Posts

Showing posts from April, 2013

ASA Smart Call Home common uses and periodic monitoring

ASA Smart Call Home common uses and periodic monitoring   Purpose of this document Smart Call Home is a feature introduced into the ASA firewalls in version 8.2 that allows for periodic monitoring of the firewall device. This document how to leverage this feature to monitor and troubleshoot network issues. Configuring Smart Call Home To configure Smart Call Home, use the following document: https://supportforums.cisco.com/docs/DOC-12801 Common Uses Configuration Backups Gathering configuration backups  periodically is useful in case of device replacement or change control.  It helps to identify the last working configuration and archives changes  made to the firewall. hostname (config)# service call-home hostname (config)# call-home hostname (cfg-call-home)# contact-email-addr [email protected] hostname (cfg-call-home)# mail-server 192.168.1.100 priority 1 hostname (cfg-call-home)# profile ConfigBackup-1 hostname (cfg-call-home-profile)# dest

PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/module.so'

This problem happens with CentOS 6.4   PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/module.so' - /usr/lib/php/modules/module.so: cannot open shared object file: No such file or directory in Unknown on line 0   and is related to mcrypt lib, so for now only one solution is    yum downgrade php-mcrypt  

autocomplete commands with sudo

How to enable autocomplete when using sudo command? Edit  the ".bashrc" hidden file from your home folder. sudo vim ~/.bashrc Then paste this at the bottom of the file:   if [ "$PS1" ]; then complete -cf sudo fi Then type this in a terminal to reload: bash Now try the example in the beginning of the file " sudo ser " and press TAB. It should now work. found at:  http://www.webupd8.org/2010/03/how-to-autocomplete-commands-preceded.html

Bash Trap Control+C

Do you want to catch control-c keyboard interrupts in your Bash program? Use the Bash builtin trap command to catch system signals. The following runs control_c() when a user interrupts the main() section with a Control-C (SIGINT) #!/bin/bash cleanup() # example cleanup function {   rm -f /tmp/tempfile   return $? } control_c() # run if user hits control-c {   echo -en "\n*** Ouch! Exiting ***\n"   cleanup   exit $? } # trap keyboard interrupt (control-c) trap control_c SIGINT # main() loop while true; do read x; done found at:  http://hacktux.com/bash/control/c

Installing RHEL EPEL Repo on Centos 5.x or 6.x

How to install RHEL EPEL repository on Centos 5.x or 6.x The following article will describe how to configure a CentOS 5.x-based or Centos 6.x-based system to use Fedora Epel repos and third party remi package repos. These package repositories are not officially supported by CentOS, but they provide much more current versions of popular applications like PHP or MYSQL. Install the extra repositories The first step requires downloading some RPM files that contain the additional YUM repository definitions. The instructions below point to the 64-bit versions that work with our Cloud Server instances. Centos 5.x wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm sudo rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm Centos 6.x wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm sudo rpm

CentOS - change to Japanese

Change to Japanese environment in CentOS [1] Install packages for Japanese yum -y groupinstall "Japanese Support" [2] Change charset vi /etc/sysconfig/i18n   # change LANG="ja_JP.UTF-8" source /etc/sysconfig/i18n echo $LANG >ja_JP.UTF-8

Install Fail2ban (Intrusion Prevention) System on RHEL/CentOS 6.3/5.8, Fedora 17/12

Fail2ban is an open source free intrusion prevention framework developed in python programming language. Fail2ban operates by monitoring log files such as /var/log/pwdfail , /var/log/auth.log , /var/log/secure etc. and bans the IP address after too many password failure attempts. It used to update iptable firewall rules to reject the IP address for a specified amount of time. This article shows you how to install and configure Fail2ban under RHEL 6.3/6.2/6.1/6.0/5.8 CentOS 6.3/6.2/6.1/6.0/5.8 and Fedora 17,16,15,14,13,12 systems. Fail2ban runs as a daemon that uses python scripts to parse log files for system intrusion attempts and adds a custom rules to iptables configuration file to ban the access to certain ip addresses. Before heading up for installation and configuration of Fail2Ban , I would like to tell you that most of the attackers trying to gain root access via SSH . So, I recommend you to pay close attention to things such as disable ssh root logins and

Multiple tail via ssh

I just wrote simple script to remotely monitor logs of many servers and log files and display on screen with colors depends on event. You can also add parameter to receive emails when event occurs. Script will automatically login into server via ssh and start tail. Another great tool CHIP   Also I use sshpass for automatic login (for security reason you can write password in separate file) #!/bin/bash sleep 120 & pid="$!" sleep 120 & pid="$pid $!" echo "my process pid is: $$" echo "my child pid list is: $pid" /usr/bin/sshpass -p PASSWORD /usr/local/bin/chip -f -m2='LOG-EVENT-1' -s2='YELLOW on_blue' -m3='LOG-EVENT-2' -s3='WHITE' -s1 ACCOUNT@SERVER-1-IP:'/var/log/LOGFILE' /usr/bin/sshpass -p PASSWORD /usr/local/bin/chip -f -m2='LOG-EVENT-1' -s2='YELLOW on_blue' -m3='LOG-EVENT-2' -s3='WHITE' -s1 ACCOUNT@SERVER-2-IP:'/var/log/LOGFILE' trap

Selinux problems - how to solve access issues or disable/change mode

Creating Custom SELinux Policy Modules with audit2allow Sometimes there are occasions when none of the above methods deal with a given situation and we need to extend the SELinux policy by creating a custom policy module to allow for a certain set of conditions. For example, consider the postgrey service add-on for an smtp mail server. Our smtp server needs to communicate with postgrey over a Unix socket and that is something the default SELinux policy for our smtp server does not allow. Consequently the service is blocked by SELinux. This is an issue that can not be fixed by changing or restoring file type security contexts and isn't something that has a boolean value we can toggle to allow. We could disable SELinux protection of the smtp server through a boolean, which would be better than disabling SELinux completely, but that is still far from ideal. If we switch SELinux into Permissive mode and run our mail server for a set period of time, we can log SE

Understanding Cisco ASA AnyConnect Licensing

Image
This post will try to help understand the differences between anyconnect premium and anyconnect essentials licenses. Note: You cannot have both Essentials and Premium running at once. Note: Cisco ASA 8.3+ no longer requires both the Active and Standby unit to each have a license. The active license is shared between the failover units. This should not be confused with the ‘shared premium license’. Source of this image: Cisco’s Partner Education center – ASA Licensing Webex. To enable AnyConnect essentials: Purchase the license (L-ASA-AC-E-55xx= it costs $100-$500). Apply the license to the ASA using the ‘activation-key’ command. This does not require a reboot. Apply the config: webvpn anyconnect-essentials Now your firewall will be licensed to have up to however many connections that are on the “Total VPN Connections”. For instance if your show version says this: AnyConnect Premium Peers          : 2              perpetual AnyConnect Essentials             : Enab

Cisco ASA shunned connection

Shunning Traffic Sometimes it might be possible for malicious hosts to open connections into the protected network. This could occur if the inbound access list policies aren't configured correctly or tightly. As soon as these connections are noticed (after they are built), you might want to react by blocking connections coming from the malicious source address. To do this, you could edit the access list each time the source of an attack is discovered . This would deny any future connections; xlate entries would also need to be cleared to drop existing connections. This would also quickly become an administrative burden . A more efficient alternative is the shun command. When a shun is activated, all current connections from a malicious host can be dropped and all future connections blocked. Connections are shunned regardless of the firewall interface being traversed. The firewall examines the connection table and the connection building process to identify an

Free infographics online

Easy to create and looks beautiful  Found at: http://infogr.am/

SNMP Logging Flooding into /var/log/message

Another problem I have been facing with default installation of SNMP is the /var/log/message will be flooding with snmpd log as example above. To overcome this, add following line into /etc/sysconfig/snmpd using text editor: OPTIONS = "-LS 5 d" Save and restart SNMPD to get affected. To verify, just run following command and make sure the options value is included: $ ps aux | grep snmpd root 32382 0.0 0.1 197160 5076 ? S 13 :04 0 :00 / usr / sbin / snmpd -LS 5 d This options will log from level 0 to 4 based on log level below: 0 – Emergencies – System is unusable 1 – Alerts – Immediate action needed 2 – Critical – Critical conditions 3 – Errors – Error conditions 4 – Warnings – Warning conditions 5 – Notifications – Informational messages 6 – Informational – Normal but significant conditions 7 – Debugging – Debugging messages Found at: http://blog.secaserver.com/2012/08/snmpd-connection-udp-refused/

Easy access

its better to know if you are safe or not... http://www.shodanhq.com/

Lost grand options in mysql

If the GRANT ALL doesn't work, try: Stop mysqld and restart it with the --skip-grant-tables option. Connect to the mysqld server with just: mysql (i.e. no -p option, and username may not be required). Issue the following commands in the mysql client: UPDATE mysql.user SET Grant_priv='Y', Super_priv='Y' WHERE User='root'; FLUSH PRIVILEGES; After that, you should be able to run GRANT ALL ON *.* TO 'root'@'localhost'; and have it work. Found at: http://stackoverflow.com/questions/1709078/how-can-i-restore-the-mysql-root-users-full-privileges