My Tech Note's

Mês: Janeiro 2013

Tutorial: make tunnel secure between two linux boxe’s

This example is based on two boxe’s debian, Client and Server

 

explain

 

Note: box1 has ip address 1.2.3.5 and box2 has ip address 1.2.3.4

  1. Install the package stunnel on both servers
    $ apt-get install -y stunnel
  2. configure the stunnel config on client box
    $ vim /etc/stunnel/stunnel.conf
    cert = /etc/ssl/certs/stunnel.pem
    chroot = /var/lib/stunnel4/
    setuid = stunnel4
    setgid = stunnel4
    pid = /stunnel4.pid
    ;socket = l:TCP_NODELAY=1
    ;socket = r:TCP_NODELAY=1
    debug = 7
    output = /var/log/stunnel4/stunnel.log
    client = yes[boxserver]
    accept = 127.0.0.1:1234
    connect = 1.2.3.4:1234
  3. configure the stunnel config on server box
    vim /etc/stunnel/stunnel.conf
    cert = /etc/ssl/certs/stunnel.pem
    chroot = /var/lib/stunnel4/
    setuid = stunnel4
    setgid = stunnel4
    pid = /stunnel4.pid
    ;socket = l:TCP_NODELAY=1
    ;socket = r:TCP_NODELAY=1
    debug = 7
    output = /var/log/stunnel4/stunnel.log
    client = yes[boxserver]
    accept = 1234 
    connect = 127.0.0.1:4321
  4. start the service on both servers
    $ service syslog-ng start
  5. check connection
    $ netstat -antp | grep 1234
  6. to test with one simple message
    – On the server box (to listen)
    $ nc -p 1234 -l
    – On the client box
    $ ( echo “Test msg”;  echo “Test the second message”; ) | nc 127.0.0.1 1234
  7. check on the server box, and you will see the messages
  8. And now, you are ready to setup por exeample syslog between box’s linux

How to retrieve the kernel source for Raspbian’s

It seems to me, there is no kernel 3.1.9+ source deb package in Raspbian repository. According to Alex Bradbury (asb) they built the Raspbian kernel based on https://github.com/raspberrypi/linux. Based on this kernel compilation documentation I did the following (as root):

cd /usr/src
git clone --depth 1 https://github.com/raspberrypi/linux.git
ln -s linux linux-3.1.9+
cd linux
zcat /proc/config.gz > .config
ln -s /usr/src/linux /lib/modules/3.1.9+/build

After that I was able to recompile the external module.

 

source

VirtualBox on OS-X Host – howto mount a external USB drive

you can't mount the external usb drive, because the permission on /dev/vboxdrv

To check usb's devices, and u can check if the external stroage are available or not.

$ VBoxManage list usbhost

Manufacturer: JMicron
Product: Storage

Current State: Unavailable

This mean, the VirtualBox doesnt have permssion.

 

To resolv this issue:

you need manipulating the permission on /dev/vboxdrv, so open the terminal

1) sudo su –

2)  unload the kernel extension:

kextunload -b com.apple.iokit.IOUSBMassStorageClass

3) change the group and set permission

after:

# ls -lah /dev/vboxdrv
crw——- 1 root wheel 36, 0 Jan 25 19:22 /dev/vboxdrv

 chgrp vboxusers /dev/vboxdrv
 chmod g+rw /dev/vboxdrv

before:

# ls -lah /dev/vboxdrv
crw-rw—- 1 root admin 36, 0 Jan 25 19:22 /dev/vboxdrv

4) load the kernel extension:

kextload com.apple.iokit.IOUSBMassStorageClass

 

After the procedure, u can mount the external storage on virtual machine.

 

Resolution to “perl: warning: Setting locale failed.” on debian

When this appears

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
    LANGUAGE = (unset),
    LC_ALL = (unset),
    LC_CTYPE = “UTF-8”,
    LANG = “en_US.UTF-8”
    are supported and installed on your system.
perl: warning: Falling back to the standard locale (“C”).

the solution is:

# echo “LC_ALL=C” > /etc/default/locale

 

TACACS Server using tac plus

From Wikipedia, the free encyclopedia:

In computer networking, TACACS+ (Terminal Access Controller Access-Control System Plus) is a Cisco Systems proprietary protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services.

TACACS+ is a protocol for AAA services (Authentication, Authorisation, Accounting), very similar to RADIUS. Servers using RADIUS or TACACS protocol are often called NAS (Network Access Server), not to be confused with NAS – (Network Attached Storage).

 

 Installation

 

$ cd /usr/src

Continue reading

© 2020 Sec&Stuff&Others

Theme by Anders NorenUp ↑