Showing posts with label network. Show all posts
Showing posts with label network. Show all posts

Apr 22, 2013

Setup a RedHat PXE server

You need to have following packages and services installed and running.
vsftpd
dhcpd
xinetd
tftpd
tftpd-server
system-config-netboot
Note: It is better to switch off IPTables untill you complete the hole process.

First mount the RHEL DVD to the system.

Then install the vsftpd system. I will use the vsftpd-* package in the RHEL6 instalation DVD.
# cd /media/rhel6/Packages
# yum localinstall vsftpd-* -y
Then start the service and switch it on at the startup
# service vsftpd start
# chkconfig vsftpd on
This will install the vsftp on the system. In the installation it will create a directory in "/var/ftp/pub". We can create the OS installation repository on this location. It is the public folder of our FTP server.
mkdir /var/ftp/pub/rhel6
I copy the full image to that location so we can use a FTP connection to do the installation.
cp -r /media/rhel6/* /var/ftp/pub/rhel6
Change a repo to use that location as a local repository
# vim /etc/yum.repos.d/local.repo
on that;
[localrepo]
name= local repository
baseurl=ftp://192.168.0.10/pub/rhel6
gpgcheck=0
Then install the tftp service
# yum install -y tftp* xinetd*
Then you need to install the "system-config-netboot" package.
# wget http://mirrors.kernel.org/centos/5/os/x86_64/CentOS/alchemist-1.0.36-2.el5.x86_64.rpm
# wget http://mirrors.kernel.org/centos/5/os/x86_64/CentOS/system-config-netboot-0.1.45.1-5.el5.noarch.rpm
# wget http://mirrors.kernel.org/centos/5/os/x86_64/CentOS/system-config-netboot-cmd-0.1.45.1-5.el5.noarch.rpm
"system-config-netboot" depends on "alchemist-" package and it depends on "python-abi" package. Then again "python-abi" requires python-2.4 to install it, but RHEL6 almost have the latest python-2.6. So we install the "alchemist-" with --nodeps flag.
# rpm -ivh alchemist-1.0.36-2.el5.x86_64.rpm --nodeps
# rpm -ivh system-config-netboot-*
tftpd-server create this "/tftpboot/linux-install/" directory. Now we need to edit this "/etc/xinetd.d/tftp" file to point the tftpboot path to this automatically created directory.
# vim /etc/xinetd.d/tftp
on that file;
...
server_args = -s /tftpboot # change the original "/var/lib/tftpboot" to "/tftpboot"
...
Now run this command to generate the PXE boot item
pxeos -a -i "RedHat EL 6" -p FTP -D 0 -s 192.168.0.10 -L /pub/rhel6 RHEL6
This command will create a directory called as "/tftpboot/linux-install/RHEL6".

Then restart the xinetd and tftp services.
# service xinetd restart
# chkconfig xinetd on
# chkconfig tftp on
Now you need to install the DHCP service. This will forward the tftp server details to the required server.
# yum install dhcp -y
Then edit the dhcp configurations file.
# vim /etc/dhcp/dhcpd.conf
on that file;
option domain-name-servers  192.168.0.1;
allow bootp;
allow booting;

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.100 192.168.0.200;
  option routers 192.168.0.1;
}

next-server 192.168.0.50; # name of your TFTP server
filename "linux-install/pxelinux.0"; # name of the boot loader program
Then restart the dhcp serice.
# service dhcpd restart
# chkconfig dhcpd on

Put a kickstart configurations file in the ftp pub location "/var/ftp/pub/ks.cfg".
# vim /tftpboot/linux-install/pxelinux.cfg/default
and add the kernel parameter (ks=ftp://192.168.0.10/pub/ks.cfg) for the kickstart file.
...
label 1
  kernel RHEL6/vmlinuz
  append initrd=RHEL6/initrd.img ramdisk_size=16000 method=ftp://192.168.0.10/pub/rhel6 ip=dhcp ks=ftp://192.168.0.10/pub/ks.cfg

Jan 15, 2013

Set proxy settings on apt

Apt is the default package manager in most debian distributions including Ubuntu. If the system in behind a proxy and a firewall, systems administrator need to set proxy settings on the system in order to connect that system to the Internet. Systems administrator can user the method that I describe in a previous post to set proxy settings on the system. But apt will not use that settings when it try to connect to the Internet. Therefore, systems administrator need to set those proxy settings in its configurations file. To do that;

You need to edit the '/etc/apt/apt.conf ' file or if that file does not exist, you need to add a new file in '/etc/apt/apt.conf.d/01proxy'

Then you need to add the following line to one of these files.

Acquire::http::Proxy "http://[proxy server ip]:[proxy listening port]";


You need root level privileges to do this task. After editing the you can run a "apt-get update" command to update the apt database.

Jan 11, 2013

Cisco VPN error - 442: Failed to enable Virtual Adapter

If you install the Cisco VPN client in a Windows 7 OS some times you may see an error saying that;

Reason 442: Failed to enable Virtual Adapter

In such a scenario try to do following thing.

First go to services or type services on the search and  find the "Internet Connection Sharing (ICS)" service. Stop that service and change the service start-up option to manual. Then try to restart the "Cisco Systems, Inc. VPN Service" service.

Now try to use the VPN client.

Jan 10, 2013

Access a windows share from CentOS

Sometimes Linux users wants to connect to a windows share and copy something from it. To do this, we have two options. One is to use the graphical user interface (GUI). The second option is to use the terminal or the command line. Both of these have there own good and bad.

What ever the method is, you need to install two packages to do this task. Those are "samba-client" and "samba-common". You can use yum to install those packages.

If you want to access '\\host\folder' Windows share from the command line, do it like this.

smbclient //host/folder -U username

if it prompt something like this "smb:\>", you have successfully connected to the share folder. Then type help to get more information.

If you want to access the same folder via the GUI, you need to open a nautilus window and type;

smb://username@host/folder

Then it will prompt you to give the doman/workgroup and the password. If those are correct you can use the windows share successfully.

Jan 9, 2013

Install Key Management Service (KMS)

In windows, when ever you install a new software you need to activate it with Microsoft over the internet. In a large network doing that is a hard work. Most of the time large organizations use 'Volume License' when they purchase Microsoft products. Then managing those volume license is another problem. We can use this Key Management Service to handle this problem.

First of all you need to get the KMS key from your "Microsoft Volume License Service Center". Assume that we are going to install KMS in a windows server 2008 R2 which is almost in the domain and logged in as a domain administrator. (If not, you need to add a DNS entry to the DNS server manually) Then you need to locate the KMS key "Windows Server 2008 Std/Ent KMS B".

Then log in to that server and try to change the product key to this KMS B key by doing this.
Right click on "My Computer" -> Properties. Click on 'Change Product Key" link. It will open another window. You can add the "KMS B" key in to that and continue it.It will give a warning saying that "You have entered a Key Management Service Key ... ". Click on OK on that.

Then you need to open the KMS port on the local firewall to the domain.To do that, open the windows firewall and select "Allow programs to communicate through windows firewall" and set the "Key Management Service" tick. Then press OK button to save the changed settings.

Now you have almost install the KMS. To verify the installation we can type;

nslookup -type=srv _vlmcs._tcp

in a client machine. If it gives the correct IP/domain address of the KMS installation system you have successfully install the key management service for your network.

Now you can use these (http://technet.microsoft.com/en-us/library/ff793421.aspx) KMS dummy keys to active other clients using this installed KMS service.

Note: You have to have at least the minimum number of computers of virtual instances to use this service. We can get those activation thresholds details from: http://technet.microsoft.com/en-us/library/ff793434.aspx



Jan 4, 2013

Deny Youtube in office hours using Squid proxy

We can use Squid-cache as a internet access controlling system. In this post I will show you how to configure squid-cache to do access controlling on youtube.com website.

You need to edit the '/etc/squid/squid.conf' file to these changes.

First we need to defined our local network (eg : 192.168.2.0/24 ). To do that we can edit the 'acl localnet src * ' line in the config file to;

acl localnet src 192.168.2.0/24

Then we assume that we need to block youtube access within working hours to all uses in the network. Therefore, we need to set the working hours in the configurations file. This configuration should come soon after defining 'Safe_ports'.

acl officehours time M T W H F 8:00-17:00

Now you can give the host name of the host machine by;

visible_hostname proxy.domain.com

If anyone need to access youtube within office hours we need to have a option for that. For an example, we can set a youtbe allowed IP range and/or some individual IP addressed like this.

acl allowyoutube src 192.168.2.21-192.168.2.40
acl allowyoutube src 192.168.2.75
acl allowyoutube src 192.168.2.65

Now we can block youtube to all users except special users by setting;

acl youtube dstdomain .youtube.com
http_access deny CONNECT youtube !allowyoutube officehours
http_access deny youtube !allowyoutube officehours

# deny access to not safe and non-ssl ports
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

# allow only local network
http_access allow localnet
http_access deny all

Then restart the squid service  and see the logs on ' /var/log/squid/ ' for more information.

Jan 2, 2013

A Simple Centralized Log Server Using Rsyslog

Logs are very useful when it comes to forensic operations. But most of the systems keep all the logs on the same host machine. But keeping logs in the same host machine is not very useful. Because hacker can destroy all the log on that vulnerable host.

Therefor we use a secure centralized log server to collect all the logs. All the systems and devices on the network will send a copy of each log entry to this centralized log server.

In this post I'm going to setup a simple centralized log using rsyslog. Most of the Linux system have this rsyslog installed by default. You just need to edit some configuration files.

In this setup we have a centralized log server (the server) and a client (simulate a system or a device on the network). First I config the server part and then I will move to the client part.

Server :-

Edit the
/etc/rsyslog.conf
to enable the UDP module and rsyslog to listen on UDP port 514.

# provides UDP syslog reception. For TCP, load imtcp.
$ModLoad imudp

# For TCP, InputServerRun 514
$UDPServerRun 514


Then you need to restart the rsyslog service.
service syslogd restart

Now the rsyslog on that host will work as the centralized log server.

Check the firewalls, iptables and SELinux settings and allow the UDP port 514 to receive data from other devices on the network.

You can use
tcpdump -i eth0 port 514
to see all incoming syslog data.


Client :-

You need to edit the same file on the other client in order to forward logs to the centralized log server.

*.* @192.168.1.1:514

In this ' *.* ' means all the logs, a single '@' sign means to use UDP protocal and the server IP and the listning port of the centralized log server.

After editing the configurations file you need to restart the rsyslog.


View collected logs:-

By default all the forwarded logs are append to the message log in the centralized server. You can view those message by viewing the
/var/log/message
log.

Note:-
As logs are in plain text, forwarding it using UDP/TCP is not a good practice.
Add filters and try to manage logs without just logging all into a single file.
Do proper log rotation.
Use log correlation mechanisms to take proactive decisions.

Nov 25, 2011

Change IP using a script or command line in windows


Try This out:

@echo off

REM # Created by Thilina  Piyasundara.

set /P asda=Do you want to change the IP (y/n) : 

if "%1" == "yes" (
 ECHO Setting IP Address
 netsh int ip set address name = "Local Area Connection" source = static addr = 192.168.1.2 mask = 255.255.255.0

 ECHO Setting Gateway
 netsh int ip set address name = "Local Area Connection" gateway = 192.168.2.250 gwmetric = auto

 ECHO Setting Primary DNS
 netsh int ip set dns name = "Local Area Connection" source = static addr = 192.168.2.1
 
 GOTO SETSETTINGS
)

if not "%1" == "yes" (
 ECHO Nothing happened.
)

:SETSETTINGS
netsh int ip show config
:end
 
pause

Use the netsh commands to do the same thing in the command line.

Nov 13, 2011

Socket Programming with Python - Echo server

This is a basic socket program. You need to run the server first and then run the client.

Echo server (pechoserver.py)
#!/usr/bin/python

import socket

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.bind(("",5200)) # server is running on Port 5200
s.listen(1)

while 1:
 conn, addr = s.accept()
 print 'Connected IP ' , addr
 data = conn.recv(1024)
 if not data:
  break
 conn.send(data)
 conn.close()


Echo client (pechoclient.py)
#!/usr/bin/python

import socket
import sys

if (len(sys.argv)<1):
        print 'usage : pechoclient.py "message"'
        exit(0)
else:
        msg=sys.argv[1]
        s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        s.connect(("localhost",5200))
        s.send(msg)
        data=s.recv(1024)
        s.close()
        print "Recived : " ,data


Run the server ;
$ pyhton pechoserver.py &

Run the client ;
$ python pechoclient "Hello World."

Run client and server in different terminals to get a clear understanding of the output.

For more : http://docs.python.org/library/socket.html
                 http://docs.python.org/howto/sockets.html

Jun 22, 2011

Enable/Disable LAN interface by command prompt in Windows XP

First thing you need to check "devcon" is working in your XP version.
Go to command prompt and type
C:\>devcon

If it gives an error, download this utility (an exe) from microsoft website.
http://download.microsoft.com/download/1/1/f/11f7dd10-272d-4cd2-896f-9ce67f3e0240/devcon.exe

Extract that into a known place and change your command prompt path to that folder where the .exe file exist.

Now if you type condev it should give a help details.

Now you need to get the Ethernet name from that command. To do that type;

C:\devcon_folder> devcon hwids "PCI\*"  >pcidevname.txt

This will print all PCI devices hardware details into that text file. So go through that text file and get the ID of your ethernet card. (Use Ctrl+F and key word "Ethernet")

It will be like this.


PCI\VEN_10EC&DEV_8139&SUBSYS_10451043&REV_10\4&2966AB86&0&38A4
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    Hardware ID's:
        PCI\VEN_10EC&DEV_8139&SUBSYS_10451043&REV_10
        .......
    Compatible ID's:
        PCI\VEN_10EC&DEV_8139&REV_10
        PCI\VEN_10EC&DEV_8139 ......


Get your ID equal to "PCI\VEN_10EC&*"

Then type to disable;

C:\devcon_folder>devcon disable "PCI\VEN_10EC&*"

To enable

C:\devcon_folder>devcon enable "PCI\VEN_10EC&*"