Entries Tagged as 'Linux'

Formatting Failure (Error Code:107) – CH3MNAS

After multiple moves of the NAS, one drive failed. So my Raid 1 was gong.

Ordering a new disk and replacing the faulty one, gave me:

Formatting Failure (Error Code:107) (Restart)

I have fun_plug installed, so was able to ssh into the linux kernal of the disk.

root@CH3MNAS:~# mdadm --detail /dev/md0
 Version : 00.90.03
 Creation Time : Sat Jul 1 21:41:07 2017
 Raid Level : raid1
 Array Size : 1951407424 (1861.01 GiB 1998.24 GB)
 Device Size : 1951407424 (1861.01 GiB 1998.24 GB)
 Raid Devices : 2
 Total Devices : 1
Preferred Minor : 0
 Persistence : Superblock is persistent

Update Time : Fri Aug 11 13:46:28 2017
 State : clean, degraded
 Active Devices : 1
Working Devices : 1
 Failed Devices : 0
 Spare Devices : 0

UUID : deca97b0:e9d03d89:02b4d16e:e91b5409
 Events : 0.126622

Number Major Minor RaidDevice State
 0 8 2 0 active sync /dev/sda2
 1 0 0 1 removed

Adding The New Hard Disk:

root@CH3MNAS:~# sfdisk -d /dev/sda | sfdisk /dev/sdb

root@CH3MNAS:~# mdadm –manage /dev/md0 –add /dev/sdb2

root@CH3MNAS:~# cat /proc/mdstat

root@CH3MNAS:~# cat /proc/mdstat
Personalities : [linear] [raid0] [raid1]
md0 : active raid1 sdb2[2] sda2[0]
 1951407424 blocks [2/1] [U_]
 [>....................] recovery = 2.5% (49485376/1951407424) finish=263.8min speed=120113K/sec

Looking MUTCH better..

Stop DHCP INFORM flooding


Windows 7 among others ask for proxy settings using DHCP. The issue is that they do not stop asking until they have received an answer. This results in that the log contains a lot information about these requests, an example can be found below.

2017:07:30-00:12:03 firewall-1 dhcpd: DHCPINFORM from via eth3
2017:07:30-00:12:03 firewall-1 dhcpd: DHCPACK to (00:50:56:ab:38:53) via eth3

2017:07:30-00:14:03 firewall-1 dhcpd: DHCPACK to (00:50:56:ab:38:53) via eth3
2017:07:30-00:14:03 firewall-1 dhcpd: DHCPINFORM from via eth4

Add the following option to the DHCP server:


Installing VMware Tools in a Linux VM

Go to Virtual Machine > Install VMware Tools (or VM > Install VMware Tools).

sudo mkdir /mnt/cdrom
sudo mount /dev/cdrom /mnt/cdrom or sudo mount /dev/sr0 /mnt/cdrom
tar xzvf /mnt/cdrom/VMwareTools-x.x.x-xxxx.tar.gz -C /tmp/
cd /tmp/vmware-tools-distrib/
sudo ./vmware-install.pl -d

sudo reboot

Nmap Cheat Sheet

Nmap Target Selection

Scan a single IP nmap
Scan a host nmap www.testhost.com
Scan a range of IPs nmap
Scan a subnet nmap
Scan targets from a text file nmap -iL list-of-ips.txt

Nmap Port Selection

Scan a single Port nmap -p 22
Scan a range of ports nmap -p 1-100
Scan 100 most common ports (Fast) nmap -F
Scan all 65535 ports nmap -p-

Nmap Port Scan types

Scan using TCP connect nmap -sT
Scan using TCP SYN scan (default) nmap -sS
Scan UDP ports nmap -sU -p 123,161,162
Scan selected ports – ignore discovery nmap -Pn -F

Service and OS Detection

Detect OS and Services nmap -A
Standard service detection nmap -sV
More aggressive Service Detection nmap -sV –version-intensity 5
Lighter banner grabbing detection nmap -sV –version-intensity 0

Nmap Output Formats

Save default output to file nmap -oN outputfile.txt
Save results as XML nmap -oX outputfile.xml
Save results in a format for grep nmap -oG outputfile.txt
Save in all formats nmap -oA outputfile

Digging deeper with NSE Scripts

Scan using default safe scripts nmap -sV -sC
Get help for a script nmap –script-help=ssl-heartbleed
Scan using a specific NSE script nmap -sV -p 443 –script=ssl-heartbleed.nse
Scan with a set of scripts nmap -sV –script=smb*

A scan to search for DDOS reflection UDP services

Scan for UDP DDOS reflectors nmap –sU –A –PN –n –pU:19,53,123,161

HTTP Service Information

Gather page titles from HTTP services nmap –script=http-title
Get HTTP headers of web services nmap –script=http-headers
Find web apps from known paths nmap –script=http-enum

Detect Heartbleed SSL Vulnerability

Heartbleed Testing nmap -sV -p 443 –script=ssl-heartbleed

IP Address information

Find Information about IP address nmap –script=asn-query,whois,ip-geolocation-maxmind


Secure SSH with Google Authenticator Two-Factor Authentication on CentOS 7

First of all we will install the open source Google Authenticator PAM module by executing the following command on the shell.

# yum install google-authenticator
# google-authenticator

The next step is to change some files which we will start by first changing /etc/pam.d/sshd. Add the following line to the top:

auth required pam_google_authenticator.so

auth required pam_google_authenticator.so
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth

Additional you could also add folowing line. This makes it possible to logon localy without verify code:

auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf

Contect of /etc/security/access-local.conf:

# Google Authenticator can be skipped on local network
+ : ALL :
- : ALL : ALL

Change the next file which is /etc/ssh/sshd_config. Add the following line in the file and if its already placed then change the parameter to “yes”:

ChallengeResponseAuthentication yes

Now restart the service of ssh by the following command:

# service sshd restart

How to fix a slow SSH login issue on Linux

Disable GSSAPI Authentication

To disable GSSAPI authentication on an SSH server, look for “GSSAPIAuthentication” in /etc/ssh/sshd_config, and edit it or add the line as follows.

$ sudo vi /etc/ssh/sshd_config

# add this line

GSSAPIAuthentication no

Then restart SSH server:

$ sudo /etc/init.d/ssh restart (Debian, Ubuntu or Linux Mint)
$ sudo systemctl restart sshd (Fedora)
$ sudo service sshd restart (CentOS or RHEL)

Disable Reverse DNS Lookup

To disable reverse DNS lookups on an SSH server, edit SSH server configuration as follows.

$ sudo vi /etc/ssh/sshd_config

# add this line

UseDNS no

Then restart SSH server:

$ sudo /etc/init.d/ssh restart (Debian, Ubuntu or Linux Mint)
$ sudo systemctl restart sshd (Fedora)
$ sudo service sshd restart (CentOS or RHEL)

VMware Backup Pre- And Post-Commands

Version of ESX Custom quiescing script directory
ESX/ESXi 3.5 Update 1 or earlier
ESX/ESXi 3.5 Update 2 or later
C:\Program Files\VMware\VMware Tools\backupScripts.d\
ESX/ESXi 4.x C:\Windows\backupScripts.d\
ESXi 5.0
C:\Program Files\VMware\VMware Tools\backupScripts.d\
ESXi 5.1 and ESXi 5.5


To create a sample wrapper script,  you can create a text file and name it vcb.bat.
echo off
if "%1" == "freeze" goto doFreeze
goto doThaw
call c:\windows\pre-freeze-script.bat
goto EOF
call c:\windows\post-thaw-script.bat


For Linux VMs, the scripts should be named



Both must have 0755 permissions so that they are executable, and should be owned by root.

Make sure that ““Enable VMware Tools quiescence” is enabled, cauusing the scripts to be call to.

How to disable IPv6 in Ubuntu 14.04?

To disable ipv6, you have to open /etc/sysctl.conf using any text editor and insert the following lines at the end:
 net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

If ipv6 is still not disabled, then the problem is that sysctl.conf is still not activated.
 $ sudo sysctl -p

You will see this in the terminal:
 net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
 net.ipv6.conf.lo.disable_ipv6 = 1

After that, if you run:
 $ cat /proc/sys/net/ipv6/conf/all/disable_ipv6

It will report:


If you see 1, ipv6 has been successfully disabled.

PHP 5.5 on CentOS

There is more than one way to upgrade CentOS 6.5 to PHP 5.5; the following is a suggestion only. Consult a reference for additional options.

To upgrade to PHP 5.5:

  1. Enter the following commands in the order shown.
    yum -y update
    rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
    yum -y remove php-common-5.3.3-40.el6_6.x86_64
    yum -y install php55w php55w-opcache
    yum -y install php55w-xml php55w-mcrypt php55w-gd php55w-devel php55w-mysql php55w-intl php55w-mbstring
    yum -y update
  2. Restart Apache: service httpd restart
  3. Continue with the next section.

Check if Linux File system is Read-Only

If you for some reason think your Linux File System is read-only. Donot trust on the mount command, as it will show you your FS in rw mode.

Following command will show you the Read-Only mounted File Systems:

 egrep " ro,|,ro " /proc/mounts

A File System can becom Read-Only if it has been away to lang for the OS. To prevent data Corruption, Linux makes it RO.