My Tech Note's

Autor: hexcode (Page 2 of 4)

Howto convert rrd files between architectures

While migrating cacti over to a new virtual machine I’ve got “ERROR: This RRD was created on another architecture” when generate new graph
you need convert  all rrd files from  32bit to 64bit.
On the 32 bit machine in <directory_cacti>/rra/ and run then:

for i in `find ./ -type f -name “*.rrd” -print`; \
do \
rrdtool dump $i > $i.xml; \
done

Copy all xml files to the other 64b machine, and put on same location and run then on 64b machine:

for i in `ls *.xml`; \
do \
rrdtool restore $i `echo $i |sed s/.xml//g`; \
done

PHP: Unable to load dynamic library suhosin.so on Debian 7

After upgrading to Debian 7 (from Debian 6), the PHP produce error like
" PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/suhosin.so' - /usr/lib/php5/20100525/suhosin.so: cannot open shared object file" 
Reason why it happen:
  php5-suhosin depends on an obsolete version of phpapi-20090626+lfs
  so php5-suhosin is removed during the upgrade... but the PHP config
  snippet /etc/php5/conf.d/suhosin.ini isn't purged... so PHP still
  try to load the module suhosin.so.

The release notes should document that the user should:
  dpkg -P php5-suhosin


more info

SSH Tunnel on Mac OSX with Google Chrome

Sometimes, the port forward is insufficient, but you can setup the proxy local throught ssh client.
after all, you can launch the Google Chrome to using the local proxy.

ssh [email protected] -CN -D 12345

-D means:

-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding.  This works by allocating a socket to listen to port on the local side, optionally
bound to the specified bind_address.  Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the appli-
cation protocol is then used to determine where to connect to from the remote machine.  Currently the SOCKS4 and SOCKS5 protocols are supported, and
ssh will act as a SOCKS server.  Only root can forward privileged ports.  Dynamic port forwardings can also be specified in the configuration file.

IPv6 addresses can be specified by enclosing the address in square brackets.  Only the superuser can forward privileged ports.  By default, the local
port is bound in accordance with the GatewayPorts setting.  However, an explicit bind_address may be used to bind the connection to a specific
address.  The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or `*’ indicates
that the port should be available from all interfaces.

-N means:

     -N      Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2 only).

-C means:

-C      Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP connections).  The compression algorithm is the
same used by gzip(1), and the “level” can be controlled by the CompressionLevel option for protocol version 1.  Compression is desirable on modem
lines and other slow connections, but will only slow down things on fast networks.  The default value can be set on a host-by-host basis in the con-
figuration files; see the Compression option.

 

And now you can launch the Google Chrome

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome –proxy-server=”socks5://localhost:12345″

And now, you can “surf” through the local proxy server. 🙂

 

Howto make simple duplicate packet with scapy

With scapy you can do any think.

This example, all packets to port 162 are sent to another machine too

#/usr/bin/env python2.6
from scapy.all import *
ipdst="78.78.78.78"
while True:
        pkt = sniff(count = 1,filter="udp and dst port 162")
        if pkt[0].haslayer(UDP):
                ipsrc=str(pkt[0][IP].src)
                send(IP(src=ipsrc,dst=ipdst)/UDP(sport=1234,dport=162)/pkt[0][SNMP])

[warning]

you can do with TCP.

[/warning]

 

Howto VPN over SSH

[warning]After all, you need openssh v4.3 and tuntap installed on both machines.[/warning]

Steps:

server1 # ssh [email protected] -NTCf -w 0:0

 -N Do not execute a remote command. This is useful for just forwarding ports.
-T Disable pseudo-tty allocation.
-C Requests compression of all data 
-f Requests ssh to go to background just before command execution.

[notice]

You need this options on sshd_config

PermitRootLogin yes

PermitTunnel yes

[/notice]

Configure the interfaces:

On the server1

server1 # ip link set tun0 up

server 1 # ip addr add 10.10.10.1/32 peer 10.10.10.2 dev tun0

On the server2

server2 # ip link set tun0 up

server2 # ip addr add 10.10.10.2/32 peer 10.10.10.1 dev tun0

 

And this moment, you have connection btw two servers, you can do ping 10.10.10.2 on the server1

 

now, you need configure the routing table

if you want routed all traffic

on the server1:

server1 # route add -host ip_server1 gw gateway_on_your_network

server1 # route del default gw gateway_on_your_network

server1 # route add default gw 10.10.10.2

on the server2:

server2 # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

(eth0 are connected to internet/lan)

server2 # echo 1 > /proc/sys/net/ipv4/ip_forward

 

Now, all traffic btw server1 and server2 are encripted 🙂

O que está na moda é “Dupla tributação”

Pois é… pelos a dita “dupla tributação” está na moda…

Há um concerto que quero ir ver/assistir, lá fui eu a este website para comprar os bilhetes.

Selecionei o concerto e as cadeiras (são lugares marcados), até aqui tudo bem.

Lá estava eu todo contente, por haver lugares livres, decidi então marcar os lugares e prosseguir o referido pagamento.

preço

Quando começo a olhar o preço final, e quando deparei no “Custos de Operação” achei muito caro.

Por ex. na FNAC só cobram 1€ por cada bilhete!!!

Continue reading

Cisco AnyConnect error on Windows 7

I’ve try to install the cisco anyconnect on my windows 7, but i’ve erro “The VPN client agent was unable to create the interprocess communication depot”

To resolv this issue, you need disable the ICS (Internet Connection Sharing).

1) Click on the start button
2) type services.msc and press enter
3) find the ICS – Internet Connection Sharing and double-click
4) change startup type to disabled
And reboot.

 

After this procedure, you can try to install the anyconnect client.

 

Tutorial: make tunnel secure between two linux boxe’s

This example is based on two boxe’s debian, Client and Server

 

explain

 

Note: box1 has ip address 1.2.3.5 and box2 has ip address 1.2.3.4

  1. Install the package stunnel on both servers
    $ apt-get install -y stunnel
  2. configure the stunnel config on client box
    $ vim /etc/stunnel/stunnel.conf
    cert = /etc/ssl/certs/stunnel.pem
    chroot = /var/lib/stunnel4/
    setuid = stunnel4
    setgid = stunnel4
    pid = /stunnel4.pid
    ;socket = l:TCP_NODELAY=1
    ;socket = r:TCP_NODELAY=1
    debug = 7
    output = /var/log/stunnel4/stunnel.log
    client = yes[boxserver]
    accept = 127.0.0.1:1234
    connect = 1.2.3.4:1234
  3. configure the stunnel config on server box
    vim /etc/stunnel/stunnel.conf
    cert = /etc/ssl/certs/stunnel.pem
    chroot = /var/lib/stunnel4/
    setuid = stunnel4
    setgid = stunnel4
    pid = /stunnel4.pid
    ;socket = l:TCP_NODELAY=1
    ;socket = r:TCP_NODELAY=1
    debug = 7
    output = /var/log/stunnel4/stunnel.log
    client = yes[boxserver]
    accept = 1234 
    connect = 127.0.0.1:4321
  4. start the service on both servers
    $ service syslog-ng start
  5. check connection
    $ netstat -antp | grep 1234
  6. to test with one simple message
    – On the server box (to listen)
    $ nc -p 1234 -l
    – On the client box
    $ ( echo “Test msg”;  echo “Test the second message”; ) | nc 127.0.0.1 1234
  7. check on the server box, and you will see the messages
  8. And now, you are ready to setup por exeample syslog between box’s linux

How to retrieve the kernel source for Raspbian’s

It seems to me, there is no kernel 3.1.9+ source deb package in Raspbian repository. According to Alex Bradbury (asb) they built the Raspbian kernel based on https://github.com/raspberrypi/linux. Based on this kernel compilation documentation I did the following (as root):

cd /usr/src
git clone --depth 1 https://github.com/raspberrypi/linux.git
ln -s linux linux-3.1.9+
cd linux
zcat /proc/config.gz > .config
ln -s /usr/src/linux /lib/modules/3.1.9+/build

After that I was able to recompile the external module.

 

source

« Older posts Newer posts »

© 2020 Sec&Stuff&Others

Theme by Anders NorenUp ↑