OpenVPN install 
very shorted how-to for OpenVPN installation in a hurry

import repo which contains openvpn as mentioned here: http://alchy.org/index.php?entry=entry110220-095249

then # yum install openvpn.

# cp -r /usr/share/doc/openvpn-2.1.4/easy-rsa/2.0/* /etc/openvpn

# cd /etc/openvpn/

# chmod +x whichopensslcnf clean-all build-ca pkitool uild-key-server build-key-pass build-dh

Set up defaults

# vi vars
# . ./vars
# ./clean-all

Build the certificate authority (CA)

# ./build-ca

Generate certificate & key for server

# ./build-key-server server

Generate certificates & keys for clients

# build-key-pass client1

Generate Diffie Hellman parameters

./build-dh

Link

# ln -s keys/1024.pem ./dh1024.pem
# ln -s keys/server.crt ./server.crt
# ln -s keys/server.key ./server.key
# ln -s keys/ca.crt ./ca.crt


Debug:

"/usr/sbin/openvpn" --config /etc/openvpn/server.conf


Client's ovpn.conf:

client
proto tcp
dev tun
ca ca.crt
dh dh1024.pem
cert client01.crt
key client01.key
keysize 128
remote xxx.xx.xx.xx 1194
cipher BF-CBC
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind




[ add comment ] ( 9 views )   |  [ 0 trackbacks ]   |  permalink
FWbuilder repo for CentOS 
[root@gw ~]# cat > /etc/yum.repos.d/fwbuilder.repo

[fwbuilder]
name=Firewall Builder
failovermethod=priority
baseurl=http://www.fwbuilder.org/rpm/stable/rhel-$releasever-$basearch
enabled=1

wget http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc
rpm --import PACKAGE-GPG-KEY-fwbuilder.asc

yum install fwbuilder


[ 1 comment ] ( 65 views )   |  [ 0 trackbacks ]   |  permalink
RPMforge repo CentOS 5/6 
RPMforge is a collaboration of Dag and other packagers. They provide over 5000 packages for CentOS, including wine, vlc, mplayer, xmms-mp3, and other popular media tools. It is not part of Red Hat or CentOS but is designed to work with those distributions.

RPMforge repo for Centos 5
http://wiki.centos.org/AdditionalResour ... 4998926a1b

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
wget http://packages.sw.be/rpmforge-release/ ... x86_64.rpm
rpm -ivh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm


RPMforge repo for Centos 6
[root@gw ~]# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.i686.rpm
warning: rpmforge-release-0.5.2-2.el6.rf.i686.rpm: Header V3 DSA/SHA1 Signature, key ID 6b8d79e6: NOKEY
Preparing... ########################################### [100%]
1:rpmforge-release ########################################### [100%]
[root@gw ~]# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt


http://wiki.centos.org/AdditionalResour ... 92d1398e01

[ add comment ] ( 11 views )   |  [ 0 trackbacks ]   |  permalink
Splunk: A quick tutorial on how to make charts & graphs in Splunk 3.x 
http://vimeo.com/4452923

timechart avg(size) by relay
timechart count(relay) by from usenull=f
timechart count by group

splunkbase

http://splunkbase.splunk.com/

splunk on F5

http://splunkbase.splunk.com/apps/Integ ... Generation

splunk on snort

http://splunkbase.splunk.com/apps/All/4 ... Splunk+4.x

[ add comment ] ( 28 views )   |  [ 0 trackbacks ]   |  permalink
Splunk: Use field lookups to add information to your events  


http://www.splunk.com/base/Documentatio ... okupsplunk

[ add comment ] ( 28 views )   |  [ 0 trackbacks ]   |  permalink
PAM Pass Through Authentication Plug-in for Directory Server 
Many organizations have authentication mechanisms already in place. They may not want to have the LDAP server be the central repository for authentication credentials and the authentication mechanism. The typical deployment would use PAM as the gateway to authentication. They do want to have many apps use the LDAP server for authentication and for authorization, user information, etc., just not as the authoritative data source for credentials. GSS/SASL is typically used for this e.g. for Kerberos, you can use your ticket to authenticate to the DS - the DS "passes through" the authentication to Kerberos. But many apps cannot (or will not) use SASL as their authentication mechanism - they must use simple cleartext password BINDs. For these applications, it would be very useful to have the DS pass through the auth creds to PAM.


http://directory.fedoraproject.org/wiki ... in_for_PAM

[ add comment ] ( 30 views )   |  [ 0 trackbacks ]   |  permalink
church is a hospital for sinners 
church is a hospital for sinners

[ add comment ] ( 10 views )   |  [ 0 trackbacks ]   |  permalink
Multi Level Security / LSPP Overview  
The MLS functionality in SE Linux is being developed as part of the Common Criteria LSPP certification work. The LSPP work aims to get LSPP , RBAC , and CAPP certification at EAL 4+

all together: http://fedoraproject.org/wiki/SELinux/MLS

[ add comment ] ( 10 views )   |  [ 0 trackbacks ]   |  permalink
AllowUsers for SquirrelMail 
A "patch" which allows you to define users which can gain access to SquirrelMail web interface. The patch is a wrapper around the line "$imap_stream = @fsockopen($imap_server_address, $imap_port, $error_number, $error_string, 15);" which is used in function sqimap_login in file /var/www/html/functions/imap_general.php

/* -------user login patch by alchy--------------------------------------------------------------- */

$user_found = FALSE;
/**
* ALLOWUSERS: "patch" to SquirrelMail
* uses file "/etc/allow_webmail" where you should put all the users to allow access SqMail
* one user per line
*/
$handle = @fopen("/etc/allow_webmail", "r");

if ($handle)
{
while ( !feof($handle) )
{
$buffer = fgets( $handle, 4096 );
#logout_error( _("diag: nacetl jsem '$buffer' a srovnavam s '$username'") );
if ( strcmp( rtrim( $buffer ), $username ) == 0 ) {
$user_found = TRUE;
#logout_error( _("diag: nastavuji hodnotu user_found!") );
}
}
fclose($handle);
} else {
logout_error( _("Chyba: Nemohu pristpupit na soubor /etc/allow_webmail.") );
exit;
}


if ( $user_found == FALSE ) {
logout_error( _("Pozor: uzivateli $username neni povoleno se prihlasit prostrednictvim teto aplikace.") );
exit;
} else
{
$imap_stream = @fsockopen($imap_server_address, $imap_port, $error_number, $error_string, 15);
}

/* ----------------------------------------------------------------------------------------------- */



[ add comment ] ( 8 views )   |  [ 0 trackbacks ]   |  permalink
The Linux Audit Framework 
The document linked below seems like a pretty decent overview of the auditing functionality on Linux. The link is here.The vital page is http://people.redhat.com/sgrubb/audit/index.html - the audit HQ.

To create a report that focuses on the login attempts to your machine, run the
aureport -l command. This command generates a numbered list of all loginrelated
events including date, time, audit ID, host and terminal used, name of the
executable, success or failure of the attempt, and an event ID.

aureport -l
Login Report
============================================
# date time auid host term exe success event
============================================
1. 04/23/2007 12:38:38 PM root earth.example.com /dev/pts/0 /usr/sbin/sshd yes 1624
2. 04/23/2007 01:38:12 PM root earth.example.com /dev/pts/1 /usr/sbin/sshd yes 1655
3. 04/23/2007 03:32:58 PM root 192.168.0.20 /dev/pts/0 /usr/sbin/sshd yes 1712


Also, there is a RH discussion list: http://blog.gmane.org/gmane.linux.redha ... ity.audit/

Code snippet which prints the login successes or failures even with sudo or su attempts.

# ausearch -m USER_AUTH -i | sed -n "s/.*msg=audit(\([^ ]*\) \([^. ]*\).[0-9]*[:]\([0-9]*\).* uid=\([^ ]*\).* auid=\([^ ]*\).* user=\([^ ]*\) exe=\([^ ]*\).* addr=\([^,]*\).* result=\([a-zA-Z]*\).*/\date='\1' time='\2' avc='\3' uid='\4' auid='\5' user='\6' exe='\7' addr='\8' result='\9'/p"

date='01/11/2011' time='07:50:24' avc='5' uid='root' auid='unset' user='root' exe='/bin/su' addr='?' result='Success'
date='01/11/2011' time='07:50:31' avc='11' uid='root' auid='unset' user='test' exe='/bin/su' addr='?' result='Success'


On Red Hat Enterprise Linux AS release 4 (Nahant Update 5) with audit-1.0.15-3.EL4 the ouptut is:

# ausearch -m USER_AUTH -i
----
type=USER_AUTH msg=audit(01/11/2011 07:50:24.457:5) : user pid=3350 uid=root auid=unset msg='PAM authentication: user=root exe=/bin/su (hostname=?, addr=?, terminal=pts/0 result=Success)'
----
type=USER_AUTH msg=audit(01/11/2011 09:40:28.323:30) : user pid=3810 uid=root auid=unset msg='PAM authentication: user=root exe=/usr/sbin/sshd (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh result=Success)'
----
type=USER_AUTH msg=audit(01/11/2011 09:40:59.756:39) : user pid=3849 uid=root auid=unset msg='PAM authentication: user=foo exe=/usr/sbin/sshd (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh result=Authentication
----
type=USER_AUTH msg=audit(01/11/2011 09:41:03.236:41) : user pid=3849 uid=root auid=unset msg='PAM authentication: user=foo exe=/usr/sbin/sshd (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh result=Authentication
----
type=USER_AUTH msg=audit(01/11/2011 09:41:06.738:43) : user pid=3849 uid=root auid=unset msg='PAM authentication: user=foo exe=/usr/sbin/sshd (hostname=localhost.localdomain, addr=127.0.0.1, terminal=ssh result=Authentication


So the sed filter does not work for failures as with RHEL5+. Notice the -i (interpreted) result reports failure as Authentication, which is a bug.

Example how to get rid of some characters:

# ausearch -m USER_AUTH | sed -e "s/'//g" | sed -e "s/\"//g" | se
d -e "s/,//g" | sed -e "s/Authentication failure/failure/g"


Parses out audit USER_AUTH on one line.

#!/bin/bash
# logname contais servername!
# ex: /var/log/syslog-ng/date/unix/servername-audit
if [ "$1" = "" ]; then
echo "specify pathname"
exit
fi
FILE=$1
TMP="/tmp/tmp.$$"
> ${TMP}
AUDIT_HEAD=".*msg=audit(\([^ ]*\) \([^. ]*\).[0-9]*[:]\([0-9]*\).*"
AUDIT_HEAD_P="date='\1' time='\2' avc='\3'"; VAL="\([^ ]*\).*" # space ending value
SERVER=`basename $FILE | sed -e 's/-audit//g'`
ausearch -i -m USER_AUTH -if $FILE 2>/dev/null | \
tr -d '\n' | \
sed -e 's/----/\n/g' | \
strings | \
sed -e "s/'//g" | \
sed -e "s/\"//g" | \
sed -e "s/,//g" | \
sed -e "s/acct/user/g" | \
sed -e "s/res=/result=/g" | \
sed -n "s/${AUDIT_HEAD} uid=${VAL} auid=${VAL} user=*${VAL} exe=${VAL} addr=${VAL} result=\([^)]*\).*/${AUDIT_HEAD_P} uid='\4' auid='\5' user='\6' exe='\7'
addr='\8' result='\9'/p" > ${TMP}

while read line
do
echo -n "server='$SERVER'"
echo " $line"
done < ${TMP}

rm ${TMP}
exit

# comments


[ add comment ] ( 29 views )   |  [ 0 trackbacks ]   |  permalink

<<First <Back | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | Next> Last>>