Entries Tagged as 'Linux'

Formatting Failure (Error Code:107) – CH3MNAS

After multiple moves of the NAS, one drive failed. So my Raid 1 was gong.

Ordering a new disk and replacing the faulty one, gave me:

Formatting Failure (Error Code:107) (Restart)

I have fun_plug installed, so was able to ssh into the linux kernal of the disk.

root@CH3MNAS:~# mdadm --detail /dev/md0
/dev/md0:
 Version : 00.90.03
 Creation Time : Sat Jul 1 21:41:07 2017
 Raid Level : raid1
 Array Size : 1951407424 (1861.01 GiB 1998.24 GB)
 Device Size : 1951407424 (1861.01 GiB 1998.24 GB)
 Raid Devices : 2
 Total Devices : 1
Preferred Minor : 0
 Persistence : Superblock is persistent

Update Time : Fri Aug 11 13:46:28 2017
 State : clean, degraded
 Active Devices : 1
Working Devices : 1
 Failed Devices : 0
 Spare Devices : 0

UUID : deca97b0:e9d03d89:02b4d16e:e91b5409
 Events : 0.126622

Number Major Minor RaidDevice State
 0 8 2 0 active sync /dev/sda2
 1 0 0 1 removed

Adding The New Hard Disk:

root@CH3MNAS:~# sfdisk -d /dev/sda | sfdisk /dev/sdb

root@CH3MNAS:~# mdadm –manage /dev/md0 –add /dev/sdb2

root@CH3MNAS:~# cat /proc/mdstat

root@CH3MNAS:~# cat /proc/mdstat
Personalities : [linear] [raid0] [raid1]
md0 : active raid1 sdb2[2] sda2[0]
 1951407424 blocks [2/1] [U_]
 [>....................] recovery = 2.5% (49485376/1951407424) finish=263.8min speed=120113K/sec

Looking MUTCH better..

Stop DHCP INFORM flooding

Background

Windows 7 among others ask for proxy settings using DHCP. The issue is that they do not stop asking until they have received an answer. This results in that the log contains a lot information about these requests, an example can be found below.

2017:07:30-00:12:03 firewall-1 dhcpd: DHCPINFORM from 192.168.188.213 via eth3
2017:07:30-00:12:03 firewall-1 dhcpd: DHCPACK to 192.168.188.213 (00:50:56:ab:38:53) via eth3

2017:07:30-00:14:03 firewall-1 dhcpd: DHCPACK to 192.168.188.213 (00:50:56:ab:38:53) via eth3
2017:07:30-00:14:03 firewall-1 dhcpd: DHCPINFORM from 192.168.188.213 via eth4

Add the following option to the DHCP server:

dhcp-option=252,"\n"

Installing VMware Tools in a Linux VM

Go to Virtual Machine > Install VMware Tools (or VM > Install VMware Tools).

sudo mkdir /mnt/cdrom
sudo mount /dev/cdrom /mnt/cdrom or sudo mount /dev/sr0 /mnt/cdrom
tar xzvf /mnt/cdrom/VMwareTools-x.x.x-xxxx.tar.gz -C /tmp/
cd /tmp/vmware-tools-distrib/
sudo ./vmware-install.pl -d

sudo reboot

Nmap Cheat Sheet

Nmap Target Selection

Scan a single IP nmap 192.168.10.1
Scan a host nmap www.testhost.com
Scan a range of IPs nmap 192.168.10.1-20
Scan a subnet nmap 192.168.10.0/24
Scan targets from a text file nmap -iL list-of-ips.txt

Nmap Port Selection

Scan a single Port nmap -p 22 192.168.10.1
Scan a range of ports nmap -p 1-100 192.168.10.1
Scan 100 most common ports (Fast) nmap -F 192.168.10.1
Scan all 65535 ports nmap -p- 192.168.10.1

Nmap Port Scan types

Scan using TCP connect nmap -sT 192.168.10.1
Scan using TCP SYN scan (default) nmap -sS 192.168.10.1
Scan UDP ports nmap -sU -p 123,161,162 192.168.10.1
Scan selected ports – ignore discovery nmap -Pn -F 192.168.10.1

Service and OS Detection

Detect OS and Services nmap -A 192.168.10.1
Standard service detection nmap -sV 192.168.10.1
More aggressive Service Detection nmap -sV –version-intensity 5 192.168.10.1
Lighter banner grabbing detection nmap -sV –version-intensity 0 192.168.10.1

Nmap Output Formats

Save default output to file nmap -oN outputfile.txt 192.168.10.1
Save results as XML nmap -oX outputfile.xml 192.168.10.1
Save results in a format for grep nmap -oG outputfile.txt 192.168.10.1
Save in all formats nmap -oA outputfile 192.168.10.1

Digging deeper with NSE Scripts

Scan using default safe scripts nmap -sV -sC 192.168.10.1
Get help for a script nmap –script-help=ssl-heartbleed
Scan using a specific NSE script nmap -sV -p 443 –script=ssl-heartbleed.nse 192.168.10.1
Scan with a set of scripts nmap -sV –script=smb* 192.168.10.1

A scan to search for DDOS reflection UDP services

Scan for UDP DDOS reflectors nmap –sU –A –PN –n –pU:19,53,123,161
–script=ntp-monlist,dns-recursion,snmp-sysdescr 192.168.10.0/24

HTTP Service Information

Gather page titles from HTTP services nmap –script=http-title 192.168.10.0/24
Get HTTP headers of web services nmap –script=http-headers 192.168.10.0/24
Find web apps from known paths nmap –script=http-enum 192.168.10.0/24

Detect Heartbleed SSL Vulnerability

Heartbleed Testing nmap -sV -p 443 –script=ssl-heartbleed 192.168.10.0/24

IP Address information

Find Information about IP address nmap –script=asn-query,whois,ip-geolocation-maxmind 192.168.10.0/24

 

Secure SSH with Google Authenticator Two-Factor Authentication on CentOS 7

First of all we will install the open source Google Authenticator PAM module by executing the following command on the shell.

# yum install google-authenticator
# google-authenticator

The next step is to change some files which we will start by first changing /etc/pam.d/sshd. Add the following line to the top:

auth required pam_google_authenticator.so

auth required pam_google_authenticator.so
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth

Additional you could also add folowing line. This makes it possible to logon localy without verify code:

auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf

Contect of /etc/security/access-local.conf:

# Google Authenticator can be skipped on local network
+ : ALL : 192.168.1.0/24
+ : ALL : LOCAL
- : ALL : ALL

Change the next file which is /etc/ssh/sshd_config. Add the following line in the file and if its already placed then change the parameter to “yes”:

ChallengeResponseAuthentication yes

Now restart the service of ssh by the following command:

# service sshd restart

How to fix a slow SSH login issue on Linux

Disable GSSAPI Authentication

To disable GSSAPI authentication on an SSH server, look for “GSSAPIAuthentication” in /etc/ssh/sshd_config, and edit it or add the line as follows.

$ sudo vi /etc/ssh/sshd_config

# add this line

GSSAPIAuthentication no

Then restart SSH server:

$ sudo /etc/init.d/ssh restart (Debian, Ubuntu or Linux Mint)
$ sudo systemctl restart sshd (Fedora)
$ sudo service sshd restart (CentOS or RHEL)

Disable Reverse DNS Lookup

To disable reverse DNS lookups on an SSH server, edit SSH server configuration as follows.

$ sudo vi /etc/ssh/sshd_config

# add this line

UseDNS no

Then restart SSH server:

$ sudo /etc/init.d/ssh restart (Debian, Ubuntu or Linux Mint)
$ sudo systemctl restart sshd (Fedora)
$ sudo service sshd restart (CentOS or RHEL)

VMware Backup Pre- And Post-Commands

Version of ESX Custom quiescing script directory
ESX/ESXi 3.5 Update 1 or earlier
C:\Windows\<pre-freeze-script.bat>
C:\Windows\<post-thaw-script.bat>
ESX/ESXi 3.5 Update 2 or later
C:\Program Files\VMware\VMware Tools\backupScripts.d\
ESX/ESXi 4.x C:\Windows\backupScripts.d\
ESXi 5.0
C:\Windows\
C:\Program Files\VMware\VMware Tools\backupScripts.d\
ESXi 5.1 and ESXi 5.5
C:\Windows\<pre-freeze-script.bat>
C:\Windows\<post-thaw-script.bat>

Windows:

To create a sample wrapper script,  you can create a text file and name it vcb.bat.
echo off
if "%1" == "freeze" goto doFreeze
goto doThaw
:doFreeze
call c:\windows\pre-freeze-script.bat
goto EOF
:doThaw
call c:\windows\post-thaw-script.bat
:EOF

Linux:

For Linux VMs, the scripts should be named

     /usr/sbin/pre-freeze-script

     /usr/sbin/post-thaw-script

Both must have 0755 permissions so that they are executable, and should be owned by root.

Veeam:
Make sure that ““Enable VMware Tools quiescence” is enabled, cauusing the scripts to be call to.

How to disable IPv6 in Ubuntu 14.04?

To disable ipv6, you have to open /etc/sysctl.conf using any text editor and insert the following lines at the end:
 net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

If ipv6 is still not disabled, then the problem is that sysctl.conf is still not activated.
 $ sudo sysctl -p

You will see this in the terminal:
 net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
 net.ipv6.conf.lo.disable_ipv6 = 1

After that, if you run:
 $ cat /proc/sys/net/ipv6/conf/all/disable_ipv6

It will report:

 1

If you see 1, ipv6 has been successfully disabled.

PHP 5.5 on CentOS

There is more than one way to upgrade CentOS 6.5 to PHP 5.5; the following is a suggestion only. Consult a reference for additional options.

To upgrade to PHP 5.5:

  1. Enter the following commands in the order shown.
    yum -y update
    rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
    yum -y remove php-common-5.3.3-40.el6_6.x86_64
    yum -y install php55w php55w-opcache
    yum -y install php55w-xml php55w-mcrypt php55w-gd php55w-devel php55w-mysql php55w-intl php55w-mbstring
    yum -y update
    
  2. Restart Apache: service httpd restart
  3. Continue with the next section.

Check if Linux File system is Read-Only

If you for some reason think your Linux File System is read-only. Donot trust on the mount command, as it will show you your FS in rw mode.

Following command will show you the Read-Only mounted File Systems:

 egrep " ro,|,ro " /proc/mounts

A File System can becom Read-Only if it has been away to lang for the OS. To prevent data Corruption, Linux makes it RO.