how to install and enable telnet on Centos 6

yum install telnet telnet-server

vi /etc/xinetd.d/telnet

disable = yes‘ to ‘disable = no‘

service xinetd restart

chkconfig xinetd on - The service is enabled permanently

HOW TO INSTALL AWSTATS ON CENTOS 6

1. Download and install the rpmforge repository.

•  http://apt.sw.be/redhat/el6/en/i386/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.i686.rpm

2. Install AWStats with yum command:

•  [root@VMb0x download]# yum --enablerepo=rpmforge install awstats –y

3. Edit AWStats Apache Configuration

•  [root@VMb0x ~]# vi /etc/httpd/conf.d/awstats.conf

4. Rename config file localhost.localdomain.conf to www.my.logtest.conf

• mv /etc/awstats/awstats.localhost.localdomain.conf /etc/awstats/awstats.www.my.logtest.conf

5. Modify “SiteDomain” on Line 153 as below

• SiteDomain="www.my.logtest"

6. Modify “HostAliases” on Line 168 as below

• HostAliases="localhost 127.0.0.1 REGEX[my\.local$] REGEX[^10\.0\.0\.]"

7. Restart the apache service

• [root@VMb0x httpd]# /etc/init.d/httpd start

8. Verify & update Install

• http://servername/awstats/awstats.pl?config=www.my.logtest

How to setup a VSFTPD

Install Vsftpd FTP Server

Install the vsftpd package via yum command:
# yum install vsftpd

Vsftpd Defaults

1. Default port: TCP / UDP - 21 and 20
2. The main configuration file: /etc/vsftpd/vsftpd.conf
3. Users that are not allowed to login via ftp: /etc/vsftpd/ftpusers

Configure Vsftpd Server

Open the configuration file, type:
# vi /etc/vsftpd/vsftpd.conf
Turn off standard ftpd xferlog log format:

xferlog_std_format=NO

Turn on verbose vsftpd log format. The default vsftpd log file is /var/log/vsftpd.log:

log_ftp_protocol=YES

Above to directives will enable logging of all FTP transactions. Lock down users to their home directories:

chroot_local_user=YES

Create warning banners for all FTP users:

banner_file=/etc/vsftpd/issue

Create /etc/vsftpd/issue file with a message compliant with the local site policy or a legal disclaimer:

NOTICE TO USERS
Use of this system constitutes consent to security monitoring and testing.
All activity is logged with your host name and IP address.

Turn On Vsftpd Service

Turn on vsftpd on boot:
# chkconfig vsftpd on
Start the service:
# service vsftpd start
# netstat -tulpn | grep :21

Configure Iptables To Protect The FTP Server

Open file /etc/sysconfig/iptables, enter:
# vi /etc/sysconfig/iptables
Add the following lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT:

-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT

Open file /etc/sysconfig/iptables-config, enter:
# vi /etc/sysconfig/iptables-config
Ensure that the space-separated list of modules contains the FTP connection tracking module:

IPTABLES_MODULES="ip_conntrack_ftp"

Save and close the file. Restart firewall:
# service iptables restarthttp://www.cyberciti.biz/tips/rhel-fedora-centos-vsftpd-installation.html

Zyxel Switch

ftp://ftp.zyxel.com/GS2200-8/user_guide/GS2200-8_.pdf

ASDM problem

http://www.tek-tips.com/viewthread.cfm?qid=1540963

Basic Configuration on Cisco ASA 5520

http://www.security-solutions.co.za/CISCO-ASA-5520-configuration-example.html

The initial configuration of the device has to be done on the Command Line Interface and example of that is included bellow

Hostname domain name and ssh keys generation

---

First of all you need to configure the initial settings of the device with a hostname and a domain name in order to be able generate SSH usage keys

hostname test-asa
domain-name test-asa.com
enable password ZdcH9lbXsA2JtS18 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
crypto key generate rsa usage-keys

Management interface

---

Then you need to configure the the management interface with an ip address in order to be able to connect to the computer you are managing the device from

interface Management0/0
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0

Upgrade the Cisco IOS

---

Then you need to copy the latest release of the cisco IOS software for the appropriate appliance version from the TFTP server (usually your laptop's ip address here depicted as 192.168.1.100 running a TFTP server that can be downloaded here)

copy tftp://192.168.1.100/asa821-k8.bin flash:

boot system disk0:/asa821-k8.bin

Management Gui Configuration

---

Then you you need to configure the ASDM gui management interface of the ASA .Bear in mind once the image file is copied to the flash of the device you also need to enable the http server and enable who is able to access the service

copy tftp://192.168.1.100/asdm-621.bin flash:

asdm image disk0:/asdm-621.bin

http server enable

http 0 0 inside

Basic Static Routing Configuration

---

Then you need to configure the basic outside interface parameters as well as routing on the outside interface so you can communicate with the outside world.Once that's done you have to enable the transition of traffic from the inside interface trough a feature called network address translation or NAT.A lot of things have been written about nat i am not going to go trough all of them here suffice to say if you issue the bellow commands the translation will happen and you will be able to establish a bridge between the inside and the outside interfaces.

interface GigabitEthernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 196.15.131.202 255.255.255.240

! the bellow command is used to enable default routing on the ASA device using 196.15.131.201 as the default destination to send its traffic to

route outisde 0 0 196.15.131.201

Basic Global Natting Configuration

---

The natting feature is basically used on the Cisco ASA as measure of protecting your private network addresses when they are accessing the internet.Its achieved by the bellow commands

nat (inside) 1 192.168.0.0 255.255.0.0

global (outside) 1 interface

More complex Cisco NATing Concepts

---

The bellow Section Describes natting order of operation in more detail.Cisco ASA natting is considered one of the most complicated and challenging subjects .If it looks intimidating thats because it is .If you require some assistance with that you can always contact us for more info.

Order of NAT Commands Used to Match Real Addresses
The security appliance matches real addresses to NAT commands in the following order:

1. NAT exemption (nat 0 access-list)—In order, until the first match. Identity NAT is not included in this category; it is included in the regular static NAT or regular NAT category. We do not recommend overlapping addresses in NAT exemption statements because unexpected results can occur.

2. Static NAT and Static PAT (regular and policy) (static)—In order, until the first match. Static identity NAT is included in this category.

3. Policy dynamic NAT (nat access-list)—In order, until the first match. Overlapping addresses are
allowed.

4. Regular dynamic NAT (nat)—Best match. Regular identity NAT is included in this category. The order of the NAT commands does not matter; the NAT statement that best matches the real address is used. For example, you can create a general statement to translate all addresses (0.0.0.0) on an interface. If you want to translate a subset of your network (10.1.1.1) to a different address, then you can create a statement to translate only 10.1.1.1. When 10.1.1.1 makes a connection, the specific statement for 10.1.1.1 is used because it matches the real address best. We do not recommend using overlapping statements; they use more memory and can slow the performance of the security appliance.

Basic Access list Configuration

---

Then you you need to configure some access lists allowing certain hosts to access resources on the internet or other connected interfaces on the firewall.Then assign and apply that access group to the inside interface

access-list inside extended permit ip any any

access-group inside in interface inside

Basic Troubleshooting commands enabling

---

After that's done you have configured the basic settings on your ASA device .The bellow settings are recommended in order to troubleshoot simple connectivity and other issues you may encounter on the asa device by the ways of logging .The logging functionality on the ASA is extensive and is unparalleled in troubleshooting usefulness in determining where the problem lies .

logging enable
logging timestamp
logging buffer-size 999999
logging buffered debugging
logging trap debugging
logging history debugging
logging asdm debugging
logging facility 23

Viewing the logs on the Cisco ASA appliance

---

show logging | include 192.168.1.1

Best Practice management Configuration suggestions

---

A best practice would be to configure remote management access to a device by allowing only a few hosts to connect to the Cisco ASA device for remote management as shown bellow

ssh 196.1.1.1 255.255.255.255 outside

ssh verion 2

How to create user using ASDM

http://globalknowledgeblog.com/technology/security/using-asdm-with-minimum-user-privileges/