Monday, December 8, 2014
Mounting HFS+ MAC filesystem into Redhat Linux 6
Mounting HFS+ filesystem into Redhat Linux 6
# rpm --import http://elrepo.org/RPM-GPG-KEY-elrepo.org
# rpm -Uvh http://www.elrepo.org/elrepo-release-6-6.el6.elrepo.noarch.rpm
Check (http://elrepo.org/tiki/tiki-index.php) for your version of redhat/centos
# yum install kmod-hfsplus
Connect the drive, it should automatically mounted or mount using following commands:
# fdisk -l
Note down device name e.g /dev/sdb1 with correct size (if 1 TB hard disk, it may show 1000GB)
# mkdir /Externaldrive
# mount /dev/sdb1 /Externaldrive
# cd /Externaldrive
# ls //to list content of the drive
Tuesday, October 14, 2014
Installing Zabbix - Network Monitoring System
ZABBIX Network Monitoring System
Red Hat Enterprise Linux / CentOS
Supported for versions: RHEL 5, RHEL 6, Oracle Linux 5, Oracle Linux 6, CentOS 5, CentOS 6
Installing repository configuration package
Install the repository configuration package. This package contains yum configuration files.
Zabbix 2.2 for RHEL5, Oracle Linux 5, CentOS 5:
# rpm -ivh http://repo.zabbix.com/zabbix/2.2/rhel/5/x86_64/zabbix-release-2.2-1.el5.noarch.rpm
Zabbix 2.2 for RHEL6, Oracle Linux 6, CentOS 6:
# rpm -ivh http://repo.zabbix.com/zabbix/2.2/rhel/6/x86_64/zabbix-release-2.2-1.el6.noarch.rpm
Installing Zabbix packages
Install Zabbix packages. Example for Zabbix server and web frontend with mysql database.
Note: Zabbix official repository provides fping, iksemel, libssh2 packages as well. These packages are located in the non-supported directory.
# yum install zabbix-server-mysql zabbix-web-mysql
Example for installing Zabbix agent only.
# yum install zabbix-agent
Creating initial database
Create zabbix database and user on MySQL.
# mysql -uroot mysql> create database zabbix character set utf8 collate utf8_bin; mysql> grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbix'; mysql> exit
Import initial schema and data.
# cd /usr/share/doc/zabbix-server-mysql-2.2.0/create # mysql -uroot zabbix < schema.sql # mysql -uroot zabbix < images.sql # mysql -uroot zabbix < data.sql
Starting Zabbix server process
Edit database configuration in zabbix_server.conf
# vi /etc/zabbix/zabbix_server.conf DBHost=localhost DBName=zabbix DBUser=zabbix DBPassword=zabbix
Start Zabbix server process.
# service zabbix-server start
Editing PHP configuration for Zabbix frontend
Apache configuration file for Zabbix frontend is located in /etc/httpd/conf.d/zabbix.conf. Some PHP settings are already configured.
php_value max_execution_time 300 php_value memory_limit 128M php_value post_max_size 16M php_value upload_max_filesize 2M php_value max_input_time 300 # php_value date.timezone Europe/Riga
It's necessary to uncomment the “date.timezone” setting and set the right timezone for you. After changing the configuration file restart the apache web server.
# service httpd restart
# sestatus
# setenforce 0
To change selinux mode to permissive. (Otherwise it wont let you grab info from zabbix server).
Zabbix frontend is available at http://localhost/zabbix in the browser. Default username/password is Admin/zabbix.
Tuesday, October 7, 2014
BPDU Guard vs BPDU Filter
In a stunning moment of clarity I figured out the two. It did take far longer that what was required but I feel now I can tick these two technologies off as being understood why you would use them and when you would use them.
Bridge Protocol Data Unit’s known also as BPDU’s play a fundamental part in a spanning-tree topology. No matter your flavour you will have BPDU’s.
BPDU – A quick breakdown
BPDU’s are sent out by a switch to exchange information about bridge ID’s and cost’s of the root path. A switch will use it’s MAC address and sent it to the STP multicast address of 01:80:c2:00:00:00. There are Configuration BPDU’s, Topology Change Notification BPDU’s and Topology Change Notification Acknowledgement BPDU’s. Exchanged at a frequency of every 2 seconds by default, BPDU’s allow switches to keep a track of network changes and when to block or forward ports to ensure a loop free topology.
BPDU Guard
BPDU Guard is designed to protect your switching network. Remember that a Port-fast port is designed to be connected to a device where BPDU’s aren’t expected. This could be a end user device, server or access-point. When an unexpected BPDU is detected (an end-user wants to plug in a switch in his cubicle) the port will shutdown and enter a err-disable state.
When enabled globally this is a fantastic solution to protecting port-fast ports on access switches where you don’t expect a switch to be plugged in. BPDU guard when enabled on a per port interface, is conditional. It requires the port to be portfast enabled. If you require BPDU guard to be enabled unconditionally then you must do that on the port itself.
Global
Interface
BPDU Filter
Initially I was stumped as to why you would use this. Why on earth would you want to stop BPDU’s from being sent or received on a port. I immediate though it was ludicrous. It wasn’t until I had a discussion with the man of infinite wisdom @networkjanitor (Kurt Bales) did I understand it’s use. The point of demarcation is a fantastic place to use BPDU filter. When an ISP hands off a tail in the DC from their switch infrastructure, neither party want’s anything to do with the others STP topology. This one of the uses of this feature. Probably the best one I have found.
First of all, BPDU filter disables spanning-tree on a port period. It does this by restricting sending and receiving BPDU’s. Simple enough. When enabled on a global level, BPDU filter will apply to all portfast ports. When a port links up it will transmit some BPDU’s out before the port starts to filter BPDUs.
Remember that if a BPDU is received on a portfast interface, the interface will lose portfast status and because BPDU filtering relies on this it will become disabled.
Global
Interface
Anthony’s Wrap
I’ve used BPDU guard a whole lot. After learning at college you could bring down an entire block of lab’s with a switch configured a certain way, I made sure that no network under my jurisdiction would suffer the same fate. Couple BPDU guard with err-disable recovery and you have protection. BPDU filter could also be placed on access layer ports too. Another way to negate pesky attacks from inquisitive minds.
source: http://networkinferno.net/clarity-bpdu-guard-vs-bpdu-filter
Renewing an IIS 7 SSL Certificate
Renewing an IIS 7 SSL Certificate
If you are renewing your GeoTrust SSL certificate running on Microsoft Internet Information Services (IIS) 7, you will need to perform some simple tasks from your IIS 7 web server before placing an order to renew your expring SSL certificatate.
Generate Renewal Certificate Request File (CSR)
|
Checking MD5 & SHA1 Checksums
Checking MD5 & SHA1 Checksums
Linux
Move the downloaded file and the associated MD5 hash file to a folder and execute the following command from the command line.
md5sum -c datei.md5
To check the SHA1 file, execute the following command similarly.
sha1sum -c datei.sha1
Example
benutzer:~/Ordner$ ls datei.iso datei.md5 benutzer:~/Ordner$ md5sum datei.iso 161a1957728be5d530c3fab67ac40652 datei.iso benutzer:~/Ordner$ cat datei.md5 161a1957728be5d530c3fab67ac40652 datei.iso benutzer:~/Ordner$ md5sum -c datei.md5 datei.iso: OK
Windows
Move the downloaded file and the associated MD5 hash file to a folder and execute the following command using the fciv.exe.
fciv.exe -v -md5 datei.md5
To check the SHA1 file, execute the following command similarly.
fciv.exe -v -sha1 datei.md5
If the checksums agree then the downloaded file is free from errors.
Generating MD5 & SHA1 Checksums
Linux
To create an MD5 file for a file that you would like to provide for downloading, enter the following command from the command line.
md5sum datei > datei.md5
tail -c 10MB datei | md5sum > datei.md5 (If you want to calculate checksum or fingerprint based on last 10M data on the file which is OK and fast)
To create a SHA1 file, execute the following command similarly.
sha1sum datei > datei.sha1
Windows
To create an MD5 file for a file that you would like to provide for downloading, enter the following command using fciv.exe.
fciv.exe -add -md5 datei.md5
To create a SHA1 file, execute the following command similarly.
fciv.exe -add -sha1 datei.sha1
Security Instructions
MD5 is now no longer considered secure, because various file exhibiting the same MD5 checksums can be created with little effort, as has been proven.In this manner, an attacker can create an infected file, whose hash value agrees with the original checksum during the test, even though the content is different than the original file.
Progress has also be made in attacking SHA1.However, SHA1 is still not considered to have been hacked. The reason for this is that attacks on SHA1 require too much time for daily use.
Exporting/Importing VMs in Xenserver using 'xe' command
Exporting VM to xva using 'xe' command:
Importing .xva file to VM using 'xe' command:
#xe vm-import filename=/mnt/Export/<name of ova.xml> \\It imports the VM into default SR (Storage Repository) and returns uuid of imported VM on success.
#xe vm-import filename=/mnt/Export/<name of ova.xml> \\It imports the VM into default SR (Storage Repository) and returns uuid of imported VM on success.
Note: If multiple xenserver are in a pool, it selects default shared SR. To import into SR other than default one, execute following commands:
#xe sr-list \\To display list of Storage Repository and its details including uuid
#xe vm-import filename=/mnt/Export/<name of xva> force=true sr-uuid=<uuid of desitination SR> preserve=true \\Preserve=true preserves the original MAC address of the VM.
Note: To check md5 checksum of exported/downloaded file before importing: http://www.thomas-krenn.com/en/wiki/Using_Md5sum_und_sha1sum_for_Checking_Downloaded_Files
Subscribe to:
Posts (Atom)