My Blog 2017-07-16T04:28:41+00:00

SSL auth with .p12 – Root CA and .p12

January 31st, 2018|Categories: Linux, Ubuntu|Tags: , , , , , |

PART ONE – setup ssl and ssl certs.

1. enable ssl, run command

a2enmod ssl

and then restart apache

service apache2 restart

go to /etc/apache2 and create ssl folder

mkdir ssl

2. generate key and crt file – follow instruction on the screen

openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout apache.key -out apache.crt

3. edit /etc/apache2/sites-available/default-ssl.conf and add path to generated certs (line 32/33).

SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

4. activate ssl virtual host

sudo a2ensite default-ssl.conf

5. and then restart apache

service apache2 restart

6. setup redirection from http to https, edit vim /etc/apache2/sites-available/000-default.conf and add below code:

RedirectPermanent / https://vault.bartron.uk/

and then restart apache

service apache2 restart

PART TWO – SSL should work with your website lets setup private key access.

7. go to cert directory: /etc/apache2/ssl

8. generate new CA

openssl genrsa -des3 -out myCA.key 2048

9. Generate root certificate

openssl req -x509 -new -nodes -key vaultCA.key -sha256 -days 1825 -out vaultCAroot.pem

10. convert certificate to pem

openssl pkcs12 -export -out apache.bartron.uk.p12 -inkey vaultCA.key -in vaultCAroot.pem

11. enable CA root, edit default-ssl.conf and add/edit (line 51/52)

SSLCACertificatePath /etc/apache2/ssl
SSLCACertificateFile /etc/apache2/ssl/vaultCAroot.pem

12. enable client auth to require (line 69/70)

SSLVerifyClient require
SSLVerifyDepth 10

Read More

deploy openstack – centos7

November 22nd, 2017|Categories: Linux|Tags: , |

Disable Firewall / network manager / enable network

systemctl disable firewalld NetworkManager
systemctl disable firewalld
systemctl stop firewalld
systemctl disable NetworkManager
systemctl stop NetworkManager
systemctl enable network

disable getenforce

getenforce 0

edit selinux change SELINUX to permissive

vim /etc/selinux/config
SELINUX=permissive

change network settings

/etc/sysconfig/network-scripts/ifcfg-eno1
BOOTPROTO=none
DEFROUTE=yes
DEVICE=eno1
GATEWAY=192.168.7.2
HWADDR=84:2b:2b:6f:63:7c
IPADDR=192.168.7.32
MTU=1500
NETMASK=255.255.255.0
NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
USERCTL=no

quick reboot

sync;reboot

– start installation packstack

change vim /etc/environment

LANG=en_UK.utf-8
LC_ALL=en_UK.utf-8

install repo and pack-stack with configuration file

yum install -y centos-release-openstack-pike
yum update -y
yum install -y openstack-packstack
packstack --gen-answer-file=answer.txt

edit answer.txt choose packages and change:


CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=extnet:br-ex
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-ex:eno1

install openstack

packstack --answer-file=answer.txt

login to horizon
– go to admin -> networks and remove (routers, networks).
– create new network (Name=external, Project=admin, network type=flat Phisical Network=extnet, tick shared)
– add your subnet ip’s

edit /etc/neutron/dhcp_agent.ini and change to True

enable_isolated_metadata=True

restart neutron dhcp agent

systemctl restart neutron-dhcp-agent

resources: https://www.youtube.com/watch?v=Udtr1zJhcrw

Read More

Simple NAS with Samba and USB HDD

September 25th, 2017|Categories: Ubuntu|Tags: , , , |

list all devices

bart@ubuntu:~$ dmesg

at the bottom find your device name in my case 500gb usb hdd as sdb

sd 6:0:0:0: [sdb] 976773168 512-byte logical blocks:500GB/465GiB)

create partition with fdisk on sdb hdd

sudo fdisk /dev/sdb

– click m for help than choose “p” to list existing partitions
– remove partition by pressing “d” and select partiton from the list
– “n” for new partiton “p” primary partition, number “1”
– save and exit “w”

format to ext4

sudo mkfs.ext4 /dev/sdb1

create directory for NAS in your desire location

bart@ubuntu:/mnt$ sudo mkdir NAS

mount hdd to directory /mnt/NAS/

sudo mount /dev/sdb1 /mnt/NAS/

find uuid for sdb1

sudo blkid /dev/sdb1

add USB HDD to permanent mount after reboot edit /etc/fstab

sudo nano /etc/fstab

add USB HDD to permanent mount after reboot edit /etc/fstab

#add at the bottom of the file than save (use your UUID)
UUID="5fc39f17-7763-4633-92e7-41e62c56e614" /mnt/NAS/ ext4 defaults,users,umask=0 0 0

test in by umount /dev/sdb1 and than use

sudo mount -a

create share folder /mnt/NAS/SHARENAME

sudo mkdir /mnt/NAS/SHARENAME

make sure about permissions

sudo chmod 777 /mnt/NAS/SHARENAME

edit /etc/samba/smb.conf

[global]
workgroup = workgroup
netbios name = NAS
server string = Samba Server %v
map to guest = Bad User
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
local master = No
dns proxy = No
security = User
interfaces = em1 lo
bind interfaces only = yes
hosts allow = 127.0.0.1 192.168.1.0/24 192.168.7.0/24
hosts deny = 0.0.0.0/0
[SHARENAME]
path = /mnt/NAS/SHARENAME
valid users= louise, bart, backup
read only = no
create mask = 0777
directory mask = 0777
writeable = Yes

add user
useradd louise

add password for samba

sudo smbpasswd -a louise

restart service

sudo service smbd restart

magic! 😀

Read More

Convert ens3 interface to eth0 – Ubuntu 16.04

August 16th, 2017|Categories: Linux, Ubuntu|Tags: , , , , , |

edit grub file

sudo vim /etc/default/grub

and change line from “GRUB_CMDLINE_LINUX=”” to:

GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

update grub

sudo update-grub

change /etc/network/interfaces to eth0 format

auto eth0
iface eth0 inet dhcp

change /etc/udev/rules.d/70-persistent-net.rules form ens3 to eth0

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="fa:16:3e:01:af:fa", NAME="eth0"

reboot system

Read More

Juniper – WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE

July 17th, 2017|Categories: Juniper - Recovery|Tags: , , , , , , , |

quick fix:

request system snapshot media internal slice alternate

then

request system reboot

check after boot from which partition system is booted

show system storage partitions

with output of:

root> show system storage partitions
fpc0:
--------------------------------------------------------------------------
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: active (da0s2a)
|
Partitions information:
Partition Size Mountpoint
s1a 183M altroot
s2a 184M /
s3d 369M /var/tmp
s3e 123M /var
s4d 62M /config
{master:0}
root>

then you can change active partition to boot from first partition

request system reboot slice alternate media internal

Read More

Juniper – firmware upgrade

July 17th, 2017|Categories: Juniper - Recovery|Tags: , , , , , |

Upgrade firmware from usb – go to shell

root> start shell

find usb drive use

root@:RE:0% ls /dev/da*

then to test drive/partition

root@:RE:0% file -s /dev/da1s2

create folder for usb drive and mount usb drive to the folder

root@:RE:0% mkdir /var/tmp/usb
root@:RE:0% mount -t msdosfs /dev/da1s2 /var/tmp/usb

move image file to /var/tmp

cd /var/tmp/usb && mv jinstall-ex-2200-12.3R8.7-domestic-signed.tgz /var/tmp

go back to cli and run upgrade

root@bbc-temp-sw:RE:0% cli
{master:0}
root@bbc-temp-sw> request system software add /var/tmp/jinstall-ex-2200-12.3R8.7-domestic-signed.tgz validate reboot

Read More

Ubuntu GNS3 Server with KVM support

February 6th, 2017|Categories: gns3, Linux, Ubuntu|Tags: , , , |

add gns3 repository

sudo add-apt-repository ppa:gns3/ppa

update apt

sudo apt-get update

install gns3 server

sudo apt-get install gns3-server

install kvm support

sudo apt-get install qemu-kvm libvirt-bin virtinst bridge-utils cpu-checker

make sure your system supports virtualisation

kvm-ok

than you should get something like this

INFO: /dev/kvm exists
KVM acceleration can be used

then run server

gns3server --host 192.168.7.15

Read More

Install 32bit TeamViewer with 64bit Ubuntu

January 23rd, 2017|Categories: Linux, Ubuntu|Tags: , , , , , |

Install 32bit teamviewer in 64bit Ubuntu

sudo dpkg --add-architecture i386

Update Repository

sudo apt-get update

install additional packages

sudo apt-get install libdbus-1-3:i386 libasound2:i386 libexpat1:i386 libfontconfig1:i386 libfreetype6:i386 libjpeg62:i386 libpng12-0:i386 libsm6:i386 libxdamage1:i386 libxext6:i386 libxfixes3:i386 libxinerama1:i386 libxrandr2:i386 libxrender1:i386 libxtst6:i386 zlib1g:i386 libc6:i386

install downloaded package

sudo dpkg -i teamviewer*.deb

Read More

Configure Google Authenticator with Ubuntu

January 19th, 2017|Categories: Linux, Security, Ubuntu|Tags: , , , , , |

Configure Google Authenticator with Ubuntu

sudo dpkg-reconfigure tzdata
sudo apt-get install ntpdate
sudo ntpdate 0.uk.pool.ntp.org
sudo apt-get install ntp

check settings via controls below

ntpq -p
date

Install google auth module

sudo apt-get install libpam-google-authenticator

choose user you want to configure auth for

su username
google-authenticator

choose option Y

Do you want authentication tokens to be time-based (y/n)

scan barcode with google app or duo.com, follow instruction on the screen edit /etc/ssh/sshd_config and enable ChallengeResponseAuthentication to YES

ChallengeResponseAuthentication yes

edit /etc/pam.d/sshd and add below line at the top of the file

auth required pam_google_authenticator.so nullok

restart ssh service

sudo service ssh restart

Read More

How to install DUO Security with Ubuntu 16.04 LTS

January 19th, 2017|Categories: Linux, Security, Ubuntu|Tags: , , , , |

install ssh (if its not installed)- go to

cd /etc/apt/sources.list.d/

create file in /etc/apt/sources.list.d/

sudo nano duosecurity.list

edit file and add this

deb http://pkg.duosecurity.com/Ubuntu xenial main

exit and install curl

sudo apt-get install curl

download duosecurity key and add to system

curl -s https://duo.com/APT-GPG-KEY-DUO | sudo apt-key add –

update apt

sudo apt-get update

install duo-unix

sudo apt-get install duo-unix

add key’s to /etc/duo/pam_duo.conf (Integration, Secret, API hostname) from duo website

sudo nano /etc/duo/pam_duo.conf

edit common-auth

sudo nano /etc/pam.d/common-auth

add to file at the bottom /etc/pam.d/common-auth (make sure there are no duplicates)

auth requisite pam_unix.so nullok_secure
auth [success=1 default=ignore] /lib64/security/pam_duo.so
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so

edit /etc/ssh/sshd_config add

sudo nano /etc/ssh/sshd_config

add

ChallengeResponseAuthentication yes
UsePAM yes
UseDNS no

if use public key add

PubkeyAuthentication yes
PasswordAuthentication yes
AuthenticationMethods publickey,keyboard-interactive

need to make some changes in the pam.d/sshd config

sudo nano /etc/pam.d/sshd

You need to comment out and add the following lines

#@include common-auth
auth [success=1 default=ignore] /lib64/security/pam_duo.so
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_cap.so

Read More
aqq 2017-07-15T23:53:02+00:00

Some Title

Go to the Dash and open the Screenshot tool. In the Take Screenshot window, select whether to grab the entire desktop, a single window, or an area of the screen. Set a delay if you need to select a window or otherwise set up your desktop for the screenshot. Then choose any effects you want.
empty 2017-06-14T21:05:43+00:00