After multiple moves of the NAS, one drive failed. So my Raid 1 was gong.

Ordering a new disk and replacing the faulty one, gave me:

Formatting Failure (Error Code:107) (Restart)

I have fun_plug installed, so was able to ssh into the linux kernal of the disk.

root@CH3MNAS:~# mdadm --detail /dev/md0
/dev/md0:
 Version : 00.90.03
 Creation Time : Sat Jul 1 21:41:07 2017
 Raid Level : raid1
 Array Size : 1951407424 (1861.01 GiB 1998.24 GB)
 Device Size : 1951407424 (1861.01 GiB 1998.24 GB)
 Raid Devices : 2
 Total Devices : 1
Preferred Minor : 0
 Persistence : Superblock is persistent

Update Time : Fri Aug 11 13:46:28 2017
 State : clean, degraded
 Active Devices : 1
Working Devices : 1
 Failed Devices : 0
 Spare Devices : 0

UUID : deca97b0:e9d03d89:02b4d16e:e91b5409
 Events : 0.126622

Number Major Minor RaidDevice State
 0 8 2 0 active sync /dev/sda2
 1 0 0 1 removed

Adding The New Hard Disk:

root@CH3MNAS:~# sfdisk -d /dev/sda | sfdisk /dev/sdb

root@CH3MNAS:~# mdadm –manage /dev/md0 –add /dev/sdb2

root@CH3MNAS:~# cat /proc/mdstat

root@CH3MNAS:~# cat /proc/mdstat
Personalities : [linear] [raid0] [raid1]
md0 : active raid1 sdb2[2] sda2[0]
 1951407424 blocks [2/1] [U_]
 [>....................] recovery = 2.5% (49485376/1951407424) finish=263.8min speed=120113K/sec

Looking MUTCH better..

Tags: Conceptronics, Linux by Bert Zefat
No Comments »

Background

Windows 7 among others ask for proxy settings using DHCP. The issue is that they do not stop asking until they have received an answer. This results in that the log contains a lot information about these requests, an example can be found below.

2017:07:30-00:12:03 firewall-1 dhcpd: DHCPINFORM from 192.168.188.213 via eth3
2017:07:30-00:12:03 firewall-1 dhcpd: DHCPACK to 192.168.188.213 (00:50:56:ab:38:53) via eth3

2017:07:30-00:14:03 firewall-1 dhcpd: DHCPACK to 192.168.188.213 (00:50:56:ab:38:53) via eth3
2017:07:30-00:14:03 firewall-1 dhcpd: DHCPINFORM from 192.168.188.213 via eth4

Add the following option to the DHCP server:

dhcp-option=252,"\n"

Tags: Linux, Networking, Sophos by Bert Zefat
No Comments »

Go to Virtual Machine > Install VMware Tools (or VM > Install VMware Tools).

sudo mkdir /mnt/cdrom
sudo mount /dev/cdrom /mnt/cdrom or sudo mount /dev/sr0 /mnt/cdrom
tar xzvf /mnt/cdrom/VMwareTools-x.x.x-xxxx.tar.gz -C /tmp/
cd /tmp/vmware-tools-distrib/
sudo ./vmware-install.pl -d

sudo reboot

Tags: ESX, Linux, VMware, vSphere by Bert Zefat
No Comments »

Nmap Target Selection

Nmap Port Selection

Nmap Port Scan types

Service and OS Detection

Nmap Output Formats

Digging deeper with NSE Scripts

A scan to search for DDOS reflection UDP services

HTTP Service Information

Detect Heartbleed SSL Vulnerability

IP Address information

Tags: Linux, Security by Bert Zefat
No Comments »

First of all we will install the open source Google Authenticator PAM module by executing the following command on the shell.

# yum install google-authenticator
# google-authenticator

The next step is to change some files which we will start by first changing /etc/pam.d/sshd. Add the following line to the top:

auth required pam_google_authenticator.so

auth required pam_google_authenticator.so
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth

Additional you could also add folowing line. This makes it possible to logon localy without verify code:

auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf

Contect of /etc/security/access-local.conf:

# Google Authenticator can be skipped on local network
+ : ALL : 192.168.1.0/24
+ : ALL : LOCAL
- : ALL : ALL

Change the next file which is /etc/ssh/sshd_config. Add the following line in the file and if its already placed then change the parameter to “yes”:

ChallengeResponseAuthentication yes

Now restart the service of ssh by the following command:

# service sshd restart

Tags: Linux, Security by Bert Zefat
No Comments »

Disable GSSAPI Authentication

To disable GSSAPI authentication on an SSH server, look for “GSSAPIAuthentication” in /etc/ssh/sshd_config, and edit it or add the line as follows.

$ sudo vi /etc/ssh/sshd_config

# add this line

GSSAPIAuthentication no

Then restart SSH server:

$ sudo /etc/init.d/ssh restart (Debian, Ubuntu or Linux Mint)
$ sudo systemctl restart sshd (Fedora)
$ sudo service sshd restart (CentOS or RHEL)

Disable Reverse DNS Lookup

To disable reverse DNS lookups on an SSH server, edit SSH server configuration as follows.

$ sudo vi /etc/ssh/sshd_config

# add this line

UseDNS no

Then restart SSH server:

$ sudo /etc/init.d/ssh restart (Debian, Ubuntu or Linux Mint)
$ sudo systemctl restart sshd (Fedora)
$ sudo service sshd restart (CentOS or RHEL)

Tags: Linux by Bert Zefat
No Comments »

Windows:

echo off
if "%1" == "freeze" goto doFreeze
goto doThaw
:doFreeze
call c:\windows\pre-freeze-script.bat
goto EOF
:doThaw
call c:\windows\post-thaw-script.bat
:EOF

Linux:

For Linux VMs, the scripts should be named

     /usr/sbin/pre-freeze-script

     /usr/sbin/post-thaw-script

Both must have 0755 permissions so that they are executable, and should be owned by root.

Veeam:
Make sure that ““Enable VMware Tools quiescence” is enabled, cauusing the scripts to be call to.

Tags: ESX, Linux, Microsoft, VEEAM, VMware, vSphere by Bert Zefat
No Comments »

To disable ipv6, you have to open /etc/sysctl.conf using any text editor and insert the following lines at the end:
 net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

If ipv6 is still not disabled, then the problem is that sysctl.conf is still not activated.
 $ sudo sysctl -p

You will see this in the terminal:
 net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
 net.ipv6.conf.lo.disable_ipv6 = 1

After that, if you run:
 $ cat /proc/sys/net/ipv6/conf/all/disable_ipv6

It will report:

 1

If you see 1, ipv6 has been successfully disabled.

Tags: Linux by Bert Zefat
No Comments »

There is more than one way to upgrade CentOS 6.5 to PHP 5.5; the following is a suggestion only. Consult a reference for additional options.

To upgrade to PHP 5.5:

1. Enter the following commands in the order shown.

   yum -y update
   rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
   yum -y remove php-common-5.3.3-40.el6_6.x86_64
   yum -y install php55w php55w-opcache
   yum -y install php55w-xml php55w-mcrypt php55w-gd php55w-devel php55w-mysql php55w-intl php55w-mbstring
   yum -y update
   

2. Restart Apache: service httpd restart
3. Continue with the next section.

Tags: Linux by Bert Zefat
No Comments »

If you for some reason think your Linux File System is read-only. Donot trust on the mount command, as it will show you your FS in rw mode.

Following command will show you the Read-Only mounted File Systems:

 egrep " ro,|,ro " /proc/mounts

A File System can becom Read-Only if it has been away to lang for the OS. To prevent data Corruption, Linux makes it RO.

Tags: Linux by Bert Zefat
No Comments »