The Ignored Scales in Jazz 


[ add comment ]   |  [ 0 trackbacks ]   |  permalink
OpenVPN install 
very shorted how-to for OpenVPN installation in a hurry

import repo which contains openvpn as mentioned here: http://alchy.org/index.php?entry=entry110220-095249

then # yum install openvpn.

# cp -r /usr/share/doc/openvpn-2.1.4/easy-rsa/2.0/* /etc/openvpn

# cd /etc/openvpn/

# chmod +x whichopensslcnf clean-all build-ca pkitool uild-key-server build-key-pass build-dh

Set up defaults

# vi vars
# . ./vars
# ./clean-all

Build the certificate authority (CA)

# ./build-ca

Generate certificate & key for server

# ./build-key-server server

Generate certificates & keys for clients

# build-key-pass client1

Generate Diffie Hellman parameters

./build-dh

Link

# ln -s keys/1024.pem ./dh1024.pem
# ln -s keys/server.crt ./server.crt
# ln -s keys/server.key ./server.key
# ln -s keys/ca.crt ./ca.crt


Debug:

"/usr/sbin/openvpn" --config /etc/openvpn/server.conf


Client's ovpn.conf:

client
proto tcp
dev tun
ca ca.crt
dh dh1024.pem
cert client01.crt
key client01.key
keysize 128
remote xxx.xx.xx.xx 1194
cipher BF-CBC
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind




[ 7 comments ]   |  [ 0 trackbacks ]   |  permalink
FWbuilder repo for CentOS 
[root@gw ~]# cat > /etc/yum.repos.d/fwbuilder.repo

[fwbuilder]
name=Firewall Builder
failovermethod=priority
baseurl=http://www.fwbuilder.org/rpm/stable/rhel-$releasever-$basearch
enabled=1

wget http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc
rpm --import PACKAGE-GPG-KEY-fwbuilder.asc

yum install fwbuilder


[ 1 comment ]   |  [ 0 trackbacks ]   |  permalink
RPMforge repo CentOS 5/6 
RPMforge is a collaboration of Dag and other packagers. They provide over 5000 packages for CentOS, including wine, vlc, mplayer, xmms-mp3, and other popular media tools. It is not part of Red Hat or CentOS but is designed to work with those distributions.

RPMforge repo for Centos 5
http://wiki.centos.org/AdditionalResour ... 4998926a1b

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
wget http://packages.sw.be/rpmforge-release/ ... x86_64.rpm
rpm -ivh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm


RPMforge repo for Centos 6
[root@gw ~]# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.i686.rpm
warning: rpmforge-release-0.5.2-2.el6.rf.i686.rpm: Header V3 DSA/SHA1 Signature, key ID 6b8d79e6: NOKEY
Preparing... ########################################### [100%]
1:rpmforge-release ########################################### [100%]
[root@gw ~]# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt


http://wiki.centos.org/AdditionalResour ... 92d1398e01

[ 7 comments ]   |  [ 0 trackbacks ]   |  permalink
Splunk: A quick tutorial on how to make charts & graphs in Splunk 3.x 
http://vimeo.com/4452923

timechart avg(size) by relay
timechart count(relay) by from usenull=f
timechart count by group

splunkbase

http://splunkbase.splunk.com/

splunk on F5

http://splunkbase.splunk.com/apps/Integ ... Generation

splunk on snort

http://splunkbase.splunk.com/apps/All/4 ... Splunk+4.x

[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Splunk: Use field lookups to add information to your events  


http://www.splunk.com/base/Documentatio ... okupsplunk

[ add comment ]   |  [ 0 trackbacks ]   |  permalink
PAM Pass Through Authentication Plug-in for Directory Server 
Many organizations have authentication mechanisms already in place. They may not want to have the LDAP server be the central repository for authentication credentials and the authentication mechanism. The typical deployment would use PAM as the gateway to authentication. They do want to have many apps use the LDAP server for authentication and for authorization, user information, etc., just not as the authoritative data source for credentials. GSS/SASL is typically used for this e.g. for Kerberos, you can use your ticket to authenticate to the DS - the DS "passes through" the authentication to Kerberos. But many apps cannot (or will not) use SASL as their authentication mechanism - they must use simple cleartext password BINDs. For these applications, it would be very useful to have the DS pass through the auth creds to PAM.


http://directory.fedoraproject.org/wiki ... in_for_PAM

[ add comment ]   |  [ 0 trackbacks ]   |  permalink
church is a hospital for sinners 
church is a hospital for sinners

[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Multi Level Security / LSPP Overview  
The MLS functionality in SE Linux is being developed as part of the Common Criteria LSPP certification work. The LSPP work aims to get LSPP , RBAC , and CAPP certification at EAL 4+

all together: http://fedoraproject.org/wiki/SELinux/MLS

[ add comment ]   |  [ 0 trackbacks ]   |  permalink
AllowUsers for SquirrelMail 
A "patch" which allows you to define users which can gain access to SquirrelMail web interface. The patch is a wrapper around the line "$imap_stream = @fsockopen($imap_server_address, $imap_port, $error_number, $error_string, 15);" which is used in function sqimap_login in file /var/www/html/functions/imap_general.php

/* -------user login patch by alchy--------------------------------------------------------------- */

$user_found = FALSE;
/**
* ALLOWUSERS: "patch" to SquirrelMail
* uses file "/etc/allow_webmail" where you should put all the users to allow access SqMail
* one user per line
*/
$handle = @fopen("/etc/allow_webmail", "r");

if ($handle)
{
while ( !feof($handle) )
{
$buffer = fgets( $handle, 4096 );
#logout_error( _("diag: nacetl jsem '$buffer' a srovnavam s '$username'") );
if ( strcmp( rtrim( $buffer ), $username ) == 0 ) {
$user_found = TRUE;
#logout_error( _("diag: nastavuji hodnotu user_found!") );
}
}
fclose($handle);
} else {
logout_error( _("Chyba: Nemohu pristpupit na soubor /etc/allow_webmail.") );
exit;
}


if ( $user_found == FALSE ) {
logout_error( _("Pozor: uzivateli $username neni povoleno se prihlasit prostrednictvim teto aplikace.") );
exit;
} else
{
$imap_stream = @fsockopen($imap_server_address, $imap_port, $error_number, $error_string, 15);
}

/* ----------------------------------------------------------------------------------------------- */



[ add comment ]   |  [ 0 trackbacks ]   |  permalink

<<First <Back | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | Next> Last>>