Friday, 15 October 2021

How to enable serial console KVM guest os.

 1. Enable serial console with command :

 systemctl enable --now serial-getty@ttyS0.service

2. Connecting to guest OS from KVM with command:

 virsh console [VM_NAME]

ref: ostechnix.com

at No comments:
Labels:

Saturday, 9 October 2021

How to fix expired Freeradius certificate problem.

Problem :

    1. Can't start RADIUS Systemd service.

    2. Log show like this. 

 Oct 9 00:00:49 radius1 sh[1114]: C = FR, ST = Radius, L = Somewhere, O = Example Inc., emailAddress = admin@example.org, CN = Example Certificate Authority  
 Oct 9 00:00:49 radius1 sh[1114]: error 10 at 1 depth lookup: certificate has expired  
 Oct 9 00:00:49 radius1 sh[1114]: C = FR, ST = Radius, O = Example Inc., CN = Example Server Certificate, emailAddress = admin@example.org  
 Oct 9 00:00:49 radius1 sh[1114]: error 10 at 0 depth lookup: certificate has expired  
 Oct 9 00:00:49 radius1 sh[1114]: error server.pem: verification failed  
 Oct 9 00:00:49 radius1 sh[1114]: make: *** [Makefile:107: server.vrfy] Error 2  
 Oct 9 00:00:49 radius1 rsyslogd[1098]: imjournal: journal files changed, reloading... [v8.1911.0-6.el8 try https://www.rsyslog.com/e/0 ]  
 Oct 9 00:00:49 radius1 systemd[1]: radiusd.service: Control process exited, code=exited status=2  
 Oct 9 00:00:49 radius1 systemd[1]: radiusd.service: Failed with result 'exit-code'.  
 Oct 9 00:00:49 radius1 systemd[1]: Failed to start FreeRADIUS high performance RADIUS server..

Cause :

    Certificate file in `/etc/raddb/certs/` have any expired certificates.

Resolution 1 (If you do not user certificate in /Certs ) :

    Delete all certificate files in `/raddb/certs` with this command.

 rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*

Resolution 2 :

     Create new certificate new certificate instead expired certs. 


   



at No comments:
Labels:

Friday, 8 October 2021

Basic Firewalld configuration for Linux server

1. Show all zone name and information about those zone.

 firewall-cmd --list-all-zones

2. Create new zone.

 firewall-cmd --new-zone=dmz2 --permanent
3. Add source network or source IP to firewall zone to allow those network access allow services or port number in specific zone.
 firewall-cmd --zone=dmz2 --add-source=192.168.0.0/24 --permanent  
 firewall-cmd --reload  #Apply

4. Add service port to allow sources network in a zone to access those port.

 firewall-cmd --zone=dmz2 --add-port=80/tcp --add-port=443 --permanent  
 firewall-cmd --reload  #apply
at No comments:
Labels: ,

Wednesday, 12 April 2017

Simple way to install go for CENTOS


  1. Download Go From Go Site 
  2. Untar Go to /usr/local/
    tar -C /usr/local -xzf go-xx.tar
  3. Create Link in /usr/bin
    ln -s /usr/bin/go/ /usr/local/go/bin
  4. Create Go Working Directory
  5. mkdir /go
  6. Set GOPATH 
    export GOPATH=/go
at 1 comment:

Tuesday, 6 September 2016

How to add network interface card (NIC) to Docker’s container and bridging with phisical NIC


  1. Create Docker Network
    • # docker network create --driver=bridge [docker's network name]
    • *Docker automatically create network bridge with brctl when running command (for linux environment).
  2. Bridge created network with another interface
    • # brctl addif [brid name] [NIC’s name]
    • *brctl show (for lookup bridge name).
    • **Manual add interface to bridge everytime after restart host.
  3. Create Docker Cointainer
  4. Connect Docker to bridge
    • # docker network connect [Network Name] [Container ID]
    • *Container will be connect and automatically create another interface on container that connect with created network.
at 5 comments:
Labels: , ,

Thursday, 7 April 2016

Detection and Prevention SSH Brute Force Attacks with Logstash and iptables 

This topic talking about alternative way to "Detect and Prevent ssh brute force" 
for Linux Server with logstash ipset and iptables on CentOS7






First Step: Create Preventive Mechanism 


Create a preventive mechanism with iptable and ipset for blocking an attack source 


with brute force's source ip.








install and config ipset: 


 yum -y install ipset  
 ipset create block hash:ip  











config iptables rule:


iptables -A INPUT -p tcp -m set --match-set block src -j DROP  









Second Step: Create Detection Mechanism


Install and config Logstash for analyze sshd log (/var/log/secure) to identify 


source ip address of ssh brute force




enable logstash on boot:


systemctl enable logstash  









config logstash: copy this configuration and replace in to file "/etc/logstash/conf.d/logstash"


 input{  
      file{  
           path => ["/var/log/secure"]  
      }  
 }  
 output{  
      #push output to file  
      file {path => "/var/log/blacklist"}  
 #     stdout { codec => json_lines }  
 }  
 filter{  
      grok {  
           match => ["message","%{MONTH:month}(?: | )%{MONTHDAY:day} %{TIME:time} %{WORD} %
{WORD:prog}\[%{DATA}: %{DATA:detail}(?: logname=(?:%{WORD:logname}|)|)(?: uid=(?:%{WORD:uid}|)|)(?: euid=(?:%{WORD:euid}|)|)(?: tty=(?:%{WORD:tty}|)|)(?: ruser=(?:%{WORD:ruser}|)|) rhost=%{IP:remoteIP}(?: user=%{DATA:remoteUser}|)"]  
           remove_field => ["message"]  
      }  
      #drop event if remoteIP is missing.  
      if ![remoteIP] {  
           drop { }  
      }  
      # block remoteIP when authentication fail 3 time.  
      throttle {  
           before_count => 0  
           after_count => 3  
           period => 30  
           key => "%{remoteIP}"  
           add_field => { "block" => "true"}  
      }  
      if [remoteIP] and [block] == "true"{  
           ruby {  
                code => "  
                      `/usr/sbin/ipset add block #{event['remoteIP']} timeout 86400 `  
                "  
           }  
      }  
 }  









restart logstash service: 




systemctl restart logstash






optional : You can send event data form logstash to elasticsearch for long-term analyze 












at





No comments:
  


















Labels:
,
,
,

















          

        

          

        

Tuesday, 13 May 2014


          

        










Install Network Manager Plugin for OpenVPN on Ubuntu










1. Install Network Manager Ubuntu

# apt-get install network-manager-openvpn







2. Config OpenVPN Connection



2.1 Open "Network Connection" then Click "Add" button







2.2 Choose a Connection Type "OpenVPN"







2.3 Edit VPN Connection



Gateway: VPN Server Name

Authentication Type: Password with Certificates (TLS)

Username: VPN Username

Password: VPN Password

User Certificate:  xxx.crt

CA Certificate: ca.crt

Private Key: xxx.key

then click "Advanced Option"











2.4 Edit Advanced Option



Select Option

- Use LZO data compression

- Use a TAP device


















at





No comments:
  


















Labels:
,

















        

      









Subscribe to:
Posts (Atom)









Import SSH Private Key to Yubikey (PIV) for SSH Authentication



Introduction:  This guide will walk you through the process of importing your SSH private key to a Yubikey (PIV) for SSH authentication on y...