Thursday, December 22, 2016

Veritas Volume Replicator operational notes

VVR nedir?

Veritas volume replicator, Veritas storage foundation yeni adı ile Infoscale uygulamalarında prod ve drc tarafında uygulayabileceğiniz bir replikasyon çözümüdür.



RVG'ye yeni bir volume ekleme işlemi:

Öncelikle primary ve secondary tarafında volume tanımı yapılmalı ve logtype=dcm belirtilmeli ve secondary tarafta mkfs.vxfs ile biçimlendirme yapılmalıdır.

prod # vradmin -g cbsdg addvol rvg_rclus home0


RVG'den volume çıkarma işlemi:

Öncelikle volume primary sistemde umount yapılmalı. Umount işlemi için eğer VCS (Veritas Cluster Server) kullanıyorsanız cluster explorer arayüzü veya hares komut çağrılarını kullanabilirsiniz.

Aşağıdaki işlem sonrası hem prod hem de drc tarafında vxprint çıktılarında volume'ün RVG kapsamından çıktığını gözlemledim.

Sonrasında:

prod # vradmin -g cbsdg delvol rvg_rclus home0


Mevcut bir Rlink kaydı üzerinde düzenleme işlemi:

Öncelikle rlink pause edilmeli.

prod # vxrlink -g cbsdg pause rlink_rclus
prod # vxedit -g cbsdg set remote_dg=cbsdg rlink_rclus
prod # vxrlink -g cbsdg resume rlink_rclus





Veritas Storage Foundation and High Availability Solutions Replication Administrator's Guide:
https://origin-download.veritas.com/resources/content/live/DOCUMENTATION/5000/DOC5264/en_US/sf_replication_admin_60_lin.pdf



Sunday, December 18, 2016

Ücretsiz olarak kullanabileceğiniz en iyi 10 networking monitoring çözümü




  1. monit
  2. ganglia
  3. munin
  4. cacti
  5. nagios
  6. zabbix
  7. observium
  8. zenoss
  9. collectd
  10. argus

Kaynak:

sixrevisions.com/tools/10-free-server-network-monitoring-tools-that-kick-ass


Varsayılan şifreler ile alakalı siteler



http://www.defaultpassword.com

http://www.routerpasswords.com

Ağ yöneticileri için sertifikasyon yol haritası




Kaynak:

http://www.itcareerfinder.com/brain-food/blog/entry/it-certification-path-network-administrator.html

Wednesday, December 7, 2016

Veritas Cluster Server: make main.cf writable and save

Veritas Cluster Server ile uygulamalarınızı high available çalışmalarını sağlayabilirsiniz.

A/A veya A/P senaryolar için kullanabilirsiniz.

Çok sayıda resource üzerinde çalışıyorsunuz konsol tabanlı operasyon yapma ihtiyacı söz konusu olabiliyor bu durumda konsol operasyonlarınız öncesi main.cf dosyasını yazıalbilir hale getirip işlemlerinizi yapıp kaydetmeniz gerekiyor.

main.cf veritas cluster server ayarlarının saklandığı her bir node'da bulunan dosya.

Yazılabilir yapmak için:
# haconf -makerw

Kaydetmek için:
# haconf -dump -makero


Thursday, December 1, 2016

Veritas Storage Foundation / Infoscale: volume, disk grubu yaratma ve listeme

Volume yaratma:

# vxassist -g cbsdg make dataVol02 10m


Volume listeleme:

# vxlist vol


Disk grubu yaratma

# vxdg init <dgname>


Disk grubu ve disk listeme

# vxdisk -e -o alldgs list

# vxdg list


Friday, November 18, 2016

xargs usage

xargs can also be used to parallelize operations with the -P maxprocs argument to specify how many parallel processes should be used to execute the commands over the input argument lists. However, the output streams may not be synchronized. This can be overcome by using an --output file argument where possible, and then combining the results after processing. The following example queues 24 processes and waits on each to finish before launching another.

find /path -name '*.foo' | xargs -P 24 -I '{}' /cpu/bound/process '{}' -o '{}'.out

https://en.wikipedia.org/wiki/Xargs






Thursday, November 3, 2016

tcpdump komutu kullanım örnekleri

www.thegeekstuff.com/2010/08/tcpdump-command-examples

Linux Security Administrator's Guide


general overview of security issues that face the administrator of Linux systems. It covers general security philosophy and a number of specific examples of how to better secure your Linux system from intruders. Also included are pointers to security related material and programs.

www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html

Saturday, October 15, 2016

15 popüler ağ güvenliği aracı


1. Nmap

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage.


2. Wireshark

Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. Wireshark homepage.


3. Metasploit Community edition

Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. Metasploit community edition homepage.


4. Nikto2

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Nikto2 homepage.


5. John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. John the Ripper homepage.


6. ettercap

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ettercap homepage.


7. NexPose Community edition

The Nexpose Community Edition is a free, single-user vulnerability management solution. Nexpose Community Edition is powered by the same scan engine as Nexpose Enterprise and offers many of the same features. Nexpose homepage.


8. Ncat

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses. ncat homepage.


9. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT. kismet homepage.


10. w3af

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af homepage.


11. hping

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. hping homepage.


12. burpsuite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. BurpSuite homepage.


13. THC-Hydra

A very fast network logon cracker which support many different services. hydra homepage.


14. sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. sqlmap homepage.


15. webscarab

WebScarab has a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned. WebScarab homepage.

Friday, October 14, 2016

linux: mac spoof nasıl yapılır

* Spoof the MAC address:

sudo ifconfig en1 ether [mac address to spoof]

Where it says "[mac address to spoof]", press Command-V to paste the victim's, er, I mean the machine-to-be-spoofed's MAC address.  Your machine may require an administrator password at this point.  This is the password you use to log into OS X on your own machine.

* Confirm the spoof:

ifconfig en1 | grep ether

Your displayed MAC address should now be different from what it was before.

A Developer’s Journey into Linux Containers



https://deis.com/blog/2015/developer-journey-linux-containers/

command line external ip information

$ curl ipinfo.io

Return IP information about your external ip address with JSON format

Tuesday, October 11, 2016

OS X El Capitan: how to run wireshark with iphone usb interface

Öncelikle cihazınıza ait udid bilgisini edinmeniz gerekiyor. Bu bilgiyi itunes summary kısmından öğrenebilirsiniz.

Detaylar:

https://blog.unlockbase.com/find-udid-blocked-icloud-iphone/

Sonrasında virtual interface oluşturmak için rvictl aracını kullanıyoruz.

localuserpc:~ root# rvictl -s en5

rvictl [-h][-l][-s <udid1> ... <udidN>][-x <udid1> ... <udidN>]

Remote Virtual Interface Tool starts and stops a remote packet capture instance 
for any set of attached mobile devices. It can also provide feedback on any attached 
devices that are currently relaying packets back to this host. 

Options:
-l, -L List currently active devices
-s, -S Start a device or set of devices
-x, -X Stop a device or set of devices


localuserpc:~ root# rvictl -s
Starting device XXX [SUCCEEDED] with interface rvi0

sonrasında çalıştırdığınızda rvi0 interface'i üzerinden filtreleme yapabilirsiniz;

localuserpc:~ root# wireshark


Thursday, September 8, 2016

jq: command-line tool for parsing JSON.

Passing it through jq's parser, with the most basic option, will make it look nicer (with colors):
user@host:~$ curl -s https://status.github.com/api/status.json |\
  jq '.'
{
  "status": "good",
  "last_updated": "2015-01-21T16:59:01Z"
}
Do some basic selection:
user@host:~$ curl -s https://status.github.com/api/status.json |\
  jq '.status'
"good"

Tuesday, August 23, 2016

anti adblock killer ile adblock tespit eden siteleri bypass edin

https://greasyfork.org/en/scripts/735-anti-adblock-killer-reek

bu script'i kullanabilmeniz için tarayıcınızda tampermonkey kurulu olmalıdır.

2016 Data Storage Innovation Conference sunumları erişilibilir

2016 Data Storage Innovation Conference sunumları erişilibilir

http://www.snia.org/events/dsicon/presentations2016


Yeni sürüm BlackArch Linux yayınlandı

The new ISOs include over 1500 tools. For more details see the ChangeLog below.

Here's the ChangeLog :
include linux kernel 4.7.1
updated BlackArch Linux installer
added more than 100 new tools
updated all blackarch tools
updated all system packages
updated menu entries for window managers (awesome, fluxbox, openbox)


Wednesday, August 17, 2016

NSA Private Hacking Tools

NSA's Hacking Group Hacked! Bunch of Private Hacking Tools:

The Equation Group is a highly sophisticated threat actor described by its discoverers at Kaspersky Labs as one of the most sophisticated cyber attack groups in the world and "the most advanced ... we have seen", operating alongside but always from a position of superiority with the creators of Stuxnet and Flame.[1][2]

The name Equation Group was chosen because of the group's predilection for strong encryption methods in their operations. By 2015, Kaspersky documented 500malware infections by the group in at least 42 countries, while acknowledging that the actual number could be in the tens of thousands due to its self-terminating protocol.[2][3]

They are suspected of being tied to the United States National Security Agency (NSA).[4][5] By 2015, most of their targets had been in Iran, Russia, Pakistan,Afghanistan, India, Syria, and Mali.[2]


Hacker Demands $568 Million in Bitcoin to Leak All Tools and Data


Not just this, the hackers, calling themselves "The Shadow Brokers," are also asking for 1 Million Bitcoins (around $568 Million) in an auction to release the 'best' cyber weapons and more files.
İncelemek isterseniz aşağıdaki adreslerden indirebilirsiniz.

File Urls
- ———-

magnet:?xt=urn:btih:40a5f1514514fb67943f137f7fde0a7b5e991f76&tr=http://diftracker.i2p/announce.php

https://mega.nz/#!zEAU1AQL!oWJ63n-D6lCuCQ4AY0Cv_405hX8kn7MEsa1iLH5UjKU
https://app.box.com/s/amgkpu1d9ttijyeyw2m4lso3egb4sola
https://www.dropbox.com/s/g8kvfl4xtj2vr24/EQGRP-Auction-Files.zip
https://ln.sync.com/dl/5bd1916d0#eet5ufvg-tjijei4j-vtadjk6b-imyg2qkd
https://yadi.sk/d/QY6smCgTtoNz6

# unzip EQGRP-Auction-Files.zip 
Archive:  EQGRP-Auction-Files.zip
  inflating: eqgrp-auction-file.tar.xz.gpg  
  inflating: eqgrp-auction-file.tar.xz.gpg.sig  
  inflating: eqgrp-free-file.tar.xz.gpg  
  inflating: eqgrp-free-file.tar.xz.gpg.sig  
  inflating: public.key.asc          
  inflating: sha256sum.txt           

  inflating: sha256sum.txt.sig 

# gpg --output eqgrp-free-file.tar.xz --decrypt eqgrp-free-file.tar.xz.gpg

tar -xf eqgrp-free-file.tar.xz

(Password: theequationgroup)

# cd Firewall/
# ls
BANANAGLEE  BARGLEE  BLATSTING  BUZZDIRECTION  EXPLOITS  OPS  padding  SCRIPTS  TOOLS  TURBO

https://webcache.googleusercontent.com/search?q=cache:owtq6OBSmgEJ:https://theshadowbrokers.tumblr.com/+&cd=1&hl=en&ct=clnk&gl=us


Friday, August 12, 2016

firefox: An error occurred during a connection to localhost:5634. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)

Platform: Red Hat Enterprise Linux Server release 6.6

Veritas Operations Manager Server 6.1 kurulumu sonrası https://localhost:5634/ arayüzüne firefox ile erişim sağlamaya çalıştığımda aşağıdaki hatayı aldım.

Secure Connection Failed

An error occurred during a connection to localhost:5634. Issuer certificate is invalid. (Error code: sec_error_ca_cert_invalid)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

Çözüm:

Go to about:config

security.use_mozillapkix_verification

set it to true (you can double click on it to do so) and restart firefox

Tuesday, July 19, 2016

epel and remi repo installation on centos 6


  • Command to install the EPEL repository configuration package:    yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
  • Command to install the Remi repository configuration package:    yum install http://rpms.remirepo.net/enterprise/remi-release-6.rpm

Wednesday, June 29, 2016

Multilib Protection warning for i686 package installation on Red Hat x86_64

To bypass this warning you need to edit /etc/yum.conf and add protected_multilib=0 line in the [main] section of the config

Wednesday, June 1, 2016

ShmooCon 2016 videos

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. 

https://archive.org/details/shmoocon-2016

WIFI PINEAPPLE

http://hackmiami.org/wp-content/uploads/2013/07/Wifi-Pineapple-Mark-IV-aceversion.pdf


Ebowla: Framework for Making Environmental Keyed Payloads

Slides:
Demos

ansible: IT automation engine

Ansible is a radically simple IT automation engine that automates cloud provisioning,configuration managementapplication deploymentintra-service orchestration, and many other IT needs.

https://www.ansible.com/quick-start-video

etcd: open-source distributed key value store

etcd is an open-source distributed key value store that provides shared configuration and service discovery for CoreOS clusters. etcd runs on each machine in a cluster and gracefully handles master election during network partitions and the loss of the current master.

https://coreos.com/etcd/docs/latest/getting-started-with-etcd.html

Monday, May 30, 2016

iscsiadm ipuçları

iSCSI nedir?

iSCSI, depolama aygıtlarını TCP/IP kullanan bir ağ üzerinden bağlama yöntemidir. Yerel ağ (LAN), geniş alan ağı (WAN) veya Internet üzerinden kullanılabilir. iSCSI aygıtları, ağ üzerinden erişilebilen başka bir bilgisayarda bulunan, bağlanabileceğiniz disk, teyp, CD ve benzeri diğer depolama aygıtlarıdır.

10.1.0.3 ip adresli makinaya openfiler kurdum ve vg ve lun yapılandırması gerçekleştirdim.

node'lara ait ip blokları için initialize yetkisi tanıdım.

Platform: 

Red hat Linux 6.5 x86_64

iscsiadm -m session --rescan

iscsiadm -m discovery -t sendtargets -p 10.1.0.3:3260

iscsiadm -m node -T iqn.2006-01.com.openfiler:tsn.ce262c997ea5 -p 10.41.0.2:3260

iscsiadm -m node -T iqn.2006-01.com.openfiler:tsn.ce262c997ea5 -p 10.41.0.2:3260 -l


# disable all active sessions

iscsiadm -m node | while read line; do iqn=$(echo $line | awk '{print $2 }'); iscsiadm -m node -T $iqn --portal $(echo $line | awk '{print $1 }' | sed -r 's/(.+:3260),.*/\1/') -u;  done



# delete all node records

iscsiadm -m node | while read line; do iqn=$(echo $line | awk '{print $2 }'); iscsiadm -m node -o delete -T $iqn --portal $(echo $line | awk '{print $1 }' | sed -r 's/(.+:3260),.*/\1/');  done


# list node records

iscsiadm -m node


# discover targets on specific hosts

iscsiadm -m discovery -t sendtargets -p 10.41.0.131:3260

# login to target


iscsiadm -m node -T iqn.2005-10.org.freenas.ctl:target01 -p 10.41.0.131:3260 -l



Wednesday, May 18, 2016

virtualbox: create internal test vm network


$ VBoxManage dhcpserver add --netname testlab --ip 10.1.0.1 --netmask 255.255.255.0 --lowerip 10.1.0.2 --upperip 10.1.0.100 --enable


localuser-MacBook-Pro:~ localuser$ VBoxManage list dhcpservers
NetworkName:    HostInterfaceNetworking-vboxnet0
IP:             192.168.56.100
NetworkMask:    255.255.255.0
lowerIPAddress: 192.168.56.101
upperIPAddress: 192.168.56.254
Enabled:        Yes

NetworkName:    testlab
IP:             10.1.0.1
NetworkMask:    255.255.255.0
lowerIPAddress: 10.1.0.2
upperIPAddress: 10.1.0.100

Tuesday, May 17, 2016

Thursday, April 28, 2016

unix domain socket interface for kafka server

Bruce is a producer daemon for Apache Kafka. Bruce simplifies clients that send messages to Kafka, freeing them from the complexity of direct interaction with the Kafka cluster. Specifically, it handles the details of:
  • Routing messages to the proper brokers, and spreading the load evenly across multiple partitions for a given topic. Clients may optionally exercise control over partition assignment, such as ensuring that a group of related messages are all routed to the same partition, or even directly choosing a partition if the client knows the cluster topology.
  • Waiting for acknowledgements, and resending messages as necessary due to communication failures or Kafka-reported errors
  • Buffering messages to handle transient load spikes and Kafka-related problems
  • Tracking message discards when serious problems occur; Providing web-based discard reporting and status monitoring interfaces
  • Batching and compressing messages in a configurable manner for improved performance
  • Optional rate limiting of messages on a per-topic basis. This guards against buggy client code overwhelming the Kafka cluster with too many messages.

command:

bruce --msg_buffer_max 65536 --receive_socket_name /var/run/bruce/bruce.socket --config_path /etc/bruce/bruce_conf.xml --log_echo --log_level LOG_DEBUG



volfied

http://playdosgamesonline.com/volfied.html

Wednesday, April 27, 2016

advanced torrent client

https://www.tixati.com/download/

https://download1.tixati.com/download/tixati-2.34-1.portable.zip

Wednesday, April 13, 2016

httpd: compression

 AddType application/x-javascript .js
 AddType text/css .css
 AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/javascript
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
  Header append Vary User-Agent env=!dont-vary

Thursday, March 31, 2016

ssmtp ile konsoldan mail gonderimi

#!/bin/bash

from="root@egearge.com"
fromname="Ali Okan Yuksel"
to="aokan@egearge.com"
subject="deneme"
msg="bu bir deneme mailidir"

echo -e "to: ${to}\nsubject: deneme\n\n ${msg}" | ssmtp -f "${from}" -F "${fromname}" ${to}

wkhtmltopdf: html to pdf converter

"/usr/local/bin/wkhtmltopdf %s %s" % (html_template, pdfout)
"/usr/local/bin/wkhtmltopdf -q -L 0 -R 0 -B 0 -T 0 --disable-smart-shrinking --zoom 0.7821 --encoding UTF-8 %s %s" % (html_template, pdfout))


radius performance testing with radperf tool

RADPERF

Authentication, Authorization, and Accounting. Performance, scalability, load testing, and validation.
One of the most critical steps when building a RADIUS system is performance characterisation. This means testing the system to see if both authentication (i.e., read-only) and accounting (i.e., read-write) behavior is acceptable.

In many cases, the performance will be good enough for normal loads. However, high loads are commonly seen when a NAS reboots and many users flood the network at the same time. If the system cannot handle this load, then it will be unsuitable for a production environment.

RadPerf helps you make this determination. It can send both authentication and accounting packets at varying rates. Even better, you do not need to know anything about RADIUS in order to use RadPerf.

Starting with a list of users and passwords in a CSV file, RadPerf can generate both authentication and accounting packets. It can simulate spikes in traffic, long-lived user sessions, and end-to-end user behavior.

Once RadPerf has finished testing, it produces a set of reports that summarize offered load versus accepted load. Total accepted packets per second can quickly be determined. These reports gives you the data that you need to make an informed decision about placing a system into production.

http://networkradius.com/radius-performance-testing/

radperf-u14.04# ./radperf -A1,5 -c 1 -p 100 -s -f test.csv 192.168.5.174:1812 auth mysecretkey

-A1,5 parametresi ile 1 saniye sonra CREATE accounting request 5 SANIYE sonra ise  DELETE request gonderilmesini sagliyoruz.
-p paralel 100 gonderim yapildigini anlamina geliyor.


radperf - Performance testing tool for RADIUS systems.
          Copyright (C) 2012 Network RADIUS SARL.  All rights reserved.
Usage: radperf [options] server[:port] <command> [<secret>]
  <command>    One of auth, acct, status, coa, or disconnect.
  -a type     Use authentication method <type> (pap, chap, none)
  -A d,l      After Access-Accept, send accounting packets.
  -c count    Send each packet 'count' times.
  -d raddb    Set dictionary directory.
  -D file     Print packet statistics to file
  -f file     Read packets from file, not stdin.
  -F          Update Framed-IP-Address, too.
  -n num      Send a maximum of 'num' packets per second
  -p num      Send a maximum of 'num' packets in parallel.
  -q          Do not print anything out.
  -r retries  If timeout, retry sending the packet 'retries' times.
  -R realm    Realm name to append to the User-Name
  -s          Print out summary information of auth results.
  -S file     read secret from file, not command line.
  -t timeout  Wait 'timeout' seconds before retrying (may be a floating point number).
  -T template Use template file with every request
  -u number   Generate requests for 'number' users.
  -v          Show program version information.
  -x          Debugging mode.
  -4          Use IPv4 address of server
  -6          Use IPv6 address of server.

NTRadPing 1.5 RADIUS Test Utility


Posted:20 Aug 2004
File Size:71KB
License:Free
Download:/coolsolutions/tools/downloads/ntradping.zip
Publisher:Arndt Stajta


NTRadPing is a useful tool for testing installations of your RADIUS servers. Through NTRadPing you can simulate authentication and accounting requests and send them to the RADIUS server making NTRadPing act as a NAS client.
Before you send the request to the server, you need to configure the server IP address, the RADIUS secret key stored in the server clients file, and a username.
All the other parameters are optional.
On accounting requests, the "Acct-Session-Id" attribute is also added automatically if you do not explicitly enter it in the request attribute list.
If you issue an accounting request, then the RADIUS attribute "Acct-Status-Type" is added automatically by NTRadPing depending on the type of accounting request you have chosen (start, stop or update).
In the lower left list box you can add as many RADIUS attributes as you like to your request. The list of available attributes and the relevant values in the two drop down boxes depend on the dictionary file RADDICT.DAT.
By checking the "CHAP" checkbox, you may force NTRadPing to issue authentication requests with a CHAP password instead of a default (PAP) password.
In the right list box you will get results about the RADIUS request, along with a complete dump of all the returned RADIUS attributes.
The parameters entered in the main window are preserved even after closing the application (they are stored in the registry).

Wednesday, March 30, 2016

freeradius installation, configuration and replication notlar

amac tek bir makinaya gelen radius trafigini birden fazla sayida makinaya cogullamak.
kullandigim modul:

mod-enabled/replicate
#  Replicate packet(s) to a home server.
#
#  This module will open a new socket for each packet, and "clone"
#  the incoming packet to the destination realm (i.e. home server).


kurulum:
--

yum install libtalloc-devel openssl-devel gcc
mkdir -p /opt/freeradius
cd freeradius-server-3.0.11
./configure --prefix=/opt/freeradius
make
make install


files:
--
-/etc/raddb/sites-enabled/default  bu dosyada authorize, preacct bolumlerine ekleme yaptim, loglarin detayli loglanmasi icin detail ifadelerini ekledim
-/etc/raddb/mods-enabled/detail bu dosyada detail loglarin yazilacagi lokasyonu degistirdim
-/etc/raddb/clients.conf bu dosyaya client ip ve secretkey bilgileri ile alakali duzenleme yaptim
-/etc/raddb/proxy.conf bu dosyaya realm, home server ve home server pool tanimlari ekledim
-/etc/raddb/radiusd.conf bu dosyada ssl guvenlik uyarisini bypass etmek icin duzenleme yaptim
-/etc/raddb/users bu dosyaya manuel valid user ekledim

config:
--

add to authorize, preacct

        update control {
                &Replicate-To-Realm := server1
                &Replicate-To-Realm += server2
                &Replicate-To-Realm += server3
        }
        replicate


add to authorize, preacct /etc/raddb/sites-enabled/default:

        update control {
                &Replicate-To-Realm := server1
                &Replicate-To-Realm += server2
        }
        replicate
--

add to: /etc/raddb/proxy.conf

client 0.0.0.0/0 {
    secret = mysecretkey
    require_message_authenticator=no
}
--

add to: /etc/raddb/proxy.conf

home_server remote_server_1 {
        ipaddr = 192.168.5.171
        port = 1812
        type = auth+acct
        secret = mysecretkey
}
home_server remote_server_2 {
        ipaddr = 192.168.5.172
        port = 1812
        type = auth+acct
        secret = mysecretkey
}
home_server remote_server_3 {
        ipaddr = 192.168.5.173
        port = 1812
        type = auth+acct
        secret = mysecretkey
}

home_server_pool remote_pool_1 {
        type = fail-over
        home_server = remote_server_1
}
home_server_pool remote_pool_2 {
        type = fail-over
        home_server = remote_server_2
}
home_server_pool remote_pool_3 {
        type = fail-over
        home_server = remote_server_3
}

realm server1 {
      auth_pool = remote_pool_1
      acct_pool = remote_pool_1
}
realm server2 {
      auth_pool = remote_pool_2
      acct_pool = remote_pool_2
}
realm server3 {
      auth_pool = remote_pool_2
      acct_pool = remote_pool_2
}


kullanici tanimlama:
--

add to: /etc/raddb/users

testuser        Cleartext-Password := "password"




test:
$ for i in $(seq 1 100); do radtest testuser password 192.168.5.174 0 mysecretkey; done

Wednesday, March 9, 2016

syslog traffic generation with loggen tool


/opt/syslog-ng/bin/loggen --inet --dgram --size 150 --rate 220000 --interval 60 --active-connections 2 192.168.30.30 514


Tuesday, March 8, 2016

linux: how to detect which application, command or pid deleted files

Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze.Sysdig is scriptable in Lua and includes a command line interface and a powerful interactive UI, csysdig, that runs in your terminal. Think of sysdig as strace + tcpdump + htop + iftop + lsof + awesome sauce.
With state of the art container visibility on top.

installation:
http://www.sysdig.org/install/





command:
sysdig -p '%12evt.type %12user.name %6proc.pid %12proc.name %12proc.args- %proc.cmdline --- %evt.args' '(evt.type=unlinkat or evt.type=unlink) and evt.args contains /usr/local/app/db'


https://github.com/draios/sysdig/wiki/Sysdig%20Chisel%20API%20Reference%20Manual

http://www.sysdig.org/wiki/sysdig-quick-reference-guide/

Wednesday, March 2, 2016

RASPBERRY PI 3 ON SALE NOW AT $35

https://www.raspberrypi.org/blog/raspberry-pi-3-on-sale/

Raspberry Pi 3 is now on sale for $35 (the same price as the existing Raspberry Pi 2), featuring:
  • 1.2GHz 64-bit quad-core ARM Cortex-A53 CPU (~10x the performance of Raspberry Pi 1)
  • Integrated 802.11n wireless LAN and Bluetooth 4.1
  • Complete compatibility with Raspberry Pi 1 and 2

Tuesday, March 1, 2016

change sqlite file size after “delete from table” or "drop table tablename"

The VACUUM command cleans the main database by copying its contents to a temporary database file and reloading the original database file from the copy. This eliminates free pages, aligns table data to be contiguous, and otherwise cleans up the database file structure.
The VACUUM command may change the ROWID of entries in tables that do not have an explicit INTEGER PRIMARY KEY. The VACUUM command only works on the main database. It is not possible to VACUUM an attached database file.
The VACUUM command will fail if there is an active transaction. The VACUUM command is a no-op for in-memory databases. As the VACUUM command rebuilds the database file from scratch, VACUUM can also be used to modify many database-specific configuration parameters.

Manual VACUUM

Following is simple syntax to issue a VACUUM command for the whole database from command prompt:
$sqlite3 database_name "VACUUM;"
You can run VACUUM from SQLite prompt as well as follows:
sqlite> VACUUM;
You can also run VACUUM on a particular table as follows:
sqlite> VACUUM table_name;


[root@server data]# du -sh Samsun_data.db

2.3M    Samsun_data.db

[root@server data]# sqlite3 Samsun_data.db "delete from data where ts<'$(date --date="2 days ago" "+%s")'"

[root@server data]# sqlite3 Samsun_data.db "VACUUM;"

[root@server data]# du -sh Samsun_data.db

1.2M    Samsun_data.db



Auto-VACCUM

SQLite Auto-VACUUM does not do the same as VACUUM rather it only moves free pages to the end of the database thereby reducing the database size. By doing so it can significantly fragment the database while VACUUM ensures defragmentation. So Auto-VACUUM just keeps the database small.
You can enable/disable SQLite auto-vacuuming by the following pragmas running at SQLite prompt:
sqlite> PRAGMA auto_vacuum = NONE;  -- 0 means disable auto vacuum
sqlite> PRAGMA auto_vacuum = INCREMENTAL;  -- 1 means enable incremental vacuum
sqlite> PRAGMA auto_vacuum = FULL;  -- 2 means enable full auto vacuum
You can run following command from command prompt to check the auto-vacuum setting:
$sqlite3 database_name "PRAGMA auto_vacuum;"

Tuesday, February 23, 2016

rdp client

xfreerdp

apt-get install freerdp-x11-dbg

Ripe database

RIPE
Download RIPE database from ftp://ftp.ripe.net/ripe/dbase/
TODO:
1) download split databases and extract networks, organisations, persons, roles, maintainers by country
2) import into MySQL database and use of PHP application
RIS
TODO:
1) download RIS database from http://data.ris.ripe.net/rrc00/latest-bview.gz
2) download, compile and make bgpdump https://bitbucket.org/ripencc/bgpdump/
3) import into database
RADb
TODO:
1) download RADb database from ftp://ftp.ra.net/radb/dbase/
2) import into database
APNIC/ARIN/LACNIC/AfriNIC
Download APNIC database by completing Request Form http://www.apnic.net/apnic-info/whois_search/using-whois/bulk-access
Download ARIN database by completing Request Form https://www.arin.net/resources/request/bulkwhois.html
Download LACNIC database by completing Request Form http://lacnic.net/en/politicas/manual8.html
Download AfriNIC database by completing Request Form http://www.afrinic.net/en/library/membership-documents/207-bulk-whois-access-form-

Monday, February 15, 2016

ipmitool: Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory

#ipmitool shell

ipmitool> chassis status
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory
Error sending Chassis Status command


solution:

# modprobe ipmi_devintf
# modprobe ipmi_si

Thursday, February 11, 2016

Monday, February 8, 2016

Setting the default JDK with the /usr/sbin/alternatives Utility

alternatives  creates, removes, maintains and displays information about the symbolic links comprising the alternatives system. The alternatives system is a reim-
       plementation of the Debian alternatives system. It was rewritten primarily to remove the dependence on perl; it is intended  to  be  a  drop  in  replacement  for
       Debian’s update-dependencies script.


  1. Become the root user.
    /usr/sbin/alternatives needs to be run with root privileges. Use the su command or other mechanism to gain these privileges.
  2. Set java.
    Input this command: /usr/sbin/alternatives --config java
    Set javac.
  3. Enter this command: /usr/sbin/alternatives --config javac

Wednesday, January 27, 2016

huawei quidway s6724 remove port-mirroring

Quidway S6700 Series Ethernet Switches
V100R006C00
Configuration Guide - Device Management

http://enterprise.huawei.com/ilink/enenterprise/download/HW_116588

<huawei>display port-mirroring       
  Port-mirror:
  ----------------------------------------------------------------------
  Mirror-port              Direction     Observe-port           
  ----------------------------------------------------------------------
  XGigabitEthernet0/0/2    Both          XGigabitEthernet0/0/1  
  XGigabitEthernet0/0/3    Both          XGigabitEthernet0/0/1  
  XGigabitEthernet0/0/23   Both          XGigabitEthernet0/0/1  
  ----------------------------------------------------------------------

<huawei>system-view
Enter system view, return user view with Ctrl+Z

[huawei]interface XGigabitEthernet 0/0/2
[huawei-XGigabitEthernet0/0/2]undo port-mirroring both

Understanding DevOps


Understanding DevOps – Part 6: Continuous Deployment vs Continuous Delivery

What is Continuous Deployment?

Companies like flickr have in the past posted on their blog how many ‘deploys’ they had so far that day/week. Looking at the an organization that deploys to production 89 times in a week can be very intimidating. More importantly, it begs to ask – what do you deploy to production 89 times in a week?

This is a scenario that may actually keep some people away from adopting DevOps practices as they believe that they have to deploy every change to production. That is certainly not the case. First, you need to understand what is being deployed here and second, more importantly need to understand that this is not applicable, necessary or in some cases even feasible, for every organization.

Devamı:

https://sdarchitect.wordpress.com/2013/10/16/understanding-devops-part-6-continuous-deployment/

Monday, January 25, 2016

nagios nsca: daemon was not compiled with mcrypt library, so decryption is unavailable.

Platform:
Oracle Linux Server release 6.7

/usr/local/nagios/etc/nsca.cfg:
decryption_method=2

command:
/usr/local/nagios/bin/nsca -c /usr/local/nagios/etc/nsca.cfg

/var/log/messages error:
Jan 25 16:15:34 monitoring nsca[12487]: Invalid decryption method (2) in config file '/usr/local/nagios/etc/nsca.cfg' - Line 203
Jan 25 16:15:34 monitoring nsca[12487]: Daemon was not compiled with mcrypt library, so decryption is unavailable.

Solution:
yum install -y libmcrypt-devel libmcrypt
./configure --with-nsca-user=nagios --with-nsca-grp=nagios  --with-mcrypt-lib=/usr/lib64/ --with-mcrypt-inc=/usr/include
make clean
make all
cp src/nsca /usr/local/nagios/bin/nsca

HTTPS Bicycle Attack - Obtaining Passwords From TLS Encrypted Browser Requests

A paper detailing a new attack vector on TLS was released on December 30. The attack, known as the HTTPS Bicycle Attack, is able to determine the length of specific parts of the plain-text data underneath captured TLS packets using a side-channel attack with already known information. The attack has a few prerequisites but could be applied in a real world scenario, and is completely undetectable due to its passive nature.

Executive Summary

The HTTPS Bicycle attack can result in the length of personal and secret data being exposed from a packet capture of a user's HTTPS traffic. For example, the length of passwords and other data (such as GPS co-ordinates) can be determined simply by analysing the lengths of the encrypted traffic.
Some of the key observations of this attack are as below:
  • Requires a packet capture containing HTTPS (TLS) traffic from a browser to a website
  • The TLS traffic must use a stream-based cipher
  • Can reveal the lengths of unknown data as long as the length of the rest of the data is known - this includes passwords, GPS data and IP addresses
  • Packet captures from several years ago could be vulnerable to this attack, with no mitigation possible
  • The real world impact is unknown, as there are several prerequisites that may be hard to fulfill.
This leads us into interesting discussions on the resilience of passwords as a form of authentication method. First we will explain how the attack works.

http://blogs.forcepoint.com/security-labs/https-bicycle-attack-obtaining-passwords-tls-encrypted-browser-requests

https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf 


You can keep up to date with the discussion of HTTPS Bicycle on Reddit at https://www.reddit.com/r/netsec/comments/3zc5qu/https_bicycle_attack/

Friday, January 22, 2016

cloudera vm: A Single-Node Hadoop Cluster and Examples for Easy Learning!

Cloudera Enterprise: The world's most popular Apache Hadoop solution

Cloudera offers the highest performance and lowest cost platform for using data to drive better business outcomes. Cloudera Enterprise makes Hadoop fast, easy, and secure, so you can focus on results.

Cloudera QuickStart VMs are for demo purposes only and are not to be used as a starting point for clusters.

  • The VMs run CentOS 6.4 and are available for VMware, VirtualBox, and KVM.
  • All require a 64-bit host OS.
Cloudera QuickStart virtual machines (VMs) include everything you need to try CDH, Cloudera Manager, Cloudera Impala, and Cloudera Search.
The VM uses a package-based install. This allows you to work with or without Cloudera Manager. Parcels do not work with the VM unless you first migrate your CDH installation to use parcels. On your production systems, Cloudera recommends that you use parcels.

http://www.cloudera.com/downloads/quickstart_vms/5-5.html

Tuesday, January 19, 2016

linux: how to activate and test kernel coredump property

[root@istanbul tmp]# sysctl -a | grep pattern
kernel.core_pattern = /tmp/core-%e-%s-%u-%g-%p-%t


test.c code:
#include <stdlib.h>
#include <time.h>
#include <stdio.h>

int main(int argc, char **argv)
{
    srand(time(NULL));
    int * nullpointer = NULL;
    printf("%d\n", *nullpointer);

    return 0;
}

# gcc -o testapp test.c

[root@istanbul tmp]# ./testapp
Segmentation fault
[root@istanbul tmp]# ls


no core file found.


[root@istanbul tmp]# ulimit -c
99999999


[root@istanbul tmp]# ls -alt /tmp/core-* | head -1
-rw------- 1 root root 241664 Jan 19 11:31 /tmp/core-testapp-11-0-0-2127-1453195860 


If you don't want to use testapp you can do it easily by using sleep command, too. 

sleep 10 &
killall -SIGSEGV sleep

Friday, January 15, 2016

linux: gettimeofday - VDSO Virtual Dynamic Shared Object

strace -c date
ciktisinda yaptigim incelemede gettimeofday syscall cagrisinin yapilmadigini gozlemledim sonrasinda yaptigim arastirmada VDSO mimarisi ile bir cozum uygulandigini gordum.

detaylar:
Many application workloads (especially databases and financial service applications) perform extremely frequent gettimeofday or similar time function calls. Optimizing the efficiency of this calls can provide major benefits.
A Virtual Dynamic Shared Object (VDSO), is a shared library that allows application in user space to perform some kernel actions without as much overhead as a system call. The VDSO is often used to provide fast access to the gettimeofday system call data.
Enabling the VDSO instructs the kernel to use its definition of the symbols in the VDSO, rather than the ones found in any user-space shared libraries, particularly the glibc. The effects of enabling the VDSO are system-wide - either all processes use it or none do.
When enabled, the VDSO overrides the glibc definition of gettimeofday with it's own. This removes the overhead of a system call, as the call is made direct to the kernel memory, rather than going through the glibc.