Author Archive
SSL Weak Cipher and SSLv2 tests
by Emre Tugriceri on Jan.22, 2011, under Security
echo ‘GET HTTP/1.0’ | openssl s_client -ssl3 -cipher LOW -connect www.tugriceri.com:443
echo ‘GET HTTP/1.0’ | openssl s_client -ssl2 -cipher LOW -connect www.tugriceri.com:443
echo ‘GET HTTP/1.0’ | openssl s_client -ssl2 -connect www.tugriceri.com:443
Hide Apache version
by Emre Tugriceri on Jan.21, 2011, under HTTP, Linux
vi httpd.confServerSignature Off
ServerTokens Prod
apachectl restart
LVM Create
by Emre Tugriceri on Jan.21, 2011, under Linux, LVM
1031 dmsetup ls –tree
1040 dmsetup remove /dev/dm-11 (silinen partition ın dmden kalkmaması sebebi ile)
1041 fdisk -l
1044 pvcreate /dev/mapper/mpath11
1045 pvdisplay
1046 vgcreate VolGroupBackup /dev/mapper/mpath11
1047 pvdisplay
1048 vgdisplay
1049 lvcreate -L 699.99G VolGroupBackup lvBackup
1050 lvcreate -L 699.99G VolGroupBackup -n lvBackup
1051 lvdisplay
1052 ls /dev/VolGroupBackup/lvBackup
1053 ls /dev/mapper/
1054 mkfs.ext3 /dev/mapper/VolGroupBackup-lvBackup
1058 mount
1059 mount /dev/mapper/VolGroupBackup-lvBackup /mnt/backup/
Socket proxy with ssh
by Emre Tugriceri on Dec.26, 2010, under Shell, SSH
ssh -D 7200 root@hostname
Find WWN’s of HBA
by Emre Tugriceri on Dec.24, 2010, under Linux
systool -av -c fc_host
uvscan process is too slow
by Emre Tugriceri on Nov.26, 2010, under Antivirus, Security
# time uvscan –version
McAfee VirusScan Command Line for Linux64 Version: 6.0.3.356
Copyright (C) 2010 McAfee, Inc.
(408) 988-3832 LICENSED COPY – November 26 2010
AV Engine version: 5400.1158 for Linux64.
Dat set version: 5985 created May 17 2010
Scanning for 619012 viruses, trojans and variants.
real 0m9.501s
user 0m9.365s
sys 0m0.132s
# uvscan –decompress
McAfee VirusScan Command Line for Linux64 Version: 6.0.3.356
Copyright (C) 2010 McAfee, Inc.
(408) 988-3832 LICENSED COPY – November 26 2010
AV Engine version: 5400.1158 for Linux64.
Dat set version: 5985 created May 17 2010
Scanning for 619012 viruses, trojans and variants.
This program is more than 5 months old. New viruses come out all the
time – we would suggest that you upgrade your copy.
Time: 00:00.00
# time uvscan –version
McAfee VirusScan Command Line for Linux64 Version: 6.0.3.356
Copyright (C) 2010 McAfee, Inc.
(408) 988-3832 LICENSED COPY – November 26 2010
AV Engine version: 5400.1158 for Linux64.
Dat set version: 5985 created May 17 2010
Scanning for 619012 viruses, trojans and variants.
real 0m2.801s
user 0m2.664s
sys 0m0.135s
Mysql Connection limit
by Emre Tugriceri on Oct.04, 2010, under Mysql
SET GLOBAL max_connections = 200;
w32 rediscover
by Emre Tugriceri on Sep.15, 2010, under Windows
w32tm /resync /rediscover
Text file download from apache
by Emre Tugriceri on Sep.02, 2010, under HTTP
<Files *.txt>
ForceType application/octet-stream
Header set Content-Disposition attachment
</Files>
Multipath – Volume Groups
by Emre Tugriceri on Jul.26, 2010, under Linux
Multipath in SAN den diskleri hatalı gormesi sebebi ile volume gruplarda problem oluyor. Diskleri düzgün görmesi için config i flush layıp tekrardan dm leri oluşturmalı ve volume groupları tekrar enable etmeliyiz.
/sbin/multipath -F
/sbin/multipath
/sbin/vgchange -a y
mount /dev/vg0/lvol0 /mnt/data
crt to der
by Emre Tugriceri on Apr.30, 2010, under Security
openssl x509 -in auth_tugriceri_com.crt -out auth_tugriceri_com.der -outform DER
openssl rsa -in www_tugriceri_com.key -outform DER -out www_tugriceri_com-der.key
Opennms Reindex database
by Emre Tugriceri on Apr.30, 2010, under Uncategorized
<font><font><font><font face="Arial, Helvetica, sans-serif">psql -d opennms -c “REINDEX DATABASE opennms FORCE” vacuumdb -v opennms -U opennms -W </font></font></font></font>
Resize LV
by Emre Tugriceri on Jan.05, 2010, under Uncategorized
pvresize -v -d /dev/dm-0
vgdisplay
lvextend -L400G /dev/VGD/datalv
resize2fs /dev/VGD/datalv
e2fsck -f /dev/VGD/datalv
resize2fs /dev/VGD/datalv
mount /dev/VGD/datalv /mnt/data
Sftp chroot settings
by Emre Tugriceri on Oct.17, 2009, under Security, SSH
cat /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Match group sftponly
ChrootDirectory /chroot
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
cat /etc/passwd
testuser:x:500:504::/:/bin/bash
sftponly:x:504:testuser
Directory sync with rsync over ssh
by Emre Tugriceri on May.29, 2009, under Linux, Shell
<a name="linuxsvrhack-CHP-3-SECT-2">root@emre:~# <b class="emphasis-bold">rsync -ave ssh server:/opt/dir /opt</b></a>
Transponder Lists for Kaffeine
by Emre Tugriceri on May.20, 2009, under DVB, Linux, Shell
There is a link that include transponder lists.
http://www.fastsatfinder.com/transponders.html
This script will convert fastsatfinder’s transponder lists to kaffeine format.
I used 0130.ini file for Hotbird.
cat 0130.ini | awk -F “=” ‘{print $2}’ > out
for aa in `cat out`
do
echo $aa |sed ‘s/,34/,3\/4/; s/,56/,5\/6/; s/,23/,2\/3/’ | awk -F “,” ‘{print “S”” “$1″000 “$2” “$3″000 “$4″”}’ >> Hotbird-13.0E
done
Nec firmware update under linux
by Emre Tugriceri on Apr.25, 2009, under Hardware, Linux
Nec firmware update under linux
Please download necflash utility from http://binflash.cdfreaks.com/
[root@frost local]# ./necflash -scan
Binflash – NEC version – (C) by Liggy and Herrie
Visit http://binflash.cdfreaks.com
List of supported devices:
Device : /dev/sg3
Vendor : Optiarc
Model : DVD RW AD-5170A
Firmware : 1.11
Device : /dev/scd0
Vendor : Optiarc
Model : DVD RW AD-5170A
Firmware : 1.11
This is our dvdrom info.
We should get a backup our current firmware with this command. sg3 is our device.
./necflash -dump Optiarc-AD-5170A-1.11.bin /dev/sg3
Following links have Liggy’s and Dee’s modified firmwares. I want to use it. You can easly find original firmware.
http://liggydee.cdfreaks.com/page/en/Optiarc-AD-5170A/
[root@frost local]# unzip 114bt_rpc1.zip
Archive: 114bt_rpc1.zip
This file was downloaded from http://liggydee.cdfreaks.com
Please read the instructions included in this zipfile and
on our website at http://liggydee.cdfreaks.com/page/5170/
inflating: readme.txt
inflating: 114bt_rpc1.bin
inflating: Liggy’s and Dee’s Website.url
[root@frost local]# ./necflash -flash -v -s 114bt_rpc1.bin /dev/sg3
Vendor: Optiarcberat sitesi
Identification: DVD RW AD-5170A
Version: 1.14
Remember no one can be held responsible for any kind of failure!
Are you sure you want to proceed? (y/n)
if you get “Error submitting checksum” error. You should set your device to pio mode. I couldnt set with hdparm and i set it on bios.
[root@frost local]# ./necflash -scan
Binflash – NEC version – (C) by Liggy and Herrie
Visit http://binflash.cdfreaks.com
List of supported devices:
Device : /dev/sg3
Vendor : Optiarc
Model : DVD RW AD-5170A
Firmware : 1.14
Device : /dev/scd0
Vendor : Optiarc
Model : DVD RW AD-5170A
Firmware : 1.14
How to test wbinfo_group.pl via command line
by Emre Tugriceri on Apr.10, 2009, under Shell, Squid
[root@proxy squid]# echo “emre Standard_Access” | /usr/lib/squid/wbinfo_group.pl -d
Debugging mode ON.
Got emre Standard_Access from squid
Standard Access
User: -emre-
Group: -Standard Access-
SID: -S-1-5-21-2095213794-1237320697-2031155483-2732-
GID: -16777226-
Sending OK to squid
OK
remove multi space with sed
by Emre Tugriceri on Apr.10, 2009, under Shell
cat ISALOG_20090302_WEB_000.w3c | sed ‘s/\s/ /g
run command via ssh (remote)
by Emre Tugriceri on Apr.08, 2009, under Linux, Security, Shell
cat ls_keykur.sh | ssh root@10.94.12.3
ssh root@10.94.12.3 “date”
snmpwalk example
by Emre Tugriceri on Apr.08, 2009, under Linux
snmpwalk -v 2c -c hoba 1.12.0.68 system
Domain join error
by Emre Tugriceri on Apr.08, 2009, under Linux, Samba
[root@px2 ~]# /usr/bin/net join -S 192.168.2.5 -U etadmin
[2009/04/08 14:00:17, 0] param/loadparm.c:lp_do_parameter(7172)
Enter etadmin’s password:
[2009/04/08 14:00:23, 0] libnet/libnet_join.c:libnet_join_ok(1035)
libnet_join_ok: failed to get schannel session key from server 10.129.0.20 for domain ET. Error was NT_STATUS_INVALID_COMPUTER_NAME
Failed to join domain: failed to verify domain membership after joining: Invalid computer name
ADS join did not work, falling back to RPC…
Enter etadmin’s password:
Interupted by signal.
[root@px2 ~]# /usr/bin/net join -S dc1 -U etadmin
[2009/04/08 14:00:36, 0] param/loadparm.c:lp_do_parameter(7172)
Ignoring unknown parameter “default domain”
Enter etadmin’s password:
Using short domain name — ET
Joined ‘PX2’ to realm ‘tugriceri.com
You should use netbios name. not ip.
Execute remote command via ssh
by Emre Tugriceri on Apr.02, 2009, under Linux
ssh root@server ‘uname -a’
Changing linux system time
by Emre Tugriceri on Mar.30, 2009, under Linux
change system time and sync. hardware time.
other ssl issue with my own ca
by Emre Tugriceri on Mar.18, 2009, under Security
/root/tugriceri.com_CA/ca/
cat ca.conf
[ ca ]
default_ca = ca_default
[ ca_default ]
dir = /root/tugriceri.com_CA/ca/
certs = /root/tugriceri.com_CA/ca/
new_certs_dir = /root/tugriceri.com_CA/ca/ca.db.certs
database = /root/tugriceri.com_CA/ca/ca.db.index
serial = /root/tugriceri.com_CA/ca/ca.db.serial
RANDFILE = /root/tugriceri.com_CA/ca/ca.db.rand
certificate = /root/tugriceri.com_CA/ca/ca.crt
private_key = /root/tugriceri.com_CA/ca/ca.key
default_days = 365
default_crl_days = 30
default_md = md5
preserve = no
policy = generic_policy
[ generic_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
openssl ca -config ca.conf -notext -out one.tugriceri.com/one.tugriceri.com.cer -infiles one.tugriceri.com/one.tugriceri.com.csr
openssl x509 -req -days 365 -in one.tugriceri.com/one.tugriceri.com.csr -CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial -out one.tugriceri.com/one.tugriceri.com.cer
openssl verify -CAfile ../ca/ca.crt one.tugriceri.com.cer
