giovedì 13 novembre 2014

Enable SSH on cisco switch

1. Setup Management IP

First, make sure you have performed basic network configurations on your switch. For example, assign default gateway, assign management ip-address, etc. If this is already done, skip to the next step.
In the following example, the management ip address is set as 192.168.101.2 in the 101 VLAN. The default gateway points to the firewall, which is 192.168.101.1
# ip default-gateway 192.168.101.1

# interface vlan 101
(config-if)# ip address 192.168.101.2 255.255.255.0

2. Set hostname and domain-name

Next, make sure the switch has a hostname and domain-name set properly.
# config t
(config)# hostname myswitch
(config)# ip domain-name thegeekstuff.com

3. Generate the RSA Keys

The switch or router should have RSA keys that it will use during the SSH process. So, generate these using crypto command as shown below.
myswitch(config)# crypto key generate rsa
 The name for the keys will be: myswitch.thegeekstuff.com
 Choose the size of the key modulus in the range of 360 to 2048 for your
   General Purpose Keys. Choosing a key modulus greater than 512 may take
   a few minutes.

How many bits in the modulus [512]: 1024
 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Also, if you are running on an older Cisco IOS image, it is highly recommended that you upgrade to latest Cisco IOS.

4. Setup the Line VTY configurations

Setup the following line vty configuration parameters, where input transport is set to SSH. Set the login to local, and password to 7.
# line vty 0 4
(config-line)# transport input ssh
(config-line)# login local
(config-line)# password 7
(config-line)# exit
If you have not set the console line yet, set it to the following values.
# line console 0
(config-line)# logging synchronous
(config-line)# login local

5. Create the username password

If you don’t have an username created already, do it as shown below.
myswitch# config t
Enter configuration commands, one per line.  End with CNTL/Z.
myswitch(config)# username ramesh password mypassword
Note: If you don’t have the enable password setup properly, do it now.
myswitch# enable secret myenablepassword
Make sure the password-encryption service is turned-on, which will encrypt the password, and when you do “sh run”, you’ll seee only the encrypted password and not clear-text password.
myswitch# service password-encryption

5. Verify SSH access

From the switch, if you do ‘sh ip ssh’, it will confirm that the SSH is enabled on this cisco device.
myswitch# sh ip ssh
SSH Enabled - version 1.99
Au

martedì 11 novembre 2014

How to extract a filesystem from a disk image

You need to backup an entire hard disk to a single file. Supposing your disk is at /dev/hda and the backup file is image-file, you’d do:
# cat /dev/hda > image-file
or
# dd if=/dev/hda of=image-file

The file backup you get will hold a copy of every single bit from the hard disk. This means that you also have a copy of the MBR in the first 512 bytes of the file.
Because of this, you can see the partition table on the backup file:

# sfdisk -l -uS image-file
Disk image-file: 0 cylinders, 0 heads, 0 sectors/track
Warning: The partition table looks like it was made
for C/H/S=*/255/32 (instead of 0/0/0).
For this listing I'll assume that geometry.
Units = sectors of 512 bytes, counting from 0
Device Boot Start End #sectors Id System
image-filep1 32 261119 261088 83 Linux
image-filep2 261120 4267679 4006560 82 Linux swap / Solaris
image-filep3 4267680 142253279 137985600 83 Linux
image-filep4 0 - 0 0 Empty


Now, suppose you want to extract partition number 3. You can see that it starts at block 4267680 and is 137985600 blocks long. This translates into:

# dd if=image-file of=partition3-file skip=4267680 count=137985600

Now, peeking into the contents of the partition is as easy as:
# mount -t ext3 -o loop partition3-file /mnt/hack

lunedì 10 novembre 2014

amule un ubuntu net best practice

The TCP and UDP port will have to be open from aMule to the internet. The first obstacle is iptables in Ubuntu. Iptables will cause aMule to receive firewalled status – or low id. Being firewalled will drastically decrease performance. To open the ports you can either install Firestarter, the GUI for iptables by typing the following in the terminal:


sudo apt-get install firestarter

From Firestarter, open the ports in Preferences->Connection in aMule.
Or, you can just open the ports using the terminal. Type, e,g,


sudo iptables -A INPUT -p tcp --dport 4711 -j ACCEPT

to open tcp port 4711, and


sudo iptables -A INPUT -p udp --dport 4712 -j ACCEPT

to open udp port 4712. (To close the ports again, use the same parameters, except replace «ACCEPT» with «DROP».)

To acieve maximim performance, it is also a good idea to open a UDP-port for extended server requests. This means the port through which all non-core packets are sent to the server. That is data such as file rates, extended file descriptions (encoding, audio length, video resolution, etc), and other trivial but very handy data. The UDP port for extended server requests is always TCP-port +3, so in this case we open it with


sudo iptables -A INPUT -p udp --dport 4714 -j ACCEPT

If you have a router, you also need to open the above mentioned ports and forward them to your computer. If you open the ports but don`t forward them to the right device, you will be firewalled.

If you don`t know how to open and forward your ports, enter this page: http://portforward.com/routers.htm From this page, select your router. You will now enter a new image with a lot of application names. aMule is unfortunately not on the list, but select eMule instead. You should now get a guide for your router on how to open and forward the ports. (Remember that eMule and aMule uses different default ports.)

Max sources per file: This all depends on how much your router and modem can handle. The more connections they can handle without problems, the better. I have mine at 500 and 700 respectively. You may want to experiment with these values. If you put the limit too high, you may choke your router and internet becomes unresponsive.

Networks: Make sure you have both ed2k and Kad ticked.
Message Filter. This is where you can fill in common spam-messages. Just copy and paste the spam message into the box and separate messages with a «,» (without the «s) and you`ll never see the message again.

Server. This is important. Some servers are fakes, mainly run by the entertainment industy, and will not give any results. To avoid the bad ones, untick the «update serverlist» boxes, and tick «autoconnect to servers in static list only».

Directories. Incoming directory is where your finished downloads will be saved. Keep in mind that the default setting is within the hidden .aMule folder, so if you don`t change it you will have to use Ctrl+h to make it visible. I recommend making a folder in your home directory for incoming files, and point towards it from aMule. Tempfiles is reserved for non-complete files, and may well be hidden. Shared directories is the files you share using aMule. (Please be generous. Filesharing is after all about sharing, and not about using aMule as a download machine. Whatever you download has to be uploaded by someone else. Roughly speaking: Total network upload speed = Total network download speed.) By default, you only share your incoming folder, and you can`t unshare it. Double click on a folder to share the contents. This will not share subdirectories! If you have one or more subdirectory within that folder you want to share, right click the folder! Any shared directory will be marked in bold letters.

Security. Tick «Enable IP-filtering.» The purpose of using an IP-filter is to block the bad guys, mainly the entertainment industry and their lackeys, who are sabotaging the ed2k network. Clients on your ipfilter will not be able to establish a connection to your computer. I use the ipfilter from Bluetack, so you can insert this url http://www.bluetack.co.uk/config/nipfilter.dat.gz and then click «Update now». The ipfilter should then download and install. (A known bug in Feisty may cause aMule to crash while updating the IPfilter.) If you can`t do without an IPfilter, try Moblock. http://ubuntuforums.org/showthread.php?t=192559

Gui-tweaks contains a few useful settings, like percentage, progress bar and fast ed2k-links handler. You can use the latter for ed2k links found on the internet and click apply, and the file shoud be on your download list.
That`s it for the Preferences box! Click ok to save the changes.

The last thing you have to do before starting to use aMule is to add servers. There are no servers by default. Select the Networks icon between the Disconnect and Search button in the main menu. Add this line in the top box and press enter: http://peerates.net/peerates/certifiedservers.met
You can also add servers manually from e.g. http://gruk.org/list.php and enter name, IP and portnumber in the boxes below. (Avoid servers marked in pink.) Once you have a few servers, right click a couple of large servers with low responsetime (ping) and right click. Select add to static server list. (If you chose to autoconnect only to servers in static serverlist, aMule will only try reconnecting to one of these safe servers if disconnected.) Remember: Do not connect to servers located in the USA, since they almost certainly are fakes.

venerdì 24 ottobre 2014

Redhat Fedora mount ISO file as cdrom/dvd



Nel caso debba montare la chiave usb:

1    inserire la chiavetta usb
2      Lanciare
Dmesg
Dovrebbe apparire verso la fine dell’output una device SCSI vista come /dev/sda1 o /dev/sdb1
3      Creare una dir /mnt/usb
4      lanciare
Mount /dev/sda1 /mnt/usb
5      Copiare la iso

PROCEDURA MOUNT ISO:

1      Loggarsi come root. Digitare:
mkdir /mnt/iso
mkkdir /enrico

2      Copiare la iso in /enrico
cp /enrico

3      Montare la iso in /mnt/iso
mount -t iso9660 -o loop /enrico/ /mnt/iso/

4     Navigare in /mnt/iso come se fosse il cdrom/dvd normalmente

venerdì 17 ottobre 2014

IP to block if youtube HD video slow

Block IP address or IP range in windows server 2008 by Windows Firewall

IP range to block for youtube cashes: 206.111.0.0/16

How to Block IP address or IP range in windows server 2008 by Windows Firewall
If you ever feel that someone may be trying to break into your server or know an IP address that you want to block from accessing your server there is a built in firewall on all windows server. You can use this firewall to block either a range of IP addresses or a single address. My server has some suspicious visits, so i decide to block these users.
1. Log into your server via Remote Desktop Connection.
2. Start -> administrative tools > windows firewall with advanced security.
block_ip_windows_server_1
3. On the left side of the firewall window click on the inbound rules option.
4. On the right side of the screen click on New Rule.
5. Click on the custom radio button and then click next.
6. Make sure the All programs radio is selected then click next.
7. On the protocol and ports options leave everything at its defaults and click next.
8. On the scope screen you will see two boxes the top one is for local IP addresses and the bottom is for remote IP addresses. In this scenario we are trying to block an outside (remote) IP from accessing anything on the server so we will need to add the IP address to this section only as it will not be a local IP address.
9. Click on the radio that says “these IP addresses ” in the remote section as shown below:
10. Click on the Add button.
11. In the next window we will be adding a single IP address to the rule, you can also add an entire range at this point if you wish.
12. Click ok, click next.
13. Make sure you select the Block the connection radio on the next screen and then click next.
14. Leave all of the options on the next screen checked this will be sure to block the IP no matter the connection they are trying to use. Click next.
15. Name the rule on the next screen something you can remember in case you wish to remove or edit it in the future. Click finish and thats it.

giovedì 24 luglio 2014

Upgrade Linux Ubuntu Kernel graphics drivers to latest version

Upgrading these user-space driver components is as easy as running either

sudo apt-add-repository ppa:xorg-edgers/ppa
or
sudo apt-add-repository ppa:oibaf/graphics-drivers

for linking your system to either archive. That's then followed by running:

sudo apt-get update

to update the package meta-data and lastly:

sudo apt-get dist-upgrade

for upgrading all of your operating system's packages.
After that, reboot, and if all goes well you'll be running the very latest Linux graphics drivers.

giovedì 10 luglio 2014

Enable SNMP on ESX server.

First of all you will need a vmware CLI.
One installed lauche the following commands:

Set comunity:
vicfg-snmp.pl --server --username root --password -c

Set Trap destination:
vicfg-snmp.pl --server --username root --password -t @/

Set snmp get port:
vicfg-snmp.pl --server --username root --password -p

 Enable deamon:
 vicfg-snmp.pl --server --username root --password --enable

That's it
Ciao

mercoledì 18 giugno 2014

Restricting SSH sessions for accounts on ubuntu server

If you look at man sshd_config, you can see that there is an option for MaxSessions. Unfortunately, this is the maximum number of sessions per network connection, not the maximum number for a specific user.
One thing you can do is set UsePAM yes in /etc/ssh/sshd_config, then configure PAM to handle the user limits by enabling the PAM module pam_limits.so. If you only want the limits to apply to ssh sessions, add the following line to /etc/pam.d/sshd:
 
session required pam_limits.so

I'm pretty sure all of the above stuff is the default configuration, now comes the part that actually sets the limit. pam_limits.so pulls its limits from /etc/security/limits.conf. If you want a user to only be able to have one active session at a time, just add the following line to that file:
 
user    hard    maxlogins    1

Once this is set up, on any log in attempt when there's already an active session, the user will get the error Too many logins for 'user'. To make this apply to all users, use * for the user. You can also have it apply to certain groups, for instance, use @users to apply to rule to everyone in the users group.

Procedure to change OpenSSH pre login banner


1) By default sshd server turns off this feature.

2) Login as the root user; create your login banner file:
# vi /etc/ssh/sshd-banner
Append text:
Welcome to nixCraft Remote Login!

3) Open sshd configuration file /etc/sshd/sshd_config using a text editor:
# vi /etc/sshd/sshd_config

4) Add/edit the following line:
Banner /etc/ssh/sshd-banner

5) Save file and restart the sshd server:
# /etc/init.d/sshd restart

sabato 31 maggio 2014

Android device with no touch screen access solution.

I had a smartphone with a broken touch screen, I wanted to backup images and contacts but had no way to access phone because I could not interact with the smartphone.
Could not unlock, could not mount it as a drive on my computer.

So I bought an adapter like this:

It converts your micro usb port on your phone to a common usb port.
Connect a mouse to it and you will be able to control your phone with the mouse.
Imagine the arrow as if it was you finger.
Now connect to wifi, on you computer share a folder with guest permissions and copy all you need on it.



giovedì 29 maggio 2014

NFS setup and Mount as Vmware datastorage

NFSv4 quick start

Providing you understand what you are doing, use this brief walk-through to set up an NFSv4 server on Ubuntu (with no authentication security). Then mount the share on an Ubuntu client. It has been tested on Ubuntu 10.04 Lucid Lynx.

NFSv4 server

Install the required packages...
  • # apt-get install nfs-kernel-server 
NFSv4 exports exist in a single pseudo filesystem, where the real directories are mounted with the --bind option.
  • Let's say we want to export our users' home directories in /home/users. First we create the export filesystem: 
     
    # mkdir -p /export/users 
     
  • It's important that /export and /export/users have 777 permissions as we will be accessing the NFS share from the client without LDAP/NIS authentication. This will not apply if using authentication (see below). Now mount the real users directory with:
     
    # mount --bind /home/users /export/users
     
  • To save us from retyping this after every reboot we add the following
    line to /etc/fstab
     
    /home/users    /export/users   none    bind  0  0
There are three configuration files that relate to an NFSv4 server: /etc/default/nfs-kernel-server, /etc/default/nfs-common and /etc/exports.
  • Those config files in our example would look like this:
    In /etc/default/nfs-kernel-server we set:
     
    NEED_SVCGSSD=no # no is default
     
  • because we are not activating NFSv4 security this time.

    For Ubuntu 11.10 and earlier, we set the following in /etc/default/nfs-common to get UID/GID mappings from names:
     
    NEED_IDMAPD=yes # only needed for Ubuntu 11.10 and earlier
In order for the ID names to be automatically mapped, both the client and server require the /etc/idmapd.conf file to have the same contents with the correct domain names. Furthermore, this file should have the following lines in the Mapping section:
  • [Mapping]
    
    Nobody-User = nobody
    Nobody-Group = nogroup

    However, the client may have different requirements for the Nobody-User and Nobody-Group. For example on RedHat variants, it's nfsnobody for both. cat /etc/passwd and cat /etc/group should show the "nobody" accounts.
This way, server and client do not need the users to share same UID/GUID.

For those who use LDAP-based authentication, add the following lines to your client's idmapd.conf:
[Translation]

Method = nsswitch
This will cause idmapd to know to look at nsswitch.conf to determine where it should look for credential information (and if you have LDAP authentication already working, nsswitch shouldn't require further explanation).
To export our directories to a local network 192.168.1.0/24 we add the following two lines to /etc/exports
 
/export       192.168.1.0/24(rw,fsid=0,insecure,no_subtree_check,async)
/export/users 192.168.1.0/24(rw,nohide,insecure,no_subtree_check,async)
 
Last part launch:
 
exportfs -a
 
Now connecto to with the vsphere client. Click on host and then on configuration.
Click on staorage (left side) and then click on Add storage.
 
 

now select network File system and then click on next:
 
 

insert NFS server IP address. The shared folder name (/export/users) and give the
datastorage a name. Click next.
 
 
 
Click on finish.
 
 
New datastorage appears.
 

That's it.