                                                                                                          
>[ Create ] Create a new log file                                                                                                                                                        
 [ Append ] Append information to log file                                                                                                                                               
 [ No Log ] Don’t record anything

Comments Off on TestDisk 6.12, Data Recovery Utility, May more...

Laptop Screen Brightness set via terminal

by on Jan.02, 2012, under Uncategorized

echo 24 > /sys/class/backlight/acpi_video0/brightness

Comments Off on Laptop Screen Brightness set via terminal more...

android system and / remount

by on Jan.02, 2012, under Uncategorized

 mount -o remount,ro -t yaffs2 /dev/block/stl9 /system
 mount -o remount,rw -t yaffs2 /dev/block/stl9 /system

mount -o rw,remount -t rootfs /
mount -o ro,remount -t rootfs /

Comments Off on android system and / remount more...

telnet to android

by on Jan.02, 2012, under Uncategorized

/system/xbin/telnetd -l /system/xbin/sh

Comments Off on telnet to android : more...

SELinux Tftp permission

by on Nov.28, 2011, under Uncategorized

chcon -t tftpdir_rw_t /tftproot/*

Comments Off on SELinux Tftp permission more...

SELinux FTP Home dir write permission

by on Oct.07, 2011, under Linux, Security, SELinux

Connected to 127.0.0.1.
220 (vsFTPd 2.2.2)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): test1
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/var/ftp/test1
Login failed.
ftp> quit

[root@legion mnt]# getsebool ftp_home_dir
ftp_home_dir –> off
[root@legion mnt]# setsebool -P ftp_home_dir 1
[root@legion mnt]# getsebool ftp_home_dir
ftp_home_dir –> on

Comments Off on SELinux FTP Home dir write permission : more...

tacacs+ compile error

by on Oct.04, 2011, under Linux

if you are getting this error when compiling tacacs+ , you should compile with –enable-maxsess option.

gcc -DHAVE_CONFIG_H -I.   -I/usr/local/include  -g -O2 -pthread    -MT maxsessint.o -MD -MP -MF .deps/maxsessint.Tpo -c -o maxsessint.o maxsessint.c
maxsessint.c: In function ‘maxsess_check_count’:
maxsessint.c:60: error: ‘S_maxsess’ undeclared (first use in this function)
maxsessint.c:60: error: (Each undeclared identifier is reported only once
maxsessint.c:60: error: for each function it appears in.)
gmake[1]: *** [maxsessint.o] Error 1
gmake[1]: Leaving directory `/usr/local/tacacs+-F5.0.0a1′
make: *** [all] Error 2

./configure –sysconfdir=/etc –enable-maxsess

Comments Off on tacacs+ compile error more...

gnokii sms read from Huawei Mobile Connect Express E800

by on Aug.26, 2011, under Uncategorized

[root@etugriceri ~]# gnokii –showsmsfolderstatus
GNOKII Version 0.6.29
No. Name                                         Id #Msg
========================================================
  0 Internal memory                              ME    1
  1 Combined ME and SIM phonebook                MT    1
  2 SIM card                                     SM    4
  3 SMS Status Reports                           SR    4

[root@etugriceri ~]# gnokii –getsms SM 1 end
GNOKII Version 0.6.29
1. Inbox Message (Read)

Comments Off on gnokii sms read from Huawei Mobile Connect Express E800 more...

Convert wav file Cisco Contact Center Express with ffmeg

by on Aug.19, 2011, under Cisco

ffmpeg -i Sound1.wav -acodec pcm_mulaw -ar 8000 -ac 1 -ab 16 Sound1a.wav

Comments Off on Convert wav file Cisco Contact Center Express with ffmeg more...

ZFS deduplication test on Fedora 15 Linux

by on Jun.18, 2011, under Linux, ZFS

I  recently tested ZFS deduplication test on Fedora 15 Linux.
This is my test script. I tested only text file. For final report, other file format tests is unnecessary.

[root@etugriceri fast]# du -ch 0/textfile
6.5K    0/textfile
6.5K    total

[root@etugriceri fast]# zpool list dimmpool
NAME       SIZE  ALLOC   FREE    CAP  DEDUP  HEALTH  ALTROOT
dimmpool   294M   262M  31.8M    89%  1.89x  ONLINE

[root@etugriceri fast]# cat ded.sh

a=”1″

while [ $a -lt “1000” ];
do
mkdir $a
let b=$a-1
cp $b/textfile $a
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile

let a=$a+1
done

#####

[root@etugriceri fast]# zpool list dimmpool
NAME       SIZE  ALLOC   FREE    CAP  DEDUP  HEALTH  ALTROOT
dimmpool   294M   132M   162M    45%  1.00x  ONLINE  –

[root@etugriceri fast]# cat ded.sh

a=”1″

while [ $a -lt “10000” ];
do
mkdir $a
let b=$a-1
cp 0/textfile $a
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile
cat 0/textfile >> $a/textfile
let a=$a+1
done

Comments Off on ZFS deduplication test on Fedora 15 Linux : more...

Deny user for remote login

by on Jun.06, 2011, under Linux, Security

sudo vi /etc/security/access.conf

-:root:ALL EXCEPT LOCAL

Comments Off on Deny user for remote login more...

decrypt private key

by on Mar.26, 2011, under Uncategorized

openssl rsa -in MYKEY.key >> MYKEY-NOCRYPT.key

Comments Off on decrypt private key more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...