yum install telnet telnet-server
vi /etc/xinetd.d/telnet
disable = yes‘ to ‘disable = no‘
service xinetd restart
chkconfig xinetd on - The service is enabled permanently
Junior IT Blogspot
“If you can't explain it simply, you don't understand it well enough”
Tungkol sa Akin
- jeusef-mattheo
- Manila, Catholic, Philippines
- Si Albert Einstein[1] (Marso 14, 1879–Abril 18, 1955) ay isang Aleman-Swiss-Amerikanong pisikong teoretikal na kinikilala bilang isa sa pinakamahalagang siyentista/siyentipiko sa ika-dalawampung siglo at isa sa pinakamahusay na pisikong nabuhay sa kasaysayan ng agham. Ang pinakamahalagang papel na kanyang ginampanan sa agham ay ang pagbuo ng espesyal na teoriya ng relatibidad at teoriyang pangkalahatang relatibidad. Sa karagdagan, marami siyang naiambag sa teoriyang kwantum at mekaniks na estatistikal. Siya ay naparangalan ng Gantimpalang Nobel sa kanyang paliwanag sa epektong potoelektrika noong 1905. Si Einstein ay nakilala sa buong mundo matapos na mapatunayan ang prediksiyon ng kanyang teoriyang pangkalahatang relatibidad na ang sinag(light rays) ng malalayong bituin ay malilihis ng grabidad ng araw. Ito ay napatunayan noong Nobyembre 7, 1919 sa ekspedisyon na ginawa ng mga inglaterong siyentipiko upang pagmasdan ang Eklipseng solar na naganap nang taong iyon sa Aprika. Dahil sa kanyang katalinuhan at orihinalidad, ang salitang "Einstein" ay naging sinonimo ng salitang "henyo"
Martes, Enero 8, 2013
Miyerkules, Nobyembre 7, 2012
HOW TO INSTALL AWSTATS ON CENTOS 6
1. Download and install the rpmforge repository.
- http://apt.sw.be/redhat/el6/en/i386/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
2. Install AWStats with yum command:
- [root@VMb0x download]# yum --enablerepo=rpmforge install awstats –y
3. Edit AWStats Apache Configuration
- [root@VMb0x ~]# vi /etc/httpd/conf.d/awstats.conf
4. Rename config file localhost.localdomain.conf to www.my.logtest.conf
- mv /etc/awstats/awstats.localhost.localdomain.conf /etc/awstats/awstats.www.my.logtest.conf
5. Modify “SiteDomain” on Line 153 as below
- SiteDomain="www.my.logtest"
6. Modify “HostAliases” on Line 168 as below
- HostAliases="localhost 127.0.0.1 REGEX[my\.local$] REGEX[^10\.0\.0\.]"
7. Restart the apache service
- [root@VMb0x httpd]# /etc/init.d/httpd start
8. Verify & update Install
- http://servername/awstats/awstats.pl?config=www.my.logtest
Lunes, Abril 23, 2012
How to setup a VSFTPD
Install Vsftpd FTP Server
Vsftpd Defaults
- Default port: TCP / UDP - 21 and 20
- The main configuration file: /etc/vsftpd/vsftpd.conf
- Users that are not allowed to login via ftp: /etc/vsftpd/ftpusers
Configure Vsftpd Server
Open the configuration file, type:
Turn off standard ftpd xferlog log format:
# vi /etc/vsftpd/vsftpd.conf
Turn off standard ftpd xferlog log format:
xferlog_std_format=NO
Turn on verbose vsftpd log format. The default vsftpd log file is /var/log/vsftpd.log:
log_ftp_protocol=YES
Above to directives will enable logging of all FTP transactions. Lock down users to their home directories:
chroot_local_user=YES
Create warning banners for all FTP users:
banner_file=/etc/vsftpd/issue
Create /etc/vsftpd/issue file with a message compliant with the local site policy or a legal disclaimer:
NOTICE TO USERS Use of this system constitutes consent to security monitoring and testing. All activity is logged with your host name and IP address.
Turn On Vsftpd Service
Turn on vsftpd on boot:
Start the service:
# chkconfig vsftpd on
Start the service:
# service vsftpd start
# netstat -tulpn | grep :21
Configure Iptables To Protect The FTP Server
Open file /etc/sysconfig/iptables, enter:
Add the following lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT:
# vi /etc/sysconfig/iptables
Add the following lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT:
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
Open file /etc/sysconfig/iptables-config, enter:
Ensure that the space-separated list of modules contains the FTP connection tracking module:
# vi /etc/sysconfig/iptables-config
Ensure that the space-separated list of modules contains the FTP connection tracking module:
IPTABLES_MODULES="ip_conntrack_ftp"
Save and close the file. Restart firewall:
# service iptables restart
http://www.cyberciti.biz/tips/rhel-fedora-centos-vsftpd-installation.html
Martes, Abril 10, 2012
Lunes, Enero 23, 2012
Basic Configuration on Cisco ASA 5520
http://www.security-solutions.co.za/CISCO-ASA-5520-configuration-example.html
The initial configuration of the device has to be done on the Command Line Interface and example of that is included bellow
Hostname domain name and ssh keys generation
First of all you need to configure the initial settings of the device with a hostname and a domain name in order to be able generate SSH usage keys
hostname test-asa
domain-name test-asa.com
enable password ZdcH9lbXsA2JtS18 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
crypto key generate rsa usage-keys
domain-name test-asa.com
enable password ZdcH9lbXsA2JtS18 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
crypto key generate rsa usage-keys
Management interface
Then you need to configure the the management interface with an ip address in order to be able to connect to the computer you are managing the device from
interface Management0/0
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
Upgrade the Cisco IOS
Then you need to copy the latest release of the cisco IOS software for the appropriate appliance version from the TFTP server (usually your laptop's ip address here depicted as 192.168.1.100 running a TFTP server that can be downloaded here)
copy tftp://192.168.1.100/asa821-k8.bin flash:
boot system disk0:/asa821-k8.bin
Management Gui Configuration
Then you you need to configure the ASDM gui management interface of the ASA .Bear in mind once the image file is copied to the flash of the device you also need to enable the http server and enable who is able to access the service
copy tftp://192.168.1.100/asdm-621.bin flash:
asdm image disk0:/asdm-621.bin
http server enable
http 0 0 inside
Basic Static Routing Configuration
Then you need to configure the basic outside interface parameters as well as routing on the outside interface so you can communicate with the outside world.Once that's done you have to enable the transition of traffic from the inside interface trough a feature called network address translation or NAT.A lot of things have been written about nat i am not going to go trough all of them here suffice to say if you issue the bellow commands the translation will happen and you will be able to establish a bridge between the inside and the outside interfaces.
interface GigabitEthernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 196.15.131.202 255.255.255.240
speed 100
duplex full
nameif outside
security-level 0
ip address 196.15.131.202 255.255.255.240
! the bellow command is used to enable default routing on the ASA device using 196.15.131.201 as the default destination to send its traffic to
route outisde 0 0 196.15.131.201
Basic Global Natting Configuration
The natting feature is basically used on the Cisco ASA as measure of protecting your private network addresses when they are accessing the internet.Its achieved by the bellow commands
nat (inside) 1 192.168.0.0 255.255.0.0
global (outside) 1 interface
More complex Cisco NATing Concepts
The bellow Section Describes natting order of operation in more detail.Cisco ASA natting is considered one of the most complicated and challenging subjects .If it looks intimidating thats because it is .If you require some assistance with that you can always contact us for more info.
Order of NAT Commands Used to Match Real Addresses
The security appliance matches real addresses to NAT commands in the following order:
The security appliance matches real addresses to NAT commands in the following order:
1. NAT exemption (nat 0 access-list)—In order, until the first match. Identity NAT is not included in this category; it is included in the regular static NAT or regular NAT category. We do not recommend overlapping addresses in NAT exemption statements because unexpected results can occur.
2. Static NAT and Static PAT (regular and policy) (static)—In order, until the first match. Static identity NAT is included in this category.
3. Policy dynamic NAT (nat access-list)—In order, until the first match. Overlapping addresses are
allowed.
allowed.
4. Regular dynamic NAT (nat)—Best match. Regular identity NAT is included in this category. The order of the NAT commands does not matter; the NAT statement that best matches the real address is used. For example, you can create a general statement to translate all addresses (0.0.0.0) on an interface. If you want to translate a subset of your network (10.1.1.1) to a different address, then you can create a statement to translate only 10.1.1.1. When 10.1.1.1 makes a connection, the specific statement for 10.1.1.1 is used because it matches the real address best. We do not recommend using overlapping statements; they use more memory and can slow the performance of the security appliance.
Basic Access list Configuration
Then you you need to configure some access lists allowing certain hosts to access resources on the internet or other connected interfaces on the firewall.Then assign and apply that access group to the inside interface
access-list inside extended permit ip any any
access-group inside in interface inside
Basic Troubleshooting commands enabling
After that's done you have configured the basic settings on your ASA device .The bellow settings are recommended in order to troubleshoot simple connectivity and other issues you may encounter on the asa device by the ways of logging .The logging functionality on the ASA is extensive and is unparalleled in troubleshooting usefulness in determining where the problem lies .
logging enable
logging timestamp
logging buffer-size 999999
logging buffered debugging
logging trap debugging
logging history debugging
logging asdm debugging
logging facility 23
logging timestamp
logging buffer-size 999999
logging buffered debugging
logging trap debugging
logging history debugging
logging asdm debugging
logging facility 23
Viewing the logs on the Cisco ASA appliance
show logging | include 192.168.1.1
Best Practice management Configuration suggestions
A best practice would be to configure remote management access to a device by allowing only a few hosts to connect to the Cisco ASA device for remote management as shown bellow
ssh 196.1.1.1 255.255.255.255 outside
ssh verion 2
How to create user using ASDM
http://globalknowledgeblog.com/technology/security/using-asdm-with-minimum-user-privileges/
Mag-subscribe sa:
Mga Post (Atom)