My Blog 2017-07-16T04:28:41+00:00

SSL auth with .p12 – Root CA and .p12

January 31st, 2018|Categories: Linux, Ubuntu|Tags: , , , , , |

PART ONE – setup ssl and ssl certs.

1. enable ssl, run command

a2enmod ssl

and then restart apache

service apache2 restart

go to /etc/apache2 and create ssl folder

mkdir ssl

2. generate key and crt file – follow instruction on the screen

openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout apache.key -out apache.crt

3. edit /etc/apache2/sites-available/default-ssl.conf and add path to generated certs (line 32/33).

SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

4. activate ssl virtual host

sudo a2ensite default-ssl.conf

5. and then restart apache

service apache2 restart

6. setup redirection from http to https, edit vim /etc/apache2/sites-available/000-default.conf and add below code:

RedirectPermanent /

and then restart apache

service apache2 restart

PART TWO – SSL should work with your website lets setup private key access.

7. go to cert directory: /etc/apache2/ssl

8. generate new CA

openssl genrsa -des3 -out myCA.key 2048

9. Generate root certificate

openssl req -x509 -new -nodes -key vaultCA.key -sha256 -days 1825 -out vaultCAroot.pem

10. convert certificate to pem

openssl pkcs12 -export -out -inkey vaultCA.key -in vaultCAroot.pem

11. enable CA root, edit default-ssl.conf and add/edit (line 51/52)

SSLCACertificatePath /etc/apache2/ssl
SSLCACertificateFile /etc/apache2/ssl/vaultCAroot.pem

12. enable client auth to require (line 69/70)

SSLVerifyClient require
SSLVerifyDepth 10

deploy openstack – centos7

November 22nd, 2017|Categories: Linux|Tags: , |

Disable Firewall / network manager / enable network

systemctl disable firewalld NetworkManager
systemctl disable firewalld
systemctl stop firewalld
systemctl disable NetworkManager
systemctl stop NetworkManager
systemctl enable network

disable getenforce

getenforce 0

edit selinux change SELINUX to permissive

vim /etc/selinux/config

change network settings


quick reboot


– start installation packstack

change vim /etc/environment


install repo and pack-stack with configuration file

yum install -y centos-release-openstack-pike
yum update -y
yum install -y openstack-packstack
packstack --gen-answer-file=answer.txt

edit answer.txt choose packages and change:


install openstack

packstack --answer-file=answer.txt

login to horizon
– go to admin -> networks and remove (routers, networks).
– create new network (Name=external, Project=admin, network type=flat Phisical Network=extnet, tick shared)
– add your subnet ip’s

edit /etc/neutron/dhcp_agent.ini and change to True


restart neutron dhcp agent

systemctl restart neutron-dhcp-agent


Simple NAS with Samba and USB HDD

September 25th, 2017|Categories: Ubuntu|Tags: , , , |

list all devices

bart@ubuntu:~$ dmesg

at the bottom find your device name in my case 500gb usb hdd as sdb

sd 6:0:0:0: [sdb] 976773168 512-byte logical blocks:500GB/465GiB)

create partition with fdisk on sdb hdd

sudo fdisk /dev/sdb

– click m for help than choose “p” to list existing partitions
– remove partition by pressing “d” and select partiton from the list
– “n” for new partiton “p” primary partition, number “1”
– save and exit “w”

format to ext4

sudo mkfs.ext4 /dev/sdb1

create directory for NAS in your desire location

bart@ubuntu:/mnt$ sudo mkdir NAS

mount hdd to directory /mnt/NAS/

sudo mount /dev/sdb1 /mnt/NAS/

find uuid for sdb1

sudo blkid /dev/sdb1

add USB HDD to permanent mount after reboot edit /etc/fstab

sudo nano /etc/fstab

add USB HDD to permanent mount after reboot edit /etc/fstab

#add at the bottom of the file than save (use your UUID)
UUID="5fc39f17-7763-4633-92e7-41e62c56e614" /mnt/NAS/ ext4 defaults,users,umask=0 0 0

test in by umount /dev/sdb1 and than use

sudo mount -a

create share folder /mnt/NAS/SHARENAME

sudo mkdir /mnt/NAS/SHARENAME

make sure about permissions

sudo chmod 777 /mnt/NAS/SHARENAME

edit /etc/samba/smb.conf

workgroup = workgroup
netbios name = NAS
server string = Samba Server %v
map to guest = Bad User
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
local master = No
dns proxy = No
security = User
interfaces = em1 lo
bind interfaces only = yes
hosts allow =
hosts deny =
path = /mnt/NAS/SHARENAME
valid users= louise, bart, backup
read only = no
create mask = 0777
directory mask = 0777
writeable = Yes

add user
useradd louise

add password for samba

sudo smbpasswd -a louise

restart service

sudo service smbd restart

magic! ?

Convert ens3 interface to eth0 – Ubuntu 16.04

August 16th, 2017|Categories: Linux, Ubuntu|Tags: , , , , , |

edit grub file

sudo vim /etc/default/grub

and change line from “GRUB_CMDLINE_LINUX=”” to:

GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

update grub

sudo update-grub

change /etc/network/interfaces to eth0 format

auto eth0
iface eth0 inet dhcp

change /etc/udev/rules.d/70-persistent-net.rules form ens3 to eth0

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="fa:16:3e:01:af:fa", NAME="eth0"

reboot system


July 17th, 2017|Categories: Juniper - Recovery|Tags: , , , , , , , |

quick fix:

request system snapshot media internal slice alternate


request system reboot

check after boot from which partition system is booted

show system storage partitions

with output of:

root> show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: active (da0s2a)
Partitions information:
Partition Size Mountpoint
s1a 183M altroot
s2a 184M /
s3d 369M /var/tmp
s3e 123M /var
s4d 62M /config

then you can change active partition to boot from first partition

request system reboot slice alternate media internal

Juniper – firmware upgrade

July 17th, 2017|Categories: Juniper - Recovery|Tags: , , , , , |

Upgrade firmware from usb – go to shell

root> start shell

find usb drive use

root@:RE:0% ls /dev/da*

then to test drive/partition

root@:RE:0% file -s /dev/da1s2

create folder for usb drive and mount usb drive to the folder

root@:RE:0% mkdir /var/tmp/usb
root@:RE:0% mount -t msdosfs /dev/da1s2 /var/tmp/usb

move image file to /var/tmp

cd /var/tmp/usb && mv jinstall-ex-2200-12.3R8.7-domestic-signed.tgz /var/tmp

go back to cli and run upgrade

root@bbc-temp-sw:RE:0% cli
root@bbc-temp-sw> request system software add /var/tmp/jinstall-ex-2200-12.3R8.7-domestic-signed.tgz validate reboot

Ubuntu GNS3 Server with KVM support

February 6th, 2017|Categories: gns3, Linux, Ubuntu|Tags: , , , |

add gns3 repository

sudo add-apt-repository ppa:gns3/ppa

update apt

sudo apt-get update

install gns3 server

sudo apt-get install gns3-server

install kvm support

sudo apt-get install qemu-kvm libvirt-bin virtinst bridge-utils cpu-checker

make sure your system supports virtualisation


than you should get something like this

INFO: /dev/kvm exists
KVM acceleration can be used

then run server

gns3server --host

Install 32bit TeamViewer with 64bit Ubuntu

January 23rd, 2017|Categories: Linux, Ubuntu|Tags: , , , , , |

Install 32bit teamviewer in 64bit Ubuntu

sudo dpkg --add-architecture i386

Update Repository

sudo apt-get update

install additional packages

sudo apt-get install libdbus-1-3:i386 libasound2:i386 libexpat1:i386 libfontconfig1:i386 libfreetype6:i386 libjpeg62:i386 libpng12-0:i386 libsm6:i386 libxdamage1:i386 libxext6:i386 libxfixes3:i386 libxinerama1:i386 libxrandr2:i386 libxrender1:i386 libxtst6:i386 zlib1g:i386 libc6:i386

install downloaded package

sudo dpkg -i teamviewer*.deb

Configure Google Authenticator with Ubuntu

January 19th, 2017|Categories: Linux, Security, Ubuntu|Tags: , , , , , |

Configure Google Authenticator with Ubuntu

sudo dpkg-reconfigure tzdata
sudo apt-get install ntpdate
sudo ntpdate
sudo apt-get install ntp

check settings via controls below

ntpq -p

Install google auth module

sudo apt-get install libpam-google-authenticator

choose user you want to configure auth for

su username

choose option Y

Do you want authentication tokens to be time-based (y/n)

scan barcode with google app or, follow instruction on the screen edit /etc/ssh/sshd_config and enable ChallengeResponseAuthentication to YES

ChallengeResponseAuthentication yes

edit /etc/pam.d/sshd and add below line at the top of the file

auth required nullok

restart ssh service

sudo service ssh restart

How to install DUO Security with Ubuntu 16.04 LTS

January 19th, 2017|Categories: Linux, Security, Ubuntu|Tags: , , , , |

install ssh (if its not installed)- go to

cd /etc/apt/sources.list.d/

create file in /etc/apt/sources.list.d/

sudo nano duosecurity.list

edit file and add this

deb xenial main

exit and install curl

sudo apt-get install curl

download duosecurity key and add to system

curl -s | sudo apt-key add –

update apt

sudo apt-get update

install duo-unix

sudo apt-get install duo-unix

add key’s to /etc/duo/pam_duo.conf (Integration, Secret, API hostname) from duo website

sudo nano /etc/duo/pam_duo.conf

edit common-auth

sudo nano /etc/pam.d/common-auth

add to file at the bottom /etc/pam.d/common-auth (make sure there are no duplicates)

auth requisite nullok_secure
auth [success=1 default=ignore] /lib64/security/
auth requisite
auth required
auth optional

edit /etc/ssh/sshd_config add

sudo nano /etc/ssh/sshd_config


ChallengeResponseAuthentication yes
UsePAM yes
UseDNS no

if use public key add

PubkeyAuthentication yes
PasswordAuthentication yes
AuthenticationMethods publickey,keyboard-interactive

need to make some changes in the pam.d/sshd config

sudo nano /etc/pam.d/sshd

You need to comment out and add the following lines

#@include common-auth
auth [success=1 default=ignore] /lib64/security/
auth requisite
auth required
auth optional

aqq 2017-07-15T23:53:02+00:00

Some Title

Go to the Dash and open the Screenshot tool. In the Take Screenshot window, select whether to grab the entire desktop, a single window, or an area of the screen. Set a delay if you need to select a window or otherwise set up your desktop for the screenshot. Then choose any effects you want.
empty 2017-06-14T21:05:43+00:00