Yum via a proxy

In case you need to force yum on a Redhat or CentOS system via proxy and authenticate, the quickest way I found was to set the following environment variable, i.e. export from .bash_profile or the likes;
export http_proxy=http://username:password@proxy_server:proxy_port

Cisco 827 Router - Unable to initialize flash device at FFE80000 -- device not found.

It seems that, if the ROMMON software is upgraded, then the older IOS causes the detection of the Flash memory to fail resulting in the error "Unable to initialize flash device at FFE80000 -- device not found." upon bootup. 


After Googling, several site's (e.g. http://www.velocityreviews.com/forums/t30077-cisco-827-flash-memory-and-ios.html) list the upgrade of the IOS as the solution. In hind-sight, to avoid this it may be a good idea to first upgrade the IOS to the latest version before attempting to upgrade the ROMMON.



System Bootstrap, Version xx.x(xx)xxx, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
C827 platform with 32768 Kbytes of main memory





Unable to initialize flash device at FFE80000 -- device not found.
CISCO C827 (MPC855T) processor (revision 0x801) with 31744K/1024K bytes of memory.
Processor board ID JAD06430E2L (2370919839), with hardware revision FD3C
CPU rev number 5
Bridging software.
1 Ethernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
128K bytes of non-volatile configuration memory.





Router>sh ver

Cisco Internetwork Operating System Software
IOS (tm) C827-4V Software (C827V- xx-x), Version xx.x(x)xx, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Mon 10-Apr-00 13:45 by phanguye
Image text-base: 0x80013170, data-base: 0x8067D780


ROM: System Bootstrap, Version xx.x(xx)xxx, RELEASE SOFTWARE (fc1)




Router#show file systems
File Systems:


     Size(b)     Free(b)      Type  Flags  Prefixes
      131072      130366     nvram     rw   nvram:
           -           -    opaque     rw   null:
           -           -    opaque     rw   system:
           -           -   unknown     wo   rommon:
           -           -   network     rw   tftp:
           -           -    opaque     ro   xmodem:
           -           -    opaque     ro   ymodem:
           -           -   network     rw   rcp:
           -           -   network     rw   ftp:

To resolve the issue a newer version of the IOS needs to be installed on the router. This becomes as issue as the "flash:" is not detected. The IOS needs to be installed over the serial interface using the XMODEM commands. Boot to the ROMMON prompt, i.e. reload the router and hit the break sequence.

Depending on the size of the image, this may take a while. Also depening on the router, the ROMMON version, you may be able to configure the xmodem speeds, etc. I used Windows Hyperterminal (hypertrm) for this. Once it's done, set the confreg back (0x2102), if you changed it, and reset the router. Should all be good now.

References:

1. http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a008015bfac.shtml
2. http://www.cisco.com/en/US/docs/routers/access/800/806/software/configuration/notes/820rommon.html

Scapy on Ubuntu

I won't introduce Scapy as there are lots of overview, introductions, tutorials and guides available on Scapy, so just Google for it. I though I'd blog about my install on Ubuntu just in case I need to come back to it at some stage and cannot recall exactly what and how I installed;

1. sudo apt-get update
2. sudo apt-get install tcpdump 
3. sudo apt-get install python
4. sudo apt-get install python-scapy
5. sudo apt-get install graphviz 
6. sudo apt-get install imagemagick 
7. sudo apt-get install python-gnuplot 
8. sudo apt-get install python-crypto
9. sudo apt-get install python-pyx

I may be putting up some scapy script on my webpage in the near future in case anyone is interested. I used scapy for Digital Forensics

Toshiba Recovery Wizard

In case you ever need to perform a recovery on a Toshiba, (obviously after the necessary backups, ensure running on mains power, etc)

1. Turn off laptop.
2. Press and hold "0" (zero) key.
3. Power on laptop.
4. Once the Toshiba splash screen appears, release the "0" (zero) key.
5. Follow the Toshiba Recovery Wizard prompts.

Urbanspoon - Curryville

Took a chance on Urbanspoon and headed to Cilliville for some curry as it was Friday "arvo" and Deb and I were both tired. Read some initial reviews and were a bit cautious.

The Vege Samosas were very authentic. Home made pastery and the fillings were just like right. I got the special "Indian Hot" Vege curry and they weren't kidding around. I had that with rice and then stole some garlic naan from Deb.

They did not over do the decorations either. It has just the right amount of clutter in the right places. Background music was not deafening, but the traffic noise was pissing me off a bit. Overall it was a good feed.


- Posted using BlogPress from my iPhone 3GS

Website Changes

Minor website changes to www.kush.com.fj. Replaced original splash image with new one made using new Hindi script. Also created splash image for Resume page using previous and current business cards. Let me know what you think as well as any more ideas or recommendations for improvements...

Ubuntu 9.10 does not boot up after hibernate!!!

I've been running Ubuntu 9.10 desktp on my HP nx6120 notebook with some success for a little while now. It performs well for my TeX work, occasional web-browsing, VPN, RDP and e-mails. The GUI is enhanced using Mac4Lin. I loved the hibernate feature until late this afternoon when it refused to bootup after hibernating. I would get the splash screen and then nothing... curses!!!.

I managed to find a work-around but am still not sure what the problem was:

1. Boot up the machine with a rescue CDROM
2. Confirm the root partition for the Ubuntu install (in my case it was /dev/sda8, although I only have IDE drives)
3. Boot up the machine and wait for the GRUB prompt
4. Press "e" to edit the entry
5. Replace the "root=UUID..." with "root=/dev/..." on the "linux" line entry
6. Add the entry "no_console_suspend" on the same line
7. Press the "Tab" key to complete the Emacs edit
8. Press "Ctrl+x" to continue booting

Once the machine has bootup as normal, edit the GRUB configuration

1. sudo vi /etc/default/grub 
1. Edit the file to uncomment GRUB_DISABLE_LINUX_UUID
2. Edit the file to add no_console_suspend in the GRUB_CMDLINE_LINUX
3. Save the file and exit
2. sudo /usr/sbin/update-grub

References

• http://computergyan.wordpress.com/tag/ubuntu/
• http://lovehateubuntu.blogspot.com/2009/08/ubuntus-hibernate-wont-wake-up.html

Snort sniff honk !

Snort is an open source intrusion detection system (IDS). Its highly configurable and can be run in a number of modes and architectures, There are a small number of freely available rules to use. For more information refer to the Snort home page http://www.snort.org/. Here are some instructions on getting it setup on CentOS, these were adapted from the Snort Documentation by Patrick Harper at http://assets.sourcefire.com/snort/setupguides/Snort_Base_Minimal.pdf;

1. yum install mysql mysql-bench mysql-server mysql-devel mysqlclient10 php-mysql httpd gcc pcre-devel php-gd gd mod_ssl glib2-devel gcc-c++ php php-pear libpcap-devel
2. vi /etc/httpd/conf/httpd.conf #Edit the httpd.conf file to suit
3. /etc/rc.d/init.d/httpd start
4. /etc/rc.d/init.d/mysqld restart
5. /usr/bin/mysql_secure_installation
6. cd /root
7. mkdir snortinstall
8. cd snortinstall
9. wget http://dl.snort.org/snort-current/snort-2.8.5.3.tar.gz
10. tar zxvf snort-2.8.5.3.tar.gz
11. cd snort-2.8.5.3
12. ./configure --with-mysql --enable-dynamicplugin # Fingers crossed it all goes well
13. make
14. make install
15. /usr/sbin/groupadd snort
16. /usr/sbin/useradd -g snort snort -s /sbin/nologin
17. mkdir -p /etc/snort/rules
18. mkdir -p /var/log/snort
19. cd /root/snortinstall/snort-2.8.5.3/etc
20. cp ./* /etc/snort/
21. cd /root/snortinstall
22. wget http://www.emergingthreats.net/rules/emerging.rules.tar.gz
23. tar zxvf emerging.rules.tar.gz
24. cd rules
25. cp ./* /etc/snort/rules/
26. vi /etc/snort/snort.conf # Edit the snort.conf file to suit
27. /etc/rc.d/init.d/mysqld start
28. mysql -u root -p mysql # Create the snort database and snort database user and set permissions
    
29. cd  /root/snortinstall/snort-2.8.5.3/schemas
30. mysql -u snort -p snort < create_mysql
31. pear install -a Image_Graph-alpha Image_Canvas-alpha Image_Color Numbers_Roman
32. cd /root/snortinstall/
33. wget http://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-510-for-php5/adodb510.tgz?use_mirror=transact
34. wget http://downloads.sourceforge.net/project/secureideas/BASE/base-1.4.4/base-1.4.4.tar.gz?use_mirror=transact
35. cd /var/www
36. tar zxvf /root/snortinstall/adodb510.tgz
37. mv adodb5/ adbodb
38. cd /var/www/html/
39. tar zxvf /root/snortinstall/base-1.4.4.tar.gz
40. mv base-1.4.4/ base
41. cd base
42. cp base_conf.php.dist base_conf.php
43. vi base_conf.php # Edit the file to suit
44. # Load http://SERVERNAME/base in a browser and click on the setup link
45. # Click on Create BASE AG button
46. # Click on the Main Page link

SQL

1. create database snort;
2. create user 'snort'@'localhost' identified by '';
3. grant create, insert, select, delete, update on snort.* to snort@localhost;
4. grant create, insert, select, delete, update on snort.* to snort;

Timing is everything...

Having the correct clock timestamp is very important for logging, maintenance, troubleshooting and even forensic analysis. Timing provides a very important frame of reference for network devices, such as hosts, routers and switches. It would be almost impossible to construct a reliable model of an environment without having a standard and accurate frame of reference, thus timing is everything...

The Hardening Cisco Routers book provides a good reference for Network Time Protocol (NTP) important, and can be found at http://oreilly.com/catalog/hardcisco/chapter/ch10.html. NTP is a very popular way to synchornise system clocks with a central trusted server. Here's a rough guide to getting NTP running on a Linux server;

1. sudo yum install ntp # Install the NTP client
2. sudo vi /etc/ntp.conf # Edit the configuration file to use the nearest server pool. Refer to www.ntp.org to get the pools.
3. sudo mv /etc/localtime /etc/localtime~ # Backup the locatime file
4. sudo ln -s /usr/share/zoneinfo// /etc/localtime # Ensure that the correct locatime file is set for your city
5. sudo ntpdate # Set the date using NTP using the pool specified*
6. sudo /etc/rc.d/init.d/ntp start # Start the NTP client daemon
7. ntpstat # Check that the system clock is synchronised
8. date # Check that the system date is set correctly
9. sudo hwclock -w # Set the hardware clock to the system date

*Note: Ensure that the host allows traffic on port 123 for the NTP protocol to work.

Linux Jump Box VPN

With the Linux Desktop out of the way, and my impending studies in Network Security coming up, I thought I'd preempt the studies with some initial ground work on my old Linux Server. Previously we had an old server at home, that was used mostly as a web proxy (Squid) and Windows (Samba) server to share files and the home printer.

Well, it was time for a change and I decided to rebuilt it into a bastion jump box, with a restructure of the home network as well. I started off by installing a second Network Interface Card (NIC) on it. Then installed a bare CentOS on it. I did a yum update on it to ensure the latest patches and stable packages we installed. Next went through the services and disabled all the unnecessary stuff.

The idea is to separate the internal network from the De-militarized Zone (DMZ). The purpose of the jump box is to sit on the DMZ between the access and choke routers. The jump box will provide Virtual Private Network (VPN) access into the network, as well as providing proxy services such as web proxy, syslog, ssh  and other services.

In the network, both the access and choke router perform Network Address Translation (NAT), Quality of Serverice (QoS), as well as stateful packet inspection (SPI) firewall functions. In addition to SPI, the choke also performs some port forwards to the jump box and the sip phone. All other traffic is dropped.

So to get home from university, I need to VPN in, then use SCP to transfer my files (assignments, reports, etc) and get out again.

To install OpenVPN, perform the following tasks;

1. sudo wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
2. sudo yum --enablerepo=kbs-CentOS-Testing install openvpn
3. sudo find / -name "easy-rsa" # returns something like "/usr/share/openvpn/easy-rsa/"
4. sudo cp -R /usr/share/openvpn/easy-rsa /etc/openvpn/
5. sudo cd /etc/openvpn/easy-rsa/2.0/
6. sudo mkdir keys
7. sudo vi ./vars
8. Change the following variables
1. export KEY_SIZE=2048
2. export KEY_COUNTRY=""
3. export KEY_PROVINCE=""
4. export KEY_CITY=""
5. export KEY_ORG=""
6. export KEY_EMAIL=""
9. sudo bash
10. source ./vars
11. ./clean-all
12. ./build-ca
13. ./build-key-server server #server is the unique name to identify the server
14. ./build-key client #client is the unique name to identify the client (repeat for each client)
15. ./build-dh
16. find / -name "server.conf" # returns something like "/usr/share/doc/openvpn-2.1/sample-config-files/server.conf"
17. cp /usr/share/doc/openvpn-2.1/sample-config-files/server.conf /etc/openvpn
18. Edit the file to suit
19. Copy the Diffie-Hellman pem file (dh2048.pen), the server key file (server.key), and the CA certificate file (ca.crt) to the working directory and start the OpenVPN server (/etc/rc.d/init.d/openvpn start).