[ add comment ] ( 28 views ) | [ 0 trackbacks ] | permalink
very shorted how-to for OpenVPN installation in a hurry
import repo which contains openvpn as mentioned here: http://alchy.org/index.php?entry=entry110220-095249
then # yum install openvpn.
# cp -r /usr/share/doc/openvpn-2.1.4/easy-rsa/2.0/* /etc/openvpn
# cd /etc/openvpn/
# chmod +x whichopensslcnf clean-all build-ca pkitool uild-key-server build-key-pass build-dh
Set up defaults
# vi vars
# . ./vars
# ./clean-all
Build the certificate authority (CA)
# ./build-ca
Generate certificate & key for server
# ./build-key-server server
Generate certificates & keys for clients
# build-key-pass client1
Generate Diffie Hellman parameters
./build-dh
Link
# ln -s keys/1024.pem ./dh1024.pem
# ln -s keys/server.crt ./server.crt
# ln -s keys/server.key ./server.key
# ln -s keys/ca.crt ./ca.crt
Debug:
"/usr/sbin/openvpn" --config /etc/openvpn/server.conf
Client's ovpn.conf:
client
proto tcp
dev tun
ca ca.crt
dh dh1024.pem
cert client01.crt
key client01.key
keysize 128
remote xxx.xx.xx.xx 1194
cipher BF-CBC
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
[ add comment ] ( 9 views ) | [ 0 trackbacks ] | permalink
[root@gw ~]# cat > /etc/yum.repos.d/fwbuilder.repo
[fwbuilder]
name=Firewall Builder
failovermethod=priority
baseurl=http://www.fwbuilder.org/rpm/stable/rhel-$releasever-$basearch
enabled=1
wget http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc
rpm --import PACKAGE-GPG-KEY-fwbuilder.asc
yum install fwbuilder
[ 1 comment ] ( 65 views ) | [ 0 trackbacks ] | permalink
RPMforge is a collaboration of Dag and other packagers. They provide over 5000 packages for CentOS, including wine, vlc, mplayer, xmms-mp3, and other popular media tools. It is not part of Red Hat or CentOS but is designed to work with those distributions.
RPMforge repo for Centos 5
http://wiki.centos.org/AdditionalResour ... 4998926a1b
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
wget http://packages.sw.be/rpmforge-release/ ... x86_64.rpm
rpm -ivh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
RPMforge repo for Centos 6
[root@gw ~]# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.i686.rpm
warning: rpmforge-release-0.5.2-2.el6.rf.i686.rpm: Header V3 DSA/SHA1 Signature, key ID 6b8d79e6: NOKEY
Preparing... ########################################### [100%]
1:rpmforge-release ########################################### [100%]
[root@gw ~]# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
http://wiki.centos.org/AdditionalResour ... 92d1398e01
[ add comment ] ( 11 views ) | [ 0 trackbacks ] | permalink
http://vimeo.com/4452923
timechart avg(size) by relay
timechart count(relay) by from usenull=f
timechart count by group
splunkbase
http://splunkbase.splunk.com/
splunk on F5
http://splunkbase.splunk.com/apps/Integ ... Generation
splunk on snort
http://splunkbase.splunk.com/apps/All/4 ... Splunk+4.x
[ add comment ] ( 28 views ) | [ 0 trackbacks ] | permalink
http://www.splunk.com/base/Documentatio ... okupsplunk
[ add comment ] ( 28 views ) | [ 0 trackbacks ] | permalink
Many organizations have authentication mechanisms already in place. They may not want to have the LDAP server be the central repository for authentication credentials and the authentication mechanism. The typical deployment would use PAM as the gateway to authentication. They do want to have many apps use the LDAP server for authentication and for authorization, user information, etc., just not as the authoritative data source for credentials. GSS/SASL is typically used for this e.g. for Kerberos, you can use your ticket to authenticate to the DS - the DS "passes through" the authentication to Kerberos. But many apps cannot (or will not) use SASL as their authentication mechanism - they must use simple cleartext password BINDs. For these applications, it would be very useful to have the DS pass through the auth creds to PAM.
http://directory.fedoraproject.org/wiki ... in_for_PAM
[ add comment ] ( 30 views ) | [ 0 trackbacks ] | permalink
church is a hospital for sinners
[ add comment ] ( 10 views ) | [ 0 trackbacks ] | permalink
The MLS functionality in SE Linux is being developed as part of the Common Criteria LSPP certification work. The LSPP work aims to get LSPP , RBAC , and CAPP certification at EAL 4+
all together: http://fedoraproject.org/wiki/SELinux/MLS
[ add comment ] ( 10 views ) | [ 0 trackbacks ] | permalink
A "patch" which allows you to define users which can gain access to SquirrelMail web interface. The patch is a wrapper around the line "$imap_stream = @fsockopen($imap_server_address, $imap_port, $error_number, $error_string, 15);" which is used in function sqimap_login in file /var/www/html/functions/imap_general.php
/* -------user login patch by alchy--------------------------------------------------------------- */
$user_found = FALSE;
/**
* ALLOWUSERS: "patch" to SquirrelMail
* uses file "/etc/allow_webmail" where you should put all the users to allow access SqMail
* one user per line
*/
$handle = @fopen("/etc/allow_webmail", "r");
if ($handle)
{
while ( !feof($handle) )
{
$buffer = fgets( $handle, 4096 );
#logout_error( _("diag: nacetl jsem '$buffer' a srovnavam s '$username'") );
if ( strcmp( rtrim( $buffer ), $username ) == 0 ) {
$user_found = TRUE;
#logout_error( _("diag: nastavuji hodnotu user_found!") );
}
}
fclose($handle);
} else {
logout_error( _("Chyba: Nemohu pristpupit na soubor /etc/allow_webmail.") );
exit;
}
if ( $user_found == FALSE ) {
logout_error( _("Pozor: uzivateli $username neni povoleno se prihlasit prostrednictvim teto aplikace.") );
exit;
} else
{
$imap_stream = @fsockopen($imap_server_address, $imap_port, $error_number, $error_string, 15);
}
/* ----------------------------------------------------------------------------------------------- */
[ add comment ] ( 8 views ) | [ 0 trackbacks ] | permalink