ege: Ekim 2010

28 Ekim 2010 Perşembe

HP 8540w

http://www.linlap.com/wiki/hp+elitebook+8540w

For suspend problem on Ubuntu 10.10

create files : /etc/pm/config.d/00sleep_module and /etc/pm/config.d/unload_module

add line to files : SUSPEND_MODULES="xhci-hcd"

A big problem is the ACPI support (kacpid uses 70-100% of CPU power). I is a BIOS bug from the 8540w. Workaround is to “echo disable > /sys/firmware/acpi/interrupts/gpe01” in /etc/rc.local.

.

25 Ekim 2010 Pazartesi

(tun0): failed to set IPv4 default route: -19 ( cisco vpnc )

If have any trouble with VPNC (Linux cisco vpn client) about routing as below :

Oct 25 17:22:36 manbook NetworkManager[1224]: <error> [1288016556.269977] [nm-system.c:961] nm_system_replace_default_ip4_route_vpn(): (tun0): failed to set IPv4 default route: -19

Change settings :

Encryption method : weak

ipv4 settings Method : automatic (VPN) addresses only

all other settings will be same. it should work.

.

Error: "Internal Error 2738" when installing Cisco VPN client on Windows Vista

To resolve this error, you must register a DLL in Windows Vista.

Problem

When you attempt to install Cisco VPN client in Windows Vista, you receive the following error:

Internal Error 2738

This error prevents Cisco VPN client from instlaling properly.

Solution

To resolve this error, you must register a DLL in Windows Vista. Do the following:

Make sure the Cisco VPN client installer is closed before you begin.

Click Start > All Programs > Accessories

Right-click on Command Prompt in the Accessories section of the Start Menu and selectRun as Administrator.

Type cd C:\Windows\System32 and then press Enter.

Type regsvr32 C:\Windows\System32\vbscript.dll and then press Enter.

You will receive a message that says, "DLLRegisterServer in C:\Windows\System32\vbscript.dll succeeded." Click OK.

Close the command prompt window.

Restart your computer.

You can now install Cisco VPN client.

Vpn setup on Linux

sudo apt-get install network-manager-gnome network-manager-pptp

sudo apt-get install network-manager-vpnc

sudo apt-get install network-manager-openvpn

sudo apt-get install pptp-linux

sudo NetworkManager restart

https://wiki.ubuntu.com/VPN

LInux Vpn Connection Issue

If you have connection problem over vpn on Linux , i suggest that you had better to reinstall this package on Ubuntu

sudo apt-get install network-manager-pptp --reinstall

24 Ekim 2010 Pazar

Cisco Load Balancer conf

!Generated on 30/03/2010 06:34:43

!Active version: sg0810106

configure

!*************************** GLOBAL ***************************

  cdp run

  flow tcp-reset-vip-unavailable

  ip redundancy

  username monitor des-password xxxxxxx

  date european-date

  sntp primary-server 192.168.1.15 version 1

  sntp secondary-server 192.168.1.1 version 1

  flow permanent port1 16000

  app

  app session 172.16.0.2

  flow-state 162 udp flow-disable nat-enable

  ip route 0.0.0.0 0.0.0.0 192.168.201.1 1

!************************* INTERFACE *************************

interface e1

  bridge vlan 10

  redundancy-phy

interface e2

  bridge vlan 20

  redundancy-phy

interface e3

  bridge vlan 30

  redundancy-phy

interface e4

  bridge vlan 40

  redundancy-phy

interface e8

  bridge vlan 80

!************************** CIRCUIT **************************

circuit VLAN10

  redundancy

  ip address 192.168.21.4 255.255.255.248

circuit VLAN20

  redundancy

  ip address 192.168.15.1 255.255.255.0

circuit VLAN30

  redundancy

  ip address 192.168.16.1 255.255.255.0

circuit VLAN40

  redundancy

  ip address 192.168.5.14 255.255.255.0

circuit VLAN80

  ip address 172.16.0.1 255.255.255.252

   redundancy-protocol

!************************** SERVICE **************************

service appgw1-smpp

  ip address 192.168.165.47

  keepalive type tcp

  keepalive port 16000

  keepalive frequency 60

  active

service appgw2-smpp

  ip address 192.168.165.48

  keepalive type tcp

  keepalive port 16000

  keepalive frequency 60

  active

service mmsc1-80

  keepalive port 8080

  port 8080

  ip address 192.168.166.45

  keepalive type tcp

  active

service mmsc1-mm3

  keepalive port 2525

  port 2525

  ip address 192.168.166.45

  keepalive type tcp

  active

service mmsc1-temp-6001

  ip address 192.168.166.45

  keepalive port 80

  keepalive type tcp

  active

service mmsc2-80

  keepalive port 8080

  port 8080

  ip address 192.168.166.46

  keepalive type tcp

  active

service mmsc2-mm3

  keepalive port 2525

  port 2525

  ip address 192.168.166.46

  keepalive type tcp

  active

service mmsc2-temp-6001

  ip address 192.168.166.46

  keepalive type tcp

  keepalive port 6001

  active

service mmsc3-80

  keepalive port 8080

  port 8080

  ip address 192.168.166.63

  keepalive type tcp

  active

service mmsc3-mm3

  keepalive port 2525

  port 2525

  ip address 192.168.166.63

  keepalive type tcp

  active

service mmsc3-temp-6001

  ip address 192.168.166.63

  keepalive type tcp

  keepalive port 6001

  active

service mmsc4-80

  keepalive port 8080

  port 8080

  ip address 192.168.166.64

  keepalive type tcp

  active

service mmsc4-mm3

  keepalive port 2525

  port 2525

  ip address 192.168.166.64

  keepalive type tcp

  active

service mmsc4-temp-6001

  ip address 192.168.166.64

  keepalive type tcp

  keepalive port 6001

  active

service msggw1-8011

  ip address 192.168.166.51

  keepalive type tcp

  keepalive port 8011

  active

service msggw1-smpp

  ip address 192.168.166.51

  keepalive type tcp

  keepalive port 8011

  active

service msggw2-8011

  ip address 192.168.166.52

  keepalive type tcp

  keepalive port 8011

  active

service msggw2-smpp

  ip address 192.168.166.52

  keepalive type tcp

  keepalive port 8011

  active

service msggw5-8011

  ip address 192.168.166.61

  keepalive type tcp

  keepalive port 8011

  active

service msggw5-smpp

  ip address 192.168.166.61

  keepalive type tcp

  keepalive port 8011

  active

service msggw6-8011

  ip address 192.168.166.62

  keepalive type tcp

  keepalive port 8011

  active

service msggw6-smpp

  ip address 192.168.166.62

  keepalive type tcp

  keepalive port 8011

  active

service ny-smsr1-smpp

  ip address 192.168.165.203

  keepalive type tcp

  keepalive port 16000

  keepalive frequency 60

  active

service smsc1-smpp

  ip address 192.168.165.44

  keepalive type tcp

  keepalive port 16000

  keepalive frequency 60

  active

service smsc2-smpp

  ip address 192.168.165.45

  keepalive type tcp

  keepalive port 16000

  keepalive frequency 60

  active

service smsc3-smpp

  ip address 192.168.165.46

  keepalive type tcp

  keepalive port 16000

  keepalive frequency 60

  active

service smsc4-smpp

  ip address 192.168.165.201

  keepalive type tcp

  keepalive port 16000

  keepalive frequency 60

  active

service smsc5-smpp

  ip address 192.168.165.202

  keepalive type tcp

  keepalive port 16000

  keepalive frequency 60

  active

service smsr1-smpp

  ip address 192.168.165.41

  keepalive type tcp

  keepalive port 16000

  keepalive frequency 60

  active

service smsr2-smpp

  ip address 192.168.165.42

  keepalive type tcp

  keepalive port 16000

  keepalive frequency 60

  active

service smsr3-smpp

  ip address 192.168.165.43

  keepalive type tcp

  keepalive port 16000

  keepalive frequency 60

  active

service tas1-8080

  ip address 192.168.166.55

  keepalive type tcp

  keepalive port 8080

  active

service tas2-8080

  ip address 192.168.166.56

  keepalive type tcp

  keepalive port 8080

  active

service tas3-8080

  ip address 192.168.166.57

  keepalive type tcp

  keepalive port 8080

  active

service tas4-8080

  ip address 192.168.166.58

  keepalive type tcp

  keepalive port 8080

  active

service tcode1-8700

  ip address 192.168.165.231

  keepalive type tcp

  keepalive port 8700

  keepalive frequency 60

  active

service tcode2-8700

  ip address 192.168.165.232

  keepalive type tcp

  keepalive port 8700

  keepalive frequency 60

  active

service ussd_browser1-9090

  ip address 192.168.166.125

  keepalive type tcp

  keepalive port 9090

  active

service ussd_browser2-9090

  ip address 192.168.166.126

  keepalive type tcp

  keepalive port 9090

  active

service xsgw1-80

  ip address 192.168.166.53

  keepalive type tcp

  keepalive port 80

  active

service xsgw2-80

  ip address 192.168.166.54

  keepalive type tcp

  keepalive port 80

  active

!*************************** OWNER ***************************

owner kcell

  content appgw-smpp

   protocol tcp

   port 16000

   vip address 192.168.165.160

   balance srcip

   add service appgw1-smpp

   add service appgw2-smpp

   redundancy-l4-stateless

   active

  content mmsc-80

   add service mmsc1-80

   vip address 192.168.166.166

   add service mmsc2-80

   add service mmsc3-80

   add service mmsc4-80

   active

  content mmsc-mm3

   vip address 192.168.166.167

   add service mmsc1-mm3

   add service mmsc2-mm3

   protocol tcp

   port 25

   add service mmsc3-mm3

   add service mmsc4-mm3

   active

  content mmsc-mm4

   vip address 192.168.166.168

   add service mmsc1-mm3

   add service mmsc2-mm3

   protocol tcp

   port 25

   add service mmsc3-mm3

   add service mmsc4-mm3

   active

  content mmsc-mm7

   vip address 192.168.166.169

   add service mmsc1-80

   add service mmsc2-80

   protocol tcp

   port 80

   add service mmsc3-80

   add service mmsc4-80

   active

  content mmsc-temp-6001

   add service mmsc1-temp-6001

   add service mmsc2-temp-6001

   vip address 192.168.75.10

   add service mmsc3-temp-6001

   add service mmsc4-temp-6001

   active

  content msggw-16000

   add service msggw1-smpp

   vip address 192.168.166.249

   add service msggw2-smpp

   add service msggw5-smpp

   add service msggw6-smpp

   protocol tcp

   port 16000

   redundancy-l4-stateless

   active

  content msggw-8011

   add service msggw1-8011

   add service msggw2-8011

   vip address 192.168.166.168

   protocol tcp

   port 8011

   balance srcip

   sticky-inact-timeout 11

   flow-reset-reject

   redundancy-l4-stateless

   add service msggw5-8011

   add service msggw6-8011

   active

  content smsc-smpp

   protocol tcp

   port 16000

   redundancy-l4-stateless

   vip address 192.168.165.159

   balance srcip

   add service smsc1-smpp

   add service smsc2-smpp

   add service smsc3-smpp

   add service smsc4-smpp

   add service smsc5-smpp

   active

  content smsr-smpp

   protocol tcp

   port 16000

   vip address 192.168.165.158

   balance srcip

   add service smsr1-smpp

   add service smsr2-smpp

   add service smsr3-smpp

   add service ny-smsr1-smpp

   redundancy-l4-stateless

   active

  content tas-8080

   add service tas1-8080

   vip address 192.168.166.169

   add service tas2-8080

   add service tas3-8080

   add service tas4-8080

   active

  content tcode-8700

   vip address 192.168.165.172

   protocol tcp

   port 8700

   add service tcode1-8700

   add service tcode2-8700

   active

  content ussd_browser-9090

   port 9090

   protocol tcp

   add service ussd_browser1-9090

   add service ussd_browser2-9090

   balance srcip

   vip address 192.168.166.170

   active

  content xsgw-80

   vip address 192.168.166.168

   add service xsgw1-80

   add service xsgw2-80

   balance aca

   advanced-balance sticky-srcip

   sticky-mask 255.255.255.0

   sticky-serverdown-failover sticky-srcip-dstport

   active

owner kcll

  content msggw-smpp

   add service msggw1-8011

   vip address 192.168.166.168

   add service msggw2-8011

   protocol tcp

   redundancy-l4-stateless

   port 16000

   add service msggw5-8011

   add service msggw6-8011

   active

!*************************** GROUP ***************************

group g1

  vip address 192.168.166.250

  add destination service xsgw1-80

  add destination service xsgw2-80

  active

group g2

  vip address 192.168.166.251

  add destination service tas1-8080

  add destination service tas2-8080

  add destination service tas3-8080

  add destination service tas4-8080

  active

group g3

  add destination service msggw1-8011

  vip address 192.168.166.252

  add destination service msggw2-8011

  add destination service msggw5-8011

  add destination service msggw6-8011

  active

group mmsc-mm1

  vip address 192.168.166.153

  add destination service mmsc1-80

  add destination service mmsc2-80

  add destination service mmsc3-80

  add destination service mmsc4-80

  active

group mmsc-mm3

  vip address 192.168.166.154

  add destination service mmsc1-mm3

  add destination service mmsc2-mm3

  add destination service mmsc3-mm3

  add destination service mmsc4-mm3

  active

group ussd_browser-9090

  vip address 192.168.166.171

  add destination service ussd_browser1-9090

  add destination service ussd_browser2-9090

  active

How to install HP Data Protector on Redhat 5.5 x64

Mount CD

mount /root/xxxxxx.iso /mnt -o loop

cd1-

Software_HP_Data_Protector_for_Linux_x86_64_Cell_Manager_B6960_10010.iso

cp -r

/dvdrom//DP_DEPOT

/dvdrom//AUTOPASS

/dvdrom//LOCAL_INSTALL

cd LOCAL_INSTALL

./omnisetup.sh -CM

cd2-

Software_HP_Data_Protector_for_Linux_x86_64_Installation_Server_1_of_2_B6960_10011.iso

cp -r

/dvdrom//DP_DEPOT

/dvdrom//AUTOPASS

/dvdrom//LOCAL_INSTALL

cd LOCAL_INSTALL

./omnisetup.sh -IS1

Stop all Data Protector services using the

/opt/omni/sbin/omnisv -stop

or

/etc/init.d/omni start

Add User /opt/omni/bin/omniusers -add -type W -usergroup "admin" -name "*" -group "*" -client "*"

ADD PATH /opt/omni/bin, /opt/omni/lbin and /opt/omni/sbin

vi /opt/omni/newconfig/etc/opt/omni/server/options

tail -f /var/opt/omni/log/debug.log

UNINSTALL rpm -e OB2-DA-A.06.00-1 OB2-CC-A.06.00-1 OB2-CM-A.06.00-1 OB2-CS-A.06.00-1 OB2-CORE-A.06.00-1 OB2-DOCS-A.06.00-1 OB2-MA-A.06.00-1

apache virtual host conf

Bu özet kullanılabilir değil. Yayını görüntülemek için lütfen burayı tıklayın.

22 Ekim 2010 Cuma

disk replacemient with bigger ones on raid1

http://www.walkernews.net/2007/02/27/extend-lvm-disk-space-with-new-hard-disk/

1. server shut

2. old1 replaced with bigger one (remove old1 and mount bigger disk 2 min after server booted!!!)

3. server startup

4. wait for mirror rebuild

5. server shut

6. old2 replaced with bigger one (remove old2 and mount bigger disk 2 min after server booted!!!)

7. server boot

8. raid disks synced (ensure with hpacucli "ctrl all show config detail."wait for mirror rebuild . You will need to reboot server after)

=> ctrl slot=x ld 1 modify size=? (get free block size information)

=> ctrl slot=x ld 1 modify size=max

10. server reboot

11. create a partion and 8e filesytem using fdisk

12. initiate the device named /dev/cciss/c0dxpx using sytem-config-lvm

pvcreate /dev/cciss/c0dxpx

Physical volume "/dev/cciss/c0dxpx" successfully created

13. Create a new VolGroup0x using sytem-config-lvm or add to present one.

14. Create a new Volgroup

Success

Taskbar (Window list) icon size change

Install gnome-color-chooser from synaptic, once installed, you can adjust all that.

ILO settings via CLI

hponcfg -w ilosettings

Add a user first . Then change admin pass from ilo GUI

<b>

<user_info MODE="write">

<ADD_USER

    USER_NAME = "egemen"

    USER_LOGIN = "egemen"

    PASSWORD = "sifre1234">

<admin_priv value = "Y"/>

<remote_cons_priv value = "Y"/>

<reset_server_priv value = "Y"/>

<virtual_media_priv value = "Y"/>

<config_ilo_priv value = "Y"/>

</ADD_USER>

</USER_INFO>

</b>

( Write configuration to ILO rom)

hponcfg -f egemen

21 Ekim 2010 Perşembe

get info from ilo on hp dl series server

hpiLO-> show /system1

get server information on hp DL series with psp

hpasmcli> help

CLEAR DISABLE ENABLE EXIT HELP NOTE QUIT REPAIR SET SHOW

hpasmcli> show ?

Invalid Arguments

SHOW ASR

SHOW BOOT

SHOW DIMM [ SPD ]

SHOW F1

SHOW FANS

SHOW HT

SHOW IML

SHOW IPL

SHOW NAME

SHOW PORTMAP

SHOW POWERSUPPLY

SHOW PXE

SHOW SERIAL [ BIOS | EMBEDDED | VIRTUAL ]

SHOW SERVER

SHOW TEMP

SHOW TPM

SHOW UID

SHOW WOL

Bonding with more devices + vlan

Onemli 2 nokta.

1) modprobe.conf daki eth larin sirasi onemli yani yukardan-asagiya alias eth0 bnx2 - alias eth1 bnx2 gibi gitmeli Sacma !

2) Switch portunu resetle konfigurasyondan sonra. Duzgun conf yapmis bile olsan sapitabiliiyo .

Sw portu resetleyince switchden duzeliyor.

(modprobe bonding mode=balance-alb miimon=100)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

## mode=0 (round robin) mode=1 (active-backup) ##

# DO NOT USE # options bond0 miimon=100 mode=1 primary=eth0 max_bonds=2

alias bond0 bonding

alias bond1 bonding

options bonding max_bonds=2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[root@xxxx network-scripts]# cat ifcfg-*

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=bond0

BOOTPROTO=static

ONBOOT=yes

USERCTL=no

BONDING_OPTS="miimon=100 mode=1 primary=eth0"

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=bond0.10

BOOTPROTO=static

IPADDR=10.10.10.101

NETMASK=255.255.255.0

ONBOOT=yes

VLAN=yes

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=bond1

BOOTPROTO=static

ONBOOT=yes

USERCTL=no

BONDING_OPTS="miimon=100 mode=1 primary=eth2"

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=bond1.551

BOOTPROTO=static

IPADDR=192.168.251.101

NETMASK=255.255.255.0

ONBOOT=yes

VLAN=yes

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=eth0

BOOTPROTO=none

HWADDR=D8:D3:85:A3:83:F4

ONBOOT=yes

MASTER=bond0

SLAVE=yes

USERCTL=no

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=eth1

MASTER=bond0

SLAVE=yes

ONBOOT=yes

USERCTL=no

BOOTPROTO=none

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=eth2

HWADDR=D8:D3:85:A3:83:F8

ONBOOT=yes

MASTER=bond1

SLAVE=yes

BOOTPROTO=none

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=eth3

HWADDR=D8:D3:85:A3:83:FA

ONBOOT=yes

HOTPLUG=no

MASTER=bond1

SLAVE=yes

BOOTPROTO=none

# Intel Corporation 82571EB Gigabit Ethernet Controller (Copper)

DEVICE=eth4

BOOTPROTO=static

#HWADDR=00:23:7D:FB:57:8D

ONBOOT=yes

HOTPLUG=no

IPADDR=10.18.11.2

NETMASK=255.255.255.252

# Intel Corporation 82571EB Gigabit Ethernet Controller (Copper)

DEVICE=eth5

#HWADDR=00:23:7D:FB:57:8C

BOOTPROTO=static

ONBOOT=yes

HOTPLUG=no

IPADDR=10.18.11.6

NETMASK=255.255.255.252

DEVICE=lo

IPADDR=127.0.0.1

NETMASK=255.0.0.0

NETWORK=127.0.0.0

# If you're having problems with gated making 127.0.0.0/8 a martian,

# you can change this to something else (255.255.255.255, for example)

BROADCAST=127.255.255.255

ONBOOT=yes

NAME=loopback

USEFUL LINKS

------------------------

http://www.linuxfoundation.org/collaborate/workgroups/networking/bonding

http://www.cyberciti.biz/tips/linux-bond-or-team-multiple-network-interfaces-nic-into-single-interface.html

http://www.linuxhorizon.ro/bonding.html

20 Ekim 2010 Çarşamba

How to build a tunnel with OpenVPN and CAcert-certificates

http://wiki.cacert.org/openVPN

tshark

http://www.codealias.info/technotes/the_tshark_capture_and_filter_example_page

List of Linux Security Audit and Hacker Software Tools

http://www.yolinux.com/TUTORIALS/LinuxSecurityTools.html

install development tools on redhat centos

yum groupinstall 'Development Tools'

OpenVPN + MS IAS

Суть в том чтобы заставить клиентов OpenVPN авторизоваться через учетки в AD.

I. Ставим стандартные пакеты

apt-get install openvpn libpam-radius-auth libradiusclient-ng2 radiusclient1

II. Скачать исходники OpenVPN. И собрать дополнительный модуль для работы с pam, должны получить бинарик

/openvpn-2.1_rc15/plugin/auth-pam/openvpn-auth-pam.so

III. Конфиг openvpn сервера привести к такому виду. Сгенерить сертификаты.

/etc/openvpn/server.conf

port 1194

proto udp

dev tun

# CERT

ca ssl/ca.crt

cert ssl/server.crt

key ssl/server.key # This file should be kept secret

dh ssl/dh1024.pem

#

server 192.168.3.224 255.255.255.224

push "route 192.168.0.0 255.255.0.0"

push "route 172.16.0.0 255.255.0.0"

push "dhcp-option DNS 192.168.2.4"

client-to-client

duplicate-cn

keepalive 10 60

tls-server

tls-auth ssl/ta.key 0

tls-timeout 120

auth MD5

cipher BF-CBC

comp-lzo

user nobody

group nogroup

persist-key

persist-tun

status openvpn-status.log

log openvpn.log

log-append openvpn.log

verb 3

username-as-common-name

;auth-user-pass-verify scripts/auth-pam.pl via-file

plugin /etc/openvpn/scripts/openvpn-auth-pam.so radius

client-cert-not-required

IV. Создать свой файл pam модуля и прописать туда путь до библиотеки с pam_radius

/etc/pam.d/radius

#%PAM-1.0

account required /lib/security/pam_radius_auth.so

account required /lib/security/pam_radius_auth.so

auth required /lib/security/pam_radius_auth.so conf=/etc/pam_radius_auth.conf debug no_warn try_first_pass

Pam модуль авторизации с радиусом тоже требует некоторый конфиг, где указываем адреса домен контроллера и ключ авторизации клиента, который прописыватеся в IAS сервере, когда создаешь RADIUS-клиента.

/etc/pam_radius_auth

pdc.domain.local 123

bdc.domain.local 123

V. На сервере где стоит IAS создаем RADIUS-клиента с нашим IP адресом где стоит OpenVPN, даем ему пароль (в примере 123). Заходим в политики безопасности соединения,ставим галочку использовать PAP, иначе будем получать в логах

openvpn[16125]: pam_radius_auth: Sending RADIUS request code 1

openvpn[16125]: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned 438027072.

openvpn[16125]: pam_radius_auth: Got RADIUS response code 3

openvpn[16125]: pam_radius_auth: authentication failed

Клиентский конфиг приводим к такому виду, и кладем в туже папку где и конфиг корневой сертификат ca.crt и ключ проверки ta.key

client

dev tun

proto udp

remote _ADRESS_OPENVPN_SERVER_ 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

tls-client

tls-auth ta.key 1

auth MD5

comp-lzo

verb 3

auth-user-pass

Вроде все.

add comment | permalink | related link | ( 0 / 0 )

Configure Radius Authentication for SSH login Centos 5.2 Linux

Monday, October 4, 2010, 10:57 - -Unix/Linux

Posted by Guest

Using the plug-in modular nature of PAM we can get a linux server to use RADIUS to authenticate users connecting via SSH. This guide tells you how to setup a Centos 5.2 server as your Radius "client" and Juniper Steel-Belted as your radius server authentication "server". We are going to use the pam_radius_module from free radius to provide the mechanism of authenticating ssh logins against a radius box.

For this example my environment consists of

A centos 5.2 radius client called "cyclone"

A Steel-Belted Radius server is called "turbo"

A username of dave

Of course you will change these silly names to the hostnames or ip addresses that suit your own setup.

Preparation

We have to to build a radius client module for our centos linux server so some preperation is required on this box to enable us to do that. It isn't as complex as it sounds.

1. Install the correct development tools

Since the pam_radius_auth security module is not available in mighty yum repository we have to make this ourselves using the source files. To do this we need the correct C compiler this can be installed via yum using the following command

yum install gcc-c++

After a little while the C compiler will be installed an ready for use. The next requirement is the pam development module. This is also installed via yum with this command:

yum install pam-devel

2. Download the pam Radius source files.

You need to download the radius pam module here ftp://ftp.freeradius.org/pub/radius/

Choose the file pam_radius-1.3.17.tar.gz

This is done easily via the wget command. So from the centos machine run

wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.17.tar.gz

download this to a temporary folder where you can build the software from

I chose a directory called pam under my root users home directory

/root/pam

Once the file is downloaded unzip the file with gunzip

using the command

gunzip /root/pam/pam_radius-1.3.17.tar.gz

untar the file using the command

tar -xvf /root/pam/pam_radius-1.3.17.tar

this should then upack the contents into a directory structure like this

/root/pam/pam_radius-1.3.17

change to this directory and type

make

the system should then compile with something like the following output:

cc -Wall -fPIC -c pam_radius_auth.c -o pam_radius_auth.o

pam_radius_auth.c: In function âtalk_radiusâ:

pam_radius_auth.c:886: warning: pointer targets in passing argument 6 of ârecvfromâ differ in signedness

pam_radius_auth.c: In function âpam_sm_authenticateâ:

pam_radius_auth.c:1102: warning: assignment from incompatible pointer type

cc -Wall -fPIC -c -o md5.o md5.c

ld -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.so

this should create a file called

pam_radius_auth.so

copy this to the /lib/security/ folder.

Configure the Centos Server to use radius Authentication

1. Create a user you wish to login as, on the centos system. I am creating one called "dave" for this example.

useradd -d /home/dave/ dave

NOTE: There is no reason to set a password to this unix user as you will be using your radius account to provide the password.

2. Create the radius client configuration file folder structure.

Create a directory under the /etc folder called raddb.

So you have a directory path which looks like /etc/raddb

This is done like so

mkdir /etc/raddb

3. Copy the sample client configuration file pam_radius_auth.conf to /etc/raddb/server

This sample file is found in the unarchived folder you downloaded earlier - in my example so I would run:

cp /root/pam/pam_radius-1.3.17/pam_radius_auth.conf /etc/raddb/server

3. Edit the /etc/raddb/server to match the radius server "turbo".

open the /etc/raddb/server in an editor such as vi

Under the section that looks like

# server[:port] shared_secret timeout (s)

127.0.0.1 secret 1

other-server other-secret 3

Add a line that represents your radius server. You will need to enter your servers hostname or IP address and a sharesecret that you will need to assign in this file and on your radius server. So make a note of this password.

I am going to add my radius server "turbo" and specify a shared secret of "s3cret". So after editing my file looks like this

# server[:port] shared_secret timeout (s)

127.0.0.1 secret 1

turbo s3cret 3

Now edit the /etc/pam.d/sshd file. This file controls the authentication method for sshd service which facilitates SSH logins. We need to tell it to use the /lib/security/pam_radius_auth.so file we created compiled earlier.

Before the top line

auth include system-auth

add this line

auth required pam_radius_auth.so

so the first two lines will look like this

auth sufficient pam_radius_auth.so

auth include system-auth

This will tell the SSH service / daemon to use the radius protocol and server for authentication.

With this configuration the SSHD will also check local system sccount passwords as a fall back. This means you can log in as root or other unix local accounts should your radius server be off line.

NOTE! You are changing the authentication method for logging in to your centos box via SSH. Make sure you can get into it via console (monitor mouse and keyboard) in case this goes wrong and you get locked out of SSH

Configure your Steel Belted Radius Server

1. Setup Cyclone as a radius client

Right "Click Radius Clients"

Click ADD

In the Add RADIUS client window add the IP address or hostname of the centos cyclone box and add the shared secret we decided on earlier in this example "s3cret"

2. Add a username on the radius box "turbo"

Right Click "users"

Click Add

Add a native user and set a password.

Test a Logon to the Centos SSH service

Fire up your SSH client

Connect to the box and login as the user and password you set on radius server earlier. In my case "dave"

If it lets you voila - job done. You have used the radius server to provide SSH authentication. If it doesn't then you might start by looking in the /var/log/secure/file for clues. Also the centos forum is pretty good I often find some helpful people on there - if you are really desperate you can leave a comment here! :)

add comment | permalink | related link | ( 0 / 0 )

Easy openVPN Server in CentOS 5.3

Monday, October 4, 2010, 10:57 - Redhat

Posted by Guest

1. Install necessary library

yum install lzo lzo-devel zlib zlib-devel

2. At this moment openssl should already installed.

(A required package for a server)

3. Install the openvpn package

yum install openvpn

4. Copy necessary sample scripts and configuration file

cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/

cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn

cp /usr/share/doc/openvpn-2.0.9/easy-rsa/openssl.cnf /etc/openvpn

5. Before running scripts, make sure that it has the executable permission.

If not perform the following:

cd /etc/openvpn/easy-rsa

chmod +x clean-all

chmod +a build*

6. Modidy you CA configuration

vi /etc/openvpn/easy-rsa/vars

export KEY_COUNTRY=AU

export KEY_PROVINCE=VIC

export KEY_CITY=MELBOURNE

export KEY_ORG=”THROXVPN”

export KEY_EMAIL=”name@email.com”

7. Save your modified settings and run:

. ./vars

mkdir /etc/openvpn/keys

./clean-all

8. Now your configuration is ready, create your server CA authentication files

cd /etc/openvpn/easy-rsa

./build-ca

9. Build your server keys

./build-key-server vpnserver

10. Building Diffie Hellman file

./build-dh

11. Modify the sample /etc/openvpn/server.conf

mode server

client-to-client

port 1194

proto tcp

dev tun

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/server.crt

key /etc/openvpn/keys/server.key

dh /etc/openvpn/keys/dh1024.pem

server 10.10.10.0 255.255.255.0

ifconfig-pool-persist ipp.txt

keepalive 10 120

comp-lzo

user nobody

group nobody

persist-key

persist-tun

status /var/log/openvpn-status.log

log /var/log/openvpn.log

verb 3

mute 20

12.Please note of the ipp.txt which contains something like this

client1,10.10.10.4

client2,10.10.10.5

13. Configure the services to autostart and eventually start the service

service openvpn restart

/etc/init.d/openvpn start

14. Server is up at this moment. You can now create keys for each of your client.

15. Done.

add comment | permalink | related link | ( 0 / 0 )

Install OpenVPN Server on CentOS 5.4

Monday, October 4, 2010, 10:55 - Redhat

Posted by Guest

Sat, 04/03/2010 - 19:21 | admin

There are many guys asking me how to install OpenVPN on CentOS 5.2/5.4. I have a server with that system (minimal installation) exactly and I cannot find an all correct guide for this setup step. So I decide to write this post.

You cannot count on the post to explain what OpenVPN is. But if you just wanna a simple guide for installation, you’ve got it.

Preparation:

1 A server running with CentOS 5.2/5.4. I don’t know which services you’ve installed, so I have to install all necessary components by bash command. You can skip that command if you know that is installed.

2 A KVM, an SSH client or another way to connect to your server.

3 You must know how to use tool vi to edit file.

Setup guide:

All blue texts should be typed into bash command line, and press Enter after each command. All black texts are just commit. Read them as you wish.

Install some tools.

yum install -y wget Install a tool for downloading packages.

yum install -y iptables Install the controller for inputting firewall rules.

Configure yum to install OpenVPN

yum install -y yum-priorities Let your yum to install more packages.

cd /tmp

wget http://packages.sw.be/rpmforge-release/ ... f.i386.rpm for x86 (32bit) only

wget http://packages.sw.be/rpmforge-release/ ... x86_64.rpm for x64 (64bit) only

rpm -i rpmforge-release-0.5.1-1.el5.rf.*.rpm

yum check-update

Install OpenVPN

yum install -y openvpn

Configure OpenVPN Server

cd /etc/openvpn/

cp -R /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/

cd /etc/openvpn/easy-rsa/2.0/

. ../vars There is a space between the 1st and 2nd dot.

chmod +rwx *

source ./vars

vi ../vars Modify the last several lines of this file to match your location and org name.

vi vars Modify the last several lines of this file to match your location and org name.

./build-ca Input your location and org name.

source ./vars

./clean-all

./build-ca Always press enter directly. You can verify your infomation in this step.

./build-key-server server Answer y twice for the 2 questions in the end, press enter directly for others.

Configure OpenVPN Setting. Following this post, you will get a server running at port 1194 with UDP protocol, and the sub network for VPN clients is 10.0.0.0/24. You can modify this document with the rest commands synchronously.

vi /etc/openvpn/openvpn.conf Create setting file.

Type all green text below to the edit form of vi.

port 1194 Use port 1194.

proto udp Use udp protocol. You can change this into tcp as you wish. It seems that udp is faster. Tcp can be used when you are using a udp banned network.

dev tun Mode. You can choose tun or tap. I don’t wanna explain this.

ca ca.crt

cert server.crt

key server.key

dh dh1024.pem

server 10.0.0.0 255.255.255.0 Sub network for VPN clients

push "dhcp-option DNS 208.67.222.222" Use DNS of OpenDNS.

push "dhcp-option DNS 208.67.220.220" Use DNS of OpenDNS.

push "redirect-gateway" Let all traffic from client to go though with this VPN server. Remove this line if you don’t want it.

ifconfig-pool-persist ipp.txt Let OpenVPN server to record the last used IP for each client, which allows client to use the same IP when reconnected.

keepalive 10 120

comp-lzo Enable compression for saving bandwidth.

user nobody

group users

persist-key

persist-tun

status openvpn-status.log

verb 3

client-to-client Allow clients to communicate with each others. Remove this line if you dont’t want it.

Save this file.

cp keys/{ca.crt,ca.key,server.crt,server.key} /etc/openvpn/

./build-dh This may take a while.

cp keys/dh1024.pem /etc/openvpn/

/etc/init.d/openvpn start Service starts!

chkconfig --list | grep vpn

Create key for each client.

The working folder is /etc/openvpn/easy-rsa/2.0 and you can verify it by typing pwd if you like. If it’s not, type cd /etc/openvpn/easy-rsa/2.0 to change it. Run source ./vars if needed.

Run this command for each client.

./build-key Answer y twice for the 2 questions in the end, press enter directly for others. Change to client name.

Final steps and add some firewall rules

service iptables start Start the iptables service.

iptables -A INPUT -i eth0 -p udp --dport 1194 -j ACCEPT Allow udp datagrams to be received from port 1194 of your nic eth0. Notice that there are 2 hyphens before dport.

iptables -A OUTPUT -o eth0 -p udp --dport 1194 -j ACCEPT Allow udp datagrams to be sent from port 1194 of y0ur nic eth0. Notice that there are 2 hyphens before dport.

iptables -A INPUT -i tun0 -j ACCEPT Allow traffic from OpenVPN nic tun0. Change it to tap0 if you use tap mode in server configuration.

iptables -A OUTPUT -o tun0 -j ACCEPT Allow traffic from OpenVPN nic tun0. Change it to tap0 if you use tap mode in server configuration.

iptables -A FORWARD -o tun0 -j ACCEPT Allow traffic from OpenVPN nic tun0. Change it to tap0 if you use tap mode in server configuration.

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE Enable NAT.

/etc/init.d/iptables save Save iptables’ rules.

/etc/init.d/iptables restart Restart iptables service.

chkconfig iptables on Let iptables be started automatically.

chkconfig openvpn on So is openvpn.

vi /etc/sysctl.conf

Find a line with text net.ipv4.ip_forward = 0, change it into net.ipv4.ip_forward = 1, and save this file.

You’ve finished the configuration of server. Please restart it.

shutdown -r now

All certifications and key files can be found at /etc/openvpn/easy-rsa/2.0/keys. You should download ca.crt, .key and .crt to each client computer.

I’ll go on to create an OpenVPN client in Windows for example.

Download and install OpenVPN Windows Version.

Copy ca.crt, .key and .crt to its config folder (c:\Program Files (x86)\OpenVPN\config\ or c:\Program Files\OpenVPN\config\ by default). You can create a sub folder for each server to make it possible to connect to many servers, not at the same time :) .

Create a text file with extension “ovpn” in the folder which contains these 3 files with all green text below.

client

dev tun

proto udp

remote 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert .crt

key .key

ns-cert-type server

comp-lzo

verb 3

Save this file.

Start OpenVPN Client, right click the icon in the system tray and connect the server. If you are running Windows Vista / 7 or Windows Server 2008 / 2008 R2, you have to run this program as administrator coz Route.exe which will be run by OpenVPN need this.

I hope you get it though.

how to turn on uid light under linux for HP DL servers

hpasmcli -s 'SET UID ON'

hpasmcli -s 'SET UID OFF'

OpenVPN

good documents

http://www.dd-wrt.com/wiki/index.php/OpenVPN

http://www.slackwiki.org/OpenVPN

http://wiki.mikrotik.com/wiki/OpenVPN

http://www.blog.joinvps.com/installing- ... r-openvpn/

http://blog.namran.net/2010/02/08/insta ... entos-5-4/

http://blog.vpire.com/?p=1114

http://library.linode.com/networking/vp ... n-centos-5

http://serverfault.com/questions/87195/ ... g-question

fwanalog

fwanalog is a shell script that parses and summarizes firewall logfiles.

DNS BIND Zone Transfers and Updates

http://www.zytrax.com/books/dns/ch7/xfer.html

Security Blanket

http://www.trustedcs.com/SecurityBlanket/SecurityBlanket.html

nrpe installation on redhat with ssl support

yum provides */ssl.h

yum install openssl-devel

in Ubuntu apt-get install libcurl3-openssl-dev

linux network security toolkit password

At this point, you will need to log in as the system administrative user: "root" and an initial password of: "nst2003".

To disable the Fibre Agent on hp server

To disable the Fibre Agent:

1.

Log in to the ESX host service console.

2.

Stop all management agents with the commands:

# service hpasm stop

# service hpsmhd stop

Note: The agents must be stopped before making this change rather than issuing a service restart command because the kill script for these agents do a check against the exclude list in cma.conf file and do not issue kill commands during a service restart to processes it does not think should be running. As a result, the problematic processes continue to run and SCSI reservation conflicts persist until they are manually killed or a reboot is initiated.

3.

Open the file /opt/compaq/cma.conf in a text editor.

4.

Add exclude cmahost cmahostd cmafcad to the top of the file.

5.

Save the file and exit the editor.

6. Start the managements on the host with the commands:

# service hpasm start

# service hpsmhd start

Note: The steps required to disable portions of the HPIM agent may vary depending on the version of HPIM management agent. For more information, consult the HPIM documentation or support.

iphone firmwares

http://www.iclarified.com/entry/index.php?enid=750

HOW TO: Downgrade iPhone OS 4.0 To 3.1.3 [ Mac and Windows ]

http://www.funkyspacemonkey.com/downgrade-iphone-os-40-313-mac-windows

iptables local port forwarding

iptables -t nat -A OUTPUT -d 10.34.34.165 -p tcp --dport 10002 -j REDIRECT --to-ports 10001

iptables -t nat -A PREROUTING -d 10.34.34.165 -p tcp --dport 10002 -j REDIRECT --to-ports 10001

if you map a port via ssh -L into your localhost then you need to use above in order to reach the port you forwarded via your eth0(real) ip

which means localhost(127.0.0.1):port

iptables port forwarding

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

==3D=> 80. porta gelenleri 8080 e yonlendirir.

thy online rezervasyon

thy.com.tr den normal rezervasyon yaptirip ucagini gidececegin ntarihide sectikten sonra odemeyi havale ile yaparsan opsiyonlu rezarvasyon yapiyosun. mail atiyo bilgilendirme icin.

du and df is different results lsof

disk usage of all subdirectories and files including hidden files within the current directory (sorted by filesize) :

du -sk .[!.]* *|sort -n

or

du -schx * is much better

Why the discrepancy? Occasionally extremely large files that have been recently deleted will still hold onto their resources; this can be discovered by running lsof (in this case, lsof +L1). Oftentimes, a reboot will clear this.

lsof +L1

how to change hostname on Solaris 9-10

find . -type f -print | xargs grep -i HOSTNAME

then change all files that u found at least some of them below

/etc/hosts, /etc/nodename and /etc/hostname.xxx

How to disable ASR on HP based servers

1) Stop the HPASM Service

2) Remove the hp-OpenIPMI driver

rpm -qi hp-OpenIPMI

rpm -e hp-OpenIPMI

3) Start the HPASM Service

determine how many process is running at the same port in linux (local processes)

netstat -anp | grep 8011 | wc -l

vpn connection with ubuntu

https://wiki.ubuntu.com/VPN

The VPN connection 'xxxxx' failed because there were no valid VPN secrets.

I think I solved the problem.

The source of the problem is - the application nm-pptp-auth-dialog wants to access the keyring to search for the password.

The problem: there is no such record in the keyring table. so it returns an error. Due to a bug, the application do not append the record in the first place!

solution:

make a new VPN connection. Connect to it. Click Deny when prompted: "Allow application to access keyring?"

then enter the password manually, and check "Save password in keyring"

then click Allow Always

and Wallah, you have just created the required entry in the keyring! You'll no longer have "no secerts" problem!

(goto applications > accessories > keyring manager > passwords to see it!)

Hope this helps. Please let me know if it doesn't.

pptp vpn client setup

Open Network Configuration (Start, System, Preferences).

Highlight your VPN connection, hit Edit.

At IPv4 Settings Tab: choose method Automatic (VPN).

At VPN Tab:

1 - input the IP address of the target computer.

2 - input your user name. Leave all else blank.

3 - hit Advanced button.

At Authentication:

1 - UNcheck PAP (because PAP means to allow unsecured passage - this is the source of "no shared shared secrets")

2 - Check CHAP, MSCHAP and MSCHAPv2.

At Security and Compression:

1 - Check Use Point-to-point encryption (MPPE)

2 - Select 128-bit (most secure).

3 - Check Allow stateful encryption.

At Echo: check Allow PPP echo packets.

Leave all else blank. Hit OK, OK to save and get out.

Note: Your password is requested on VPN startup. I did not try to add it to the keyring.

nemesis means !

Do you know what "nemesis" means?

A righteous infliction of retribution manifested by an appropriate agent.

Personified in this case by an 'orrible cunt... me.

http apache redirect page

apache de bu isin 2 yolu var ;

1. alias

Alias / http://www.whatever.com

2. redirect

Redirect permanent / https://www.whatever.com/

rpm check version of a package

rpm -qa | grep hpacucli

Youtube ip address

74.125.45.32 www.youtube.com

powered paraglider paramotor parachute ppg trike

http://cgi.ebay.com/powered-paraglider-paramotor-parachute-ppg-trike-/150463050217?cmd=ViewItem&pt=LH_DefaultDomain_0&hash=item23084bf1e9

Linux Commands

http://www.pixelbeat.org/cmdline.html

free fax server

http://faxzero.com/

Video Entertainments

http://www.eternalfun.com/

Cisco Tips

1. show version: Start simple; this command gives uptime, info about your software and hardware and a few other details.

2. show ip interface brief: This command is great for showing up/down status of your IP interfaces, as well as what the IP address is of each interface. It's mostly useful for displaying critical info about a lot of interfaces on one easy to read page.

3. show interface: This is the more popular version of the command that shows detailed output of each interface. You'll usually want to specify a single interface or you'll have to hit 'page down' a lot. This command is useful because it shows traffic counters and also detailed info about duplex and other link-specific goodies.

4. show ip interface: This often overlooked command is great for all the configuration options that are set. These include the switching mode, ACLs, header compression, ICMP redirection, accounting, NAT, policy routing, security level, etc. Basically, this command tells you how the interface is behaving.

5. show ip route: This indispensable command shows your routing table, which is usually the primary purpose of the box. Get to know the options on this command.

6. show arp: Can't ping a neighbor? Make sure you're getting an arp entry.

7. show running-config: This is an easy one. It tells you how the box is configured right now. Also, "show startup-config" will tell you how the router will be configured after the next reboot.

8. show port: Similar to the show interface command on routers, this command gives you the status of ports on a switch.

9. show vlan: With the trend toward having lots of VLANs, check this command to make sure your ports are in the VLANs you think they are. Its output is very well designed.

10. show tech-support: This command is great for collecting a lot of info. It basically runs a whole bunch of other show commands, and spits out dozens of pages of detailed output, designed to be sent to technical support. But, it's also useful for other purposes.

Cisco PIX vpn

http://roggyblog.blogspot.com/2009/10/pixasa-site-to-site-l2l-vpn-with_27.html

South Park - Chef - Chocolate Salty Balls

http://www.youtube.com/watch?v=lnNYXgV7L-c&feature=related

South Park - Chef - No Substitute

http://www.youtube.com/watch?v=lnNYXgV7L-c&feature=related

Bruce Schneier

Bruce Schneier (born January 15, 1963,[1] pronounced /ˈʃnaɪər/) is an American cryptographer, computer security specialist, and writer. He is the author of several books on computer security and cryptography, and is the founder and chief technology officer of BT Counterpane, formerly Counterpane Internet Security, Inc. He received his master's degree in computer science from the American University in Washington, DC in 1988[2].

vlan

http://www.hakanuzuner.com/index.php/vl ... syonu.html

http://www.cyber-security.org.tr/Madde/ ... DAPTASYONU

Universite aktiviteler

http://www.uniaktivite.net/aktiviteler/ara

DDoS

http://www.cozumpark.com/blogs/gvenlik/archive/2010/06/14/ddos-sald-r-analizi.aspx

Cisco Aironet 1200

http://www.ciscotr.com/forum/archive/index.php/t-2780.html

sonicwall documents

http://www.cozumpark.com/tags/sonicwall/default.aspx

http://www.hakanuzuner.com/index.php/category/sonicwall

http://www.sonicwall.com/downloads/SOS2 ... verlap.pdf

http://www.tek-tips.com/viewthread.cfm? ... amp;page=5

http://www.sonicwall.com/downloads/VPN_ ... tworks.pdf

http://www.sonicwall.com/downloads/SOS2 ... verlap.pdf

http://www.sonicwall.com/downloads/conf ... tworks.pdf

http://www.sonicwall.com/downloads/Brid ... _Guide.pdf

putty connection manager

http://puttycm.free.fr/cms/index.php?option=com_content&view=category&layout=blog&id=41&Itemid=55

How to Install Java Runtime Environment (JRE) in Ubuntu 9.04 (Jaunty)

http://www.ubuntugeek.com/how-to-install-java-runtime-environment-jre-in-ubuntu-904-jaunty.html

Linux - hpacucli

http://www.datadisk.co.uk/html_docs/redhat/hpacucli.htm

change speed of ethernet

ethtool -s eth0 speed 100 duplex full autoneg off

hp PSP notes

[root@ocmp321 ~]# hpacucli

=> ctrl all show config detail

ctrl slot=1 pd all show

help create (for create raid array)

-----------

omniusers -add -type W -usergroup "admin" -name "*" -group "*" -client "*"

-----

omnisv -status

-----

hponcfg -w aaa (ilo ayarlarini falan dosyaya yazar)

raid conf on hp dl serial hpacucli

[root@ocmp321 ~]# hpacucli

=> ctrl all show config detail

ctrl slot=1 create type=ld drives=allunassigned raid=1

help create

hp ilo settings from console

omniusers -add -type W -usergroup "admin" -name "*" -group "*" -client "*"

------

omnisv -status

------

hponcfg -w aaa (ilo ayarlarini falan dosyaya yazar)

sendmail resend flush queue

resend queue

sendmail -q -v

flush queue

find /var/spool/mqueue -name "qf*" -delete

Wake on Lan WOL

http://ubuntuforums.org/showthread.php?t=234588

gwakeonlan (gnome tool)

download tool for windows

drop a package on specific port with iptables

iptables -A INPUT -p tcp -s 0/0 -d 10.x.x.x --dport 8080 -j DROP

terminal too wide

stty columns 120

check ethernet link

mii-tools -v

ethtool ethx

how to find which daemon use which port

netstat -npl

or

lsof -Pnl +M -i4

or

lsof +L1

nfs mount options

192.168.x.x:/vol/netapp1 /netapp1 nfs rw,bg,rsize=65536,wsize=65536,hard,nointr,proto=tcp,timeo=600

edit on server side

/etc/export

/files/oraclebackup/ * (rw,sync)

drbd format db disk

DRBD Notes

# dd if=/dev/zero of=/dev/sda2 bs=1M count=128

masquerade

iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp1 -j MASQUERADE

smart disk healty check with smartctl

smartctl -a -i -d cciss,0 /dev/cciss/c0d0

awful snuff movie ever

http://en.wikipedia.org/wiki/Cannibal_Holocaust

xserver for windows

http://sourceforge.net/projects/xming/

directory listing with PHP

http://www.evoluted.net/community/code/directorylisting.php

Solaris Tips and Tricks

http://sysunconfig.net/unixtips/solaris.html

Ubuntu server as an Active Directory member server

http://ubuntuforums.org/showthread.php?t=280702

HOWTO: use gnome-dictionary offline (& faster)

http://ubuntuforums.org/archive/index.php/t-145949.html

iPhone 1.1.2 and Ubuntu Linux

http://www.control-d.com/?page_id=25

Disable call forwarding active popup on iPhone

Unconditional forwarding:

Forward service: All Calls

Activate: *21*phone_number#

Cancel & Deregister: ##21#

Cancel & Retain: #21#

Status: *#21#

Reestablish: *21#

Conditional forwarding:

Forward service: If Busy

Activate: *67*phone_number#

Cancel & Deregister: ##67#

Cancel & Retain: #67#

Status: *#67#

Reestablish: *67#

Forward service: If Not Answered

Activate: *61*phone_number#

Cancel & Deregister: ##61#

Cancel & Retain: #61#

Status: *#61#

Reestablish: *61#

Forward service: If Out of Reach

Activate: *62*phone_number#

Cancel & Deregister: ##62#

Cancel & Retain: #62#

Status: *#62#

Reestablish: *62#

Simultaneous forwarding:

Forward service: All Forwards

Activate: *002*phone_number#

Cancel & Deregister: ##002#

Cancel & Retain: #002#

Status: *#002#

Reestablish: *002#

Forward service: All Conditional Forwards

Activate: *004*phone_number#

Cancel & Deregister: ##004#

Cancel & Retain: #004#

Status: *#004#

Reestablish: *004#

disable ads on gmail and other on firefox

http://dejitarob.wordpress.com/2007/11/05/block-advertisements-in-the-new-gmail-or-anything-else/

How to Enable TCP/IP Forwarding in Windows XP

# In Registry Editor, locate the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

# Set the following registry value:

Value Name: IPEnableRouter

Value type: REG_DWORD

Value Data: 1

LVM

umount ettikden sonra fsck yap.

vgs

lvs

lvmdiskscan

vgdisplay VolGroup00

lvresize -L -1G /dev/vg01/lv01 (lv den 1g cikarir. +1 de ekler)

vgremove VolGroup01

pvscan List all physical volumes

vgextend VolGroup00 /dev/cciss/c0d0p3

lvremove /dev/VolGroup00/space_vol

lvcreate -n wap_vol -l 65535 VolGroup00 (full fill eder kalan diski)

(-L xG ise kac gb vericeksen)

lvdisplay

mkfs.ext3 /dev/VolGroup00/wap_vol

mkdir /wap

vi /etc/fstab icinde eski satiri sil gerekirse asagidaki satir olmasi gerekn

/dev/VolGroup00/wap_vol /wap ext3 defaults 1 2

-----------

shrink lv

-----------

http://www.netadmintools.com/art367.html

umount

e2fsck -f /dev/volgroup/logicalvol

resize2fs /dev/volgroup/logicalvol 48G

lvresize -L -1G /dev/vg01/lv01

mount /dev/volgroup/logicalvol /mnt

df

lvreduce -L -8G /dev/volgroup/logicalvol

mount /dev/volgroup/logicalvol /mnt

df

-----------

Links

-----------

http://www.redhat.com/docs/manuals/ente ... e-lvm.html

http://www.redhat.com/magazine/009jul05/features/lvm2/

http://it.toolbox.com/wiki/index.php/Sa ... _Linux_LVM

Split files with tar

Just type the following in a console window:

Code:

tar cvzf - filename.iso | split -d -b 700m - filename.iso.tar.gz.

This wil produce the following files:

filename.iso.tar.gz.1

filename.iso.tar.gz.2

filename.iso.tar.gz.3

...

Then later if you want to restore the iso, first copy all te parts in one directory, and then type

Code:

cat filename.iso.tar.gz.* | tar xvzf -

That will give you back your original ISO.

Sun Solaris AUTOMOUNTER PSD/FAQ

http://www.sunhelp.org/faq/autofs.html

alternative iphone ultrasn0 repo sources

Add http://sinfuliphonerepo.com source in Cydia

or

http://musclenerd.com

check releative link also for original post

data recovery on linux

testdisk package

solaris pkg-get package management

http://www.bolthole.com/solaris/pkg-get.html

http://www.idevelopment.info/data/Unix/Solaris/SOLARIS_UsingPackageManageronSolaris.shtml

http://www.sunfreeware.com/

or

pkgadd -d packet (add)

pkrm packet (remove)

Move the Minimize, Maximize, Close buttons to the Right in Ubuntu 10.04 Lucid Lynx

To move it back to the right, you will need to launch Configuration Editor (Alt+F2 and type in gconf-editor) and then navigate to apps>metacity>general. Look for button_layout on the right hand pane and double click on it to edit it. You should change it from

maximize,minimize,close:

to

menu:minimize,maximize,close

iPhone + Linux tethering via USB cable!

http://dev.squarecows.com/2009/05/06/iphone-linux-tethering-via-usb-cable/

BGP

http://avi.freedman.net/fromnetaxs/bgp/bgp.html

X server for windows (free)

http://www.straightrunning.com/XmingNotes/

DRBD and Linux HA solution

http://www.linux-ha.org/

http://www.drbd.org/

Masquerading Made Simple HOWTO

$> modprobe ipt_MASQUERADE # If this fails, try continuing anyway

$> iptables -F; iptables -t nat -F; iptables -t mangle -F

$> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43

$> echo 1 > /proc/sys/net/ipv4/ip_forward

Then to secure it:

$> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$> iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT

$> iptables -P INPUT DROP #only if the first two are succesful

$> iptables -A FORWARD -i eth0 -o eth0 -j REJECT

Or for a dial-up connection (with eth0 as the internal network card):

$> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT

$> iptables -P INPUT DROP #only if the first two are succesful

$> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT

$> iptables -F; iptables -t nat -F; iptables -t mangle -F