Tugriceri Web Notes

Linux


StrongSwan and Android configs

by on Apr.27, 2013, under Linux, Security, StrongSwan

root@six #cat ipsec.conf

conn tugriceri.com
leftsubnet=0.0.0.0/0
left=209.208.63.204
leftcert=/cert/strongswan.pem
leftauth=pubkey
leftsendcert=yes
leftid=six.tugriceri.com
right=%any
rightid=%any
rightsourceip=10.0.5.0/24
rightauth=eap-mschapv2
rightsendcert=never
eap_identity=%any
auto=add

root@six #cat ipsec.secrets

# strongSwan IPsec secrets file
: RSA /cert/strongswan.key
six.tugriceri.com : RSA /cert/strongswan.key
testuser : EAP "secretpass"

root@six #cat openssl-req.cfg

[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no

[ v3_req ]

# Extensions to add to a certificate request

#keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = "DNS:six.tugriceri.com,DNS:www.tugriceri.com,IP:209.208.63.204,DNS:tugriceri.com"
#subjectAltName = @alt_names

[alt_names]
DNS.1 = six.tugriceri.com
DNS.2 = www.tugriceri.com

[ req_distinguished_name ]
CN = six.tugriceri.com
GN = six.tugriceri.com
OU = Tugriceri.com
O = Tugriceri.com
L = Istanbul
ST = Istanbul
C = TR
emailAddress = root@tugriceri.com
subjectAltName = six.tugriceri.com

subjectAltName is importend point of configuration. Your certificate must be have this.

root@six #cat certyarat.sh

rm -f strongswan.req
rm -f strongswan.pem
openssl req -new -out strongswan.req -key strongswan.key -config openssl-req.cfg
openssl ca -batch -notext -in strongswan.req -out strongswan.pem -config ca.conf

root@six #cat showcert

openssl x509 -in strongswan.pem -text -noout
Command Output :
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:six.tugriceri.com, DNS:www.tugriceri.com, IP Address:209.208.63.204, DNS:tugriceri.com

root@six #cat ca.conf

[ ca ]
default_ca = tugricerica
[ tugricerica ]
copy_extensions = copy
#Removed lines

copy_extension must be in your ca.conf

Comments Off on StrongSwan and Android configs more...

libgcc_s.so.1 must be installed for pthread_cancel to work

by on Jul.30, 2012, under HTTP

If you are trying to use the chroot feature with a multithreaded Apache installation you may get the folllowing message “libgcc_s.so.1 must be installed for pthread_cancel to
work”. Add LoadFile /lib/libgcc_s.so.1 to your Apache configuration to fix this problem.

Comments Off on libgcc_s.so.1 must be installed for pthread_cancel to work more...

SELinux FTP Home dir write permission

by on Oct.07, 2011, under Linux, Security, SELinux

Connected to 127.0.0.1.
220 (vsFTPd 2.2.2)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): test1
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/var/ftp/test1
Login failed.
ftp> quit

[root@legion mnt]# getsebool ftp_home_dir
ftp_home_dir –> off
[root@legion mnt]# setsebool -P ftp_home_dir 1
[root@legion mnt]# getsebool ftp_home_dir
ftp_home_dir –> on

Comments Off on SELinux FTP Home dir write permission : more...

tacacs+ compile error

by on Oct.04, 2011, under Linux

if you are getting this error when compiling tacacs+ , you should compile with –enable-maxsess option.

gcc -DHAVE_CONFIG_H -I.   -I/usr/local/include  -g -O2 -pthread    -MT maxsessint.o -MD -MP -MF .deps/maxsessint.Tpo -c -o maxsessint.o maxsessint.c
maxsessint.c: In function ‘maxsess_check_count’:
maxsessint.c:60: error: ‘S_maxsess’ undeclared (first use in this function)
maxsessint.c:60: error: (Each undeclared identifier is reported only once
maxsessint.c:60: error: for each function it appears in.)
gmake[1]: *** [maxsessint.o] Error 1
gmake[1]: Leaving directory `/usr/local/tacacs+-F5.0.0a1′
make: *** [all] Error 2

./configure –sysconfdir=/etc –enable-maxsess

Comments Off on tacacs+ compile error more...

ZFS deduplication test on Fedora 15 Linux

by on Jun.18, 2011, under Linux, ZFS

I  recently tested ZFS deduplication test on Fedora 15 Linux.
This is my test script. I tested only text file. For final report, other file format tests is unnecessary.

[root@etugriceri fast]# du -ch 0/textfile
6.5K    0/textfile
6.5K    total

[root@etugriceri fast]# zpool list dimmpool
NAME       SIZE  ALLOC   FREE    CAP  DEDUP  HEALTH  ALTROOT
dimmpool   294M   262M  31.8M    89%  1.89x  ONLINE

[root@etugriceri fast]# cat ded.sh

a=”1″

while [ $a -lt “1000” ];
do
mkdir $a
let b=$a-1
cp $b/textfile $a
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile

let a=$a+1
done

#####

[root@etugriceri fast]# zpool list dimmpool
NAME       SIZE  ALLOC   FREE    CAP  DEDUP  HEALTH  ALTROOT
dimmpool   294M   132M   162M    45%  1.00x  ONLINE  –

[root@etugriceri fast]# cat ded.sh

a=”1″

while [ $a -lt “10000” ];
do
mkdir $a
let b=$a-1
cp 0/textfile $a
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile
dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum >> $a/textfile
cat 0/textfile >> $a/textfile
let a=$a+1
done

Comments Off on ZFS deduplication test on Fedora 15 Linux : more...

Deny user for remote login

by on Jun.06, 2011, under Linux, Security

sudo vi /etc/security/access.conf

-:root:ALL EXCEPT LOCAL

Comments Off on Deny user for remote login more...

Yum Proxy settings

by on Mar.26, 2011, under Linux, Yum

[root@localhost ~]# vi /etc/yum.conf

  • proxy=http://10.129.0.23:8080
  • http_proxy=http://10.129.0.23:8080

[root@localhost ~]# declare -x ftp_proxy=”http://10.129.0.23:8080″
[root@localhost ~]# declare -x http_proxy=”10.129.0.23:8080″

Comments Off on Yum Proxy settings : more...

Corrupted RPM database

by on Feb.26, 2011, under Linux

 1019  rm -f /var/lib/rpm/__db*
 1020  rpm -vv –rebuilddb

Comments Off on Corrupted RPM database more...

Hide Apache version

by on Jan.21, 2011, under HTTP, Linux

vi httpd.conf
ServerSignature Off
ServerTokens Prod

apachectl restart

Comments Off on Hide Apache version more...

LVM Create

by on Jan.21, 2011, under Linux, LVM

 1031  dmsetup ls –tree
 1040  dmsetup remove /dev/dm-11 (silinen partition ın dmden kalkmaması sebebi ile)
 1041  fdisk -l
 1044  pvcreate /dev/mapper/mpath11
 1045  pvdisplay
 1046  vgcreate VolGroupBackup /dev/mapper/mpath11
 1047  pvdisplay
 1048  vgdisplay
 1049  lvcreate -L 699.99G VolGroupBackup lvBackup
 1050  lvcreate -L 699.99G VolGroupBackup -n lvBackup
 1051  lvdisplay
 1052  ls /dev/VolGroupBackup/lvBackup
 1053  ls /dev/mapper/
 1054  mkfs.ext3 /dev/mapper/VolGroupBackup-lvBackup
 1058  mount
 1059  mount /dev/mapper/VolGroupBackup-lvBackup /mnt/backup/

Comments Off on LVM Create : more...

Find WWN’s of HBA

by on Dec.24, 2010, under Linux

systool -av -c fc_host

Comments Off on Find WWN’s of HBA more...

Mysql Connection limit

by on Oct.04, 2010, under Mysql

SET GLOBAL max_connections = 200;

Comments Off on Mysql Connection limit more...

Text file download from apache

by on Sep.02, 2010, under HTTP

<Files *.txt>
ForceType application/octet-stream
Header set Content-Disposition attachment
</Files>

Comments Off on Text file download from apache more...

Multipath – Volume Groups

by on Jul.26, 2010, under Linux

Multipath in SAN den diskleri hatalı gormesi sebebi ile volume gruplarda problem oluyor. Diskleri düzgün görmesi için config i flush layıp tekrardan dm leri oluşturmalı ve volume groupları tekrar enable etmeliyiz.

/sbin/multipath -F
/sbin/multipath
/sbin/vgchange -a y
mount /dev/vg0/lvol0 /mnt/data

Comments Off on Multipath – Volume Groups more...

Directory sync with rsync over ssh

by on May.29, 2009, under Linux, Shell

<a name="linuxsvrhack-CHP-3-SECT-2">root@emre:~# <b class="emphasis-bold">rsync -ave ssh server:/opt/dir /opt</b></a>

Comments Off on Directory sync with rsync over ssh more...

Transponder Lists for Kaffeine

by on May.20, 2009, under DVB, Linux, Shell

There is a link that include transponder lists.
http://www.fastsatfinder.com/transponders.html

This script will convert fastsatfinder’s transponder lists to kaffeine format.

I used 0130.ini file for Hotbird.

cat 0130.ini | awk -F “=” ‘{print $2}’ > out

for aa in `cat out`
do
echo $aa |sed ‘s/,34/,3\/4/; s/,56/,5\/6/; s/,23/,2\/3/’ | awk -F “,” ‘{print “S”” “$1″000 “$2” “$3″000 “$4″”}’ >> Hotbird-13.0E
done

Comments Off on Transponder Lists for Kaffeine more...

Nec firmware update under linux

by on Apr.25, 2009, under Hardware, Linux

Nec firmware update under linux
Please download necflash utility from http://binflash.cdfreaks.com/
[root@frost local]# ./necflash -scan
Binflash – NEC version – (C) by Liggy and Herrie
Visit http://binflash.cdfreaks.com

List of supported devices:

Device   : /dev/sg3
Vendor   : Optiarc
Model    : DVD RW AD-5170A
Firmware : 1.11

Device   : /dev/scd0
Vendor   : Optiarc
Model    : DVD RW AD-5170A
Firmware : 1.11

This is our dvdrom info.

We should get a backup our current firmware with this command. sg3 is our device.
./necflash -dump Optiarc-AD-5170A-1.11.bin /dev/sg3

Following links have Liggy’s and Dee’s modified firmwares. I want to use it. You can easly find original firmware.
http://liggydee.cdfreaks.com/page/en/Optiarc-AD-5170A/

[root@frost local]# unzip 114bt_rpc1.zip
Archive:  114bt_rpc1.zip                
This file was downloaded from http://liggydee.cdfreaks.com
Please read the instructions included in this zipfile and
on our website at http://liggydee.cdfreaks.com/page/5170/
  inflating: readme.txt                                  
  inflating: 114bt_rpc1.bin                              
  inflating: Liggy’s and Dee’s Website.url  

[root@frost local]# ./necflash -flash -v -s 114bt_rpc1.bin /dev/sg3

Vendor: Optiarcberat sitesi
Identification: DVD RW AD-5170A
Version: 1.14

Remember no one can be held responsible for any kind of failure!
Are you sure you want to proceed? (y/n)

if you get “Error submitting checksum” error. You should set your device to pio mode. I couldnt set with hdparm and i set it on bios.

[root@frost local]# ./necflash -scan
Binflash – NEC version – (C) by Liggy and Herrie
Visit http://binflash.cdfreaks.com

List of supported devices:

Device   : /dev/sg3
Vendor   : Optiarc
Model    : DVD RW AD-5170A
Firmware : 1.14

Device   : /dev/scd0
Vendor   : Optiarc
Model    : DVD RW AD-5170A
Firmware : 1.14

Comments Off on Nec firmware update under linux : more...

run command via ssh (remote)

by on Apr.08, 2009, under Linux, Security, Shell

cat ls_keykur.sh | ssh root@10.94.12.3
ssh root@10.94.12.3 “date”

Comments Off on run command via ssh (remote) more...

snmpwalk example

by on Apr.08, 2009, under Linux

snmpwalk -v 2c -c hoba 1.12.0.68 system

Comments Off on snmpwalk example more...

Domain join error

by on Apr.08, 2009, under Linux, Samba

[root@px2 ~]# /usr/bin/net join -S 192.168.2.5 -U etadmin
[2009/04/08 14:00:17,  0] param/loadparm.c:lp_do_parameter(7172)
Enter etadmin’s password:
[2009/04/08 14:00:23,  0] libnet/libnet_join.c:libnet_join_ok(1035)
  libnet_join_ok: failed to get schannel session key from server 10.129.0.20 for domain ET. Error was NT_STATUS_INVALID_COMPUTER_NAME
Failed to join domain: failed to verify domain membership after joining: Invalid computer name
ADS join did not work, falling back to RPC…
Enter etadmin’s password:
Interupted by signal.

[root@px2 ~]# /usr/bin/net join -S dc1 -U etadmin
[2009/04/08 14:00:36,  0] param/loadparm.c:lp_do_parameter(7172)
  Ignoring unknown parameter “default domain”
Enter etadmin’s password:
Using short domain name — ET
Joined ‘PX2’ to realm ‘tugriceri.com

You should use netbios name. not ip.

Comments Off on Domain join error : more...

Execute remote command via ssh

by on Apr.02, 2009, under Linux

ssh root@server ‘uname -a’

Comments Off on Execute remote command via ssh more...

Changing linux system time

by on Mar.30, 2009, under Linux

change system time and sync.  hardware time.

Comments Off on Changing linux system time more...

check: no loaded plugin implements ‘check_main’:

by on Oct.04, 2008, under Spam

<i>check: no loaded plugin implements 'check_main': cannot scan! at</i><i> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line</i><i> 164.<br /><br />vi init.pre<br /></i>loadplugin Mail::SpamAssassin::Plugin::Check<br />
Comments Off on check: no loaded plugin implements ‘check_main’: more...

mysql deki snort loglarini temizlemek

by on Sep.21, 2008, under Mysql, Security

reset master
purge master logs
delete from data
delete from event where timestamp<‘2008-8-01’

Comments Off on mysql deki snort loglarini temizlemek more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...