Senin, 11 Maret 2013

Xathrya Sabertooth

Xathrya Sabertooth

Mounting and Unmounting ISO file

Posted: 11 Mar 2013 12:35 AM PDT

ISO files, is a CD/DVD image file. This means, on that single CD/DVD stored files and use structure like real CD/DVD does. Well, it sounds complicated but you could say that you have copy all CD/DVD contents and pack it into a single file.

In Linux, mounting and unmounting an ISO file is so easy and doesn’t need any 3rd party tools.

In this article we will discuss about how to mounting ISO file and unmounting it. For this article I use Slackware64 14.0, but we can do the trick here for any linux distribution.

Preparation

To do mounting and unmounting, you should have superuser or root privileges. You can either login to root account, or either use sudo tool. I assume you have root privileges.

Now create a directory. This directory will be a directory where we will mount our ISO file. Simply we say, we can access the content of ISO file by accessing this directory.

</p>  <p style="text-align: justify;">mkdir /mnt/cd-dvd</p>  <p style="text-align: justify;">

On this article I assume we want to mount simple.iso. The simple.iso is located on /home/xathrya/

Mounting

To mount / attach an ISO file to /mnt/cd-dvd we use mount tool and specifying some arguments:

    mount -o loop -t iso9660 /home/xathrya/simple.iso /mnt/cd-dvd  <p style="text-align: justify;">

Unmounting

To unmount / deattach ISO file from /mnt/cd-dvd we use umount tool.

    umount /mnt/cd-dvd  <p style="text-align: justify;">

Installing OpenVPN on FreeBSD 8.3

Posted: 11 Mar 2013 12:05 AM PDT

OpenVPN is one of open source implementation of Virtual Private Network available.

In this article we will discuss about how to install OpenVPN on FreeBSD 8.3.

Installation

Installing OpenVPN is as easy as installing any FreeBSD ports.

  cd /usr/ports/security/openvpn  make install clean

Once installed, OpenVPN will store its ocnfigurations on /usr/local/share/doc/openvpn.

Make a directory /usr/local/etc/openvpn and copy all configuration files from /usr/local/share/doc/openvpn to this new directory.

  mkdir /usr/local/etc/openvpn  cp /usr/local/share/doc/openvpn/sample-config/files/server.conf /usr/local/etc/openvpn  cp -a /usr/local/share/doc/openvpn/easy-rsa /usr/local/etc/openvpn

Creating RSA Key

OpenVPN is a tunneling network. Our connection made to OpenVPN through encrypted channel. Therefore, to enable OpenVPN we should create keys. In this section we will discuss about how to do it.

A good news is, we don’t have to create the key from scratch. OpenVPN has made a script to automatically create it for us. Now invoke following to do preparation:

  chmod 0755 /usr/local/etc/openvpn/easy-rsa/2.0/*  cd /usr/local/etc/openvpn/easy-rsa/2.0  sh  echo 'export KEY_COUNTRY="ID"' >> vars  echo 'export KEY_PROVINCE="JB"' >> vars  echo 'export KEY_CITY="BANDUNG"' >> vars  echo 'export KEY_ORG="Celestial Being"' >> vars  echo 'export KEY_EMAIL="xathrya@celestial-being.net"' >> vars

Now we create the certificate ca.crt

  . ./vars  ./clean-all  ./build-ca

And then build the server.key

  ./build-key-server server

Next the client.key

  ./build-key client

Build DH parameters with 2014 bit long

  ./build-dh

Copy the Keys to a special purposed directory for storing keys.

  <pre>mkdir /usr/local/etc/openvpn/keys  cp /usr/local/etc/openvpn/easy-rsa/2.0/keys/* /usr/local/etc/openvpn/keys  ./clean-all

Configuring Server

After creating the keys, we will proceed to configuring the OpenVPN server. The file we must edit is /usr/local/etc/openvpn/server.conf. Here is sample configuration we can applied to our server:

  port 1194  proto udp  dev tap  ca /usr/local/etc/openvpn/keys/ca.crt  cert /usr/local/etc/openvpn/keys/server.crt  key /usr/local/etc/openvpn/keys/server.key # This file should be kept secret  dh /usr/local/etc/openvpn/keys/dh1024.pem  server 10.8.0.0 255.255.255.0  ifconfig-pool-persist ipp.txt  push "redirect-gateway"  push "dhcp-option DNS 8.8.8.8"  keepalive 10 120  comp-lzo  persist-key  persist-tun  status /var/log/openvpn-status.log

Autostart on Boot

To run OpenVPN automatically at boot time, we can edit /etc/rc.conf write following:

  gateway_enable="YES"  openvpn_enable="YES"  openvpn_configfile="/usr/local/etc/openvpn/server.conf"  openvpn_if="tap"

Enabling IP Forwarding

IP Forwarding is needed to forward IP packet which received by servers to corresponding client inside VPN.

  sysctl net.inet.ip.forwarding=1

Starting OpenVPN Server

Last part, we should start the OpenVPN by:

  /usr/local/etc/rc.d/openvpn start

And that’s it. You now have OpenVPN on your network

Monitoring a Host using Nagios

Posted: 10 Mar 2013 11:21 PM PDT

In previous article we have discussed about how to install and configure Nagios on our machine. In this article we will discuss about adding a host to list of host monitored by Nagios. In this article I use FreeBSD 8.3.

Defining the Host

First of all, we need to identify the host / machine we want to monitor. What is the IP address? What service it runs? The network? etc.

A simple note can help us for suppress the error. It also help us document what host has been added to and what services and can help us to organize later.

In this article I make some dummy host, a gateway and a web server. The gateway has IP address 192.168.3.1 while the web server has IP address 192.168.3.3.

Making a Simple Configuration File

To add a host to list, we simply make a new configuration file. The configuration file must be stored on /usr/local/etc/nagios. In this example, I create a configuration file mygtw.cfg for my gateway and myweb.cfg for my web server.

On gateway, I only interested to know whether the gateway is up or down. The method for checking is using PING. And here is what I wrote on mygtw.cfg file:

  define host {  use freebsd-server  host_name mygtw  alias mygtw  address 192.168.3.1  }    define service{  use local-service  host_name mygtw  service_description PING  check_command check_ping!100.0,20%!500.0,60%}

For my web, I have some services and I want to monitor them all. The services available on web server are: web server and mail server. I also interest in knowing whether the host is up or down. Thus, I wrote on myweb.cfg:

   define host {   use freebsd-server   host_name myweb   alias myweb   address 192.168.3.3   }    define service {   use local-service   host_name myweb   service_description PING   check_command check_ping!100.0,20%!500.0,60%   }    define service{   use local-service   host_name myweb   service_description http   check_command check_http   }    define service{   use local-service   host_name myweb   service_description mail   check_command check_smtp   }

If you look carefully, the gateway and web server are both on hostgroup freebsd-server. Thus on hostgroup definition on localhost.cfg we need to add information about the group. The localhost.cfg is located on <strong>/usr/local/etc/nagios</strong>. On hostgroup section

  define hostgroup{  hostgroup_name freebsd-servers  alias FreeBSD Servers  members localhost,mygtw,myweb ; Comma separated list of hosts that belong to this group  }

Then edit file /usr/local/etc/nagios/nagios.cfg and add file name of configuration files we have create after cfg_file=/usr/local/etc/nagios/localhost.cfg. Thus, we have this section:

  cfg_file=/usr/local/etc/nagios/localhost.cfg  cfg_file=/usr/local/etc/nagios/mygtw.cfg  cfg_file=/usr/local/etc/nagios/myweb.cfg

Now check and make sure there is no error. You can invoke folloing:

  /usr/local/bin/nagios -v /usr/local/etc/nagios/nagios.cfg

If there is no error, we can restart the nagios by

  /usr/local/bin/nagios /usr/local/etc/nagios/nagios.cfg &

Open your browser and check the network now.

Installing Nagios for Monitoring on FreeBSD 8.3

Posted: 10 Mar 2013 10:49 PM PDT

Nagios, one of the best tool we can find for building monitoring server. Nagios is free, open source, modular, easy to use, and high scalable. Initially, Nagios was designed for Linux Operating System, but later it run on almost any UNIX-like Operating System, including FreeBSD.

In this article we will discuss about how to install and use a simple configuration for Nagios. Of course, from the theme you can imply that I use FreeBSD 8.3.

Installation

Installing Nagios is as easy as installing any FreeBSD ports.

  cd /usr/ports/net-mgmt/nagios  make install clean

Make sure you choose NETSNMP on nagios group and user. This allows Nagios to manage network using SNMP (Simple Network Management Protocol).

Autostart on Boot

To run Nagios automatically at boot time, we can edit /etc/rc.conf and add nagios_enable=”YES” at end of line. Another way, we can invoke following command:

  echo 'nagios_enable="YES"' >> /etc/rc.conf

Running Simple Configuration

Configuration is simple. In fact, there is no need for us to write configuration from scratch. Nagios has provide a basic configuration and ready to use for generic situation. Using it is as simple as copying the file to Nagios working directory. Here is commands:

  cd /usr/local/etc/nagios  cp cgi.cfg-sample cgi.cfg  cp nagios.cfg-sample nagios.cfg  cp resource.cfg-sample resource.cfg    cd /usr/local/etc/nagios/objects  cp commands.cfg-sample commands.cfg  cp contacts.cfg-sample contacts.cfg  cp localhost.cfg-sample localhost.cfg  cp printer.cfg-sample printer.cfg  cp switch.cfg-sample switch.cfg  cp templates.cfg-sample templates.cfg  cp timeperiods.cfg-sample timeperiods.cfg

Now check and make sure there is no error occured:

  nagios -v /usr/local/etc/nagios/nagios.cfg

Next we need to make administrator account for accessing Nagios home page. We use default password, which is nagiosadmin

  htpasswd -c /usr/local/etc/nagios/htpasswd.users nagiosadmin

Next, we need Apache to identifying Nagios. Therefore, edit httpd.conf using ee /usr/local/etc/apache22/httpd.conf. Add following text:

  ScriptAlias /nagios/cgi-bin/ /usr/local/www/nagios/cgi-bin/  Alias /nagios /usr/local/www/nagios/    <Directory /usr/local/www/nagios>  Options None  AllowOverride None  Order allow,deny  Allow from all  AuthName "Nagios Access"  AuthType Basic  AuthUSerFile /usr/local/etc/nagios/htpasswd.users  Require valid-user  </Directory>    <Directory /usr/local/www/nagios/cgi-bin>  Options ExecCGI  AllowOverride None  Order allow,deny  Allow from all  AuthName "Nagios Access"  AuthType Basic    AuthUSerFile /usr/local/etc/nagios/htpasswd.users  Require valid-user  </Directory>

Now, restart the Apache.

The configurations are stored on /usr/local/etc/nagios/. If we want to use the configuration, we can simply rename or copy the .cfg-sample file to .cfg file.

Before we play around with the files, it’s better for us to backup the directory to something else. For example:

  mkdir /home/xathrya/nagios-samples/  cp * /nagios-samples/  mv bigger.cfg-sample bigger.cfg  mv cgi.cfg-sample cgi.cfg  mv checkcommands.cfg-sample checkcommands.cfg  mv localhost.cfg-sample localhost.cfg  mv misccommands.cfg-sample misccommands.cfg  mv nagios.cfg-sample nagios.cfg  mv resource.cfg-sample resource.cfg

Now we have all configuration files we need on /usr/local/etc/nagios.

Next open localhost.cfg file and adjust the setting to our network. This file will instruct Nagios to monitoring localhost or self monitoring.

In this case, we have defined commands to monitor service on localhost, defining contact information of administrator/user for Nagios notify to, etc.

Later we will check whether we have error on Nagios, using:

  /usr/local/bin/nagios -v /usr/local/etc/nagios/nagios.cfg

If there is no error, you should get message like this:

  .........    .........  Total Warnings: 0  Total Errors: 0  Things look okay - No serious problems were detected during the pre-flight check

Now we start Nagios with following command:

  /usr/local/bin/nagios /usr/local/etc/nagios/nagios.cfg &

Now try to open browser and open the Nagios by URL. In my case, my machine has IP address 192.168.3.11 thus I can access nagios using URL http://192.168.3.11/nagios.

And that’s it. You now have Nagios monitoring your network

Installing PwnPi on Raspberry Pi

Posted: 10 Mar 2013 08:02 AM PDT

Raspberry Pi, a small computer powered by ARM architecture is a very interesting board for learning embedded system. In this article we will discuss about how to install how to install PwnPi on Raspberry Pi.

For this article I use following:

  1. Slackware64 14.0
  2. Windows 8
  3. Raspberry Pi model B
  4. PwnPi

You can use either Linux (in this article, Slackware) or Windows (in this article Windows 8). Just pick one and follow the rest of article for your choice.

What is PwnPi?

PwnPi is a Linux-based penetration testing dropbox distribution specially designed for Raspberry Pi. PwnPi use Debian Wheezy as its base with some stripped. Currently PwnPi support around 200 tools and used for many penetration testing activities. PwnPi empowering simplicity. Use Openbox as the window manager. PwnPi can be easiliy setup to send reverse connection from inside a target network by editing a simple configuration file.

Obtain the Materials

The Operating System I use here is the latest version of PwnPi which is v3.0 final at time of writing this article. The image can be can be downloaded from here.

Prepare the Disk (SD Card)

To boot the Raspberry Pi, an installation media and storage media is needed. All we need is a single SD card. On this article I use my 8GB SD card. You can use any SD card you want, but I recommend to use at least 4GB SD card. The image we download on previous section will be stored on this card and later installed. Make sure you have a way to write on SD card.

Windows-based Instruction

For Windows user, you can follow this section to “burn” the image. For this purpose you need additional software for writing to SD card, such as Win32DiskImager utility.

  1. Extract the image (in this case pwnpi-3.0.img.7z) so you will get an .img file. To extract the file in Windows, you can use 3rd party tools such as 7zip.
  2. Insert SD card into SD card reader and check what drive letter it assigned to. For example G:\
  3. If it is not new, format it. Or at least make sure there is only one partition (FAT32 is recommended).
  4. Run the Win32DiskImager with administrator privileges.
  5. Select the image we have extracted.
  6. Select the drive letter of the SD card on our machine. Make sure you have the correct drive, or you will destroy data on that drive.
  7. Click Write and wait. The process should be not long.
  8. Exit the imager and eject the SD card

Beside Win32DiskImager, you can also use other tool such as Flashnul.

  1. Follow step 1 to step 3 for Win32DiskImager’s solution
  2. Extract Flashnul from the archive
  3. Open command prompt with elevated privilege (administrator privilege).
  4. Go to your extracted directory and run flashnul with argument “-p”. For example: flashnul -p
  5. You will get list of physical drive attached on your machine, and list of drive. Make sure the drive is correct. At time of writing this article, the SD card is detected as device number 1 with and mounted to drive G:
  6. Load the image to flashnul: flashnul 1 -L pwnpi-3.0.img
  7. If you get an access denied error, try re-plugging the SD card and make sure to close all explorer windows or folders open for the device. If still get denial, try substitute the device number with its drive letter: flashnul G: -L pwnpi-3.0.img

At this point, you have successfully written image to your SD card. And I assume you are. You can proceed to next stage.

Linux-based Instruction

Writing image on Linux is easier, in my opinion. The utility we use is “dd” which is already bundled on most distro. Make sure you know the correct device file for your SD card. In my machine I use a built in card reader and detect my SD card as /dev/sdb. It might be different on your system so better check it. For this article I use /dev/sdb to refer to SD card.

  1. Extract the image (in this case pwnpi-3.0.img.7zip) so you will get an .img file. To extract this file, you must have 7zip package installed.
  2. Insert SD card into SD card reader .
  3. If it is not new, format it. Or at least make sure there is only one partition (FAT32 is recommended).
  4. Unmount the SD card if it is mounted. We need the whole SD card so if you see partition such as /dev/sdb1, etc its better you unmount them all.
  5. Write the image to SD card. Make sure you replace the input file after if= argument with correct path to .img file and “/dev/sdb” in the output file of= argument with your device. Also make sure to use whole SD drive and not their partition (i.e. not use /dev/sdb1, /dev/sdb1, etc). The command: dd bs=4M if=pwnpi-3.0.img of=/dev/sdb
  6. Run sync as root. This will ensure the write cache is flushed and safe to unmount SD card.
  7. Remove SD card from card reader.

If you hesitate to use terminal and prefer to use GUI method, here is the tutorial. Note that we

  1. Do step 1 to step 3 for previous tutorial. Make sure your directory or image file doesn’t contain any spaces.
  2. Install the ImageWriter tool from https://launchpad.net/usb-imagewriter
  3. Launch the ImageWriter tool (needs administrative privileges)
  4. Select the image file (in this case stage3-armv7a_hardfp-20130209.img) to be written to the SD card (note: because you started ImageWriter as administrator the starting point when selecting the image file is the administrator’s home folder so you need to change to your own home folder to select the image file)
  5. Select the target device to write the image to. In my case, it’s /dev/sdb
  6. Click the “Write to device” button
  7. Wait for the process to finish and then insert the SD card in the Raspberry Pi

At this point, you have successfully written image to your SD card. And I assume you are. You can proceed to next stage.

Running the Pi

You have write image and at this point your raspberry pi is ready. Now set up raspberry pi to boot: insert your SD card back to raspberry pi, put on power, plug video output (either HDMI or RCA).

To resize the SD card after installation, you can follow this article.

Have fun :D

Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)