Set http/https proxy server in Linux CLI

HTTP:

# export http_proxy="http://10.10.10.254:8080"

HTTPs:

# export https_proxy="https://10.10.10.254:8080"

Where 10.10.10.254 is the IP of Proxy Server, and 8080 is port number.

Remove:

# unset http_proxy
# unset https_proxy

Afterward you can use curl to verify.

Howto TACACS+ on CentOS6.x

Here to describe howto install/configure TACACS+ on CentOS6.x on step by step.

Step1. Download rpm:

wget ftp://ftp.muug.mb.ca/mirror/redhat/contrib/libc6/i386/tac_plus-4.0.3-2.i386.rpm

Step2. Install:

rpm -ivh tac_plus-4.0.3-2.i386.rpm

Step3. Configure user in TACACS+:

vi /etc/tacacs/tac_plus.cfg
# Created by Devrim SERAL(devrim@tef.gazi.edu.tr)
# It's very simple configuration file
# Please read user_guide and tacacs+ FAQ to more information to do more
# complex tacacs+ configuration files.
#
# Put your NAS key below
key = "testing123"
# Use /etc/passwd.loc file to do authentication
# it's must be in passwd file format. So you must mix shadow-passwd files to do it
#default authentication = file /etc/passwd.loc
user = lawrence {        login = cleartext 123456}

# Where is the accounting records to go
accounting file = /var/log/tacacs.log
# Permit all authorization request
default authorization = permit
# End config file

# The user lawrence with password 123456 will be created.

Step4. Start TACACS+ daemon:

[root@server1 tmp]# /etc/init.d/tacacs start
Starting tacacs+:
[root@server1 tmp]# netstat -tupln | grep 49
tcp        0      0 0.0.0.0:49                  0.0.0.0:*                   LISTEN      9027/tac_plus

Done~

Update1, small snapshot from user guide:


At the service authorization level i.e. inside the braces of a
service declaration, arguments in an authorization request are
processed according to the algorithm described later. Some actions
when authorizing services (e.g. when matching attributes are not
found) depend on how the default is configured. The following
declaration changes the default from deny to permit for this user and
service.

user = lol {
    service = exec {
        default attribute = permit
    }
}

Howto debug:

DEBUGGING A RUNNING SERVER
--------------------------

There is a myriad of debugging values that can be used in conjunction
with the -d flag to produce debugging output in /var/tmp/tac_plus.log.

For example, starting the daemon with

        tac_plus -C CONFIG -d 16

will put authentication debugging into /var/tmp/tac_plus.log. You can
view this information by using the tail command.

        tail -f /var/tmp/tac_plus.log

See the man page for more information.

增加FreeRADIUS的listen port

預設FreeRADIUS的listen port為1812(認證)與1813(計費)，但是FreeRADIUS允許我們可以多bind幾個port來使用。

測試版本: CentOS 5.8/FreeRADIUS 1.1.3-1.6.el5

Steps:
1. 確定目前只有1812/1813在使用，1814/1815無任何daemon使用，等會將設定1814為Auth而1815為ACCT。

[root@server1 raddb]# netstat -tupln | grep 1812
udp        0      0 0.0.0.0:1812                0.0.0.0:*                               7300/radiusd      
[root@server1 raddb]# netstat -tupln | grep 1813
udp        0      0 0.0.0.0:1813                0.0.0.0:*                               7300/radiusd      
[root@server1 raddb]# netstat -tupln | grep 1814
[root@server1 raddb]# netstat -tupln | grep 1815

2. 開啟/etc/raddb/radiusd.conf，並新增listen ports 1814與1815。

listen {
 ipaddr = *
 port=1814
 type=auth
}
listen {
 ipaddr = *
 port=1815
 type=acct
}

3. 重新啟動FreeRADIUS:

[root@server1 raddb]# /etc/init.d/radiusd restart
正在停止 RADIUS 伺服器:                                    [  確定  ]
正在啟動 RADIUS 伺服器: Thu Feb  7 13:31:06 2013 : Info: Starting - reading configuration files ...
                                                           [  確定  ]

4. 檢查1812, 1813, 1814, 1815為FreeRADIUS所使用。

[root@server1 raddb]# netstat -tupln | grep 1812
udp        0      0 0.0.0.0:1812                0.0.0.0:*                               7347/radiusd      
[root@server1 raddb]# netstat -tupln | grep 1813
udp        0      0 0.0.0.0:1813                0.0.0.0:*                               7347/radiusd      
[root@server1 raddb]# netstat -tupln | grep 1814
udp        0      0 0.0.0.0:1814                0.0.0.0:*                               7347/radiusd      
[root@server1 raddb]# netstat -tupln | grep 1815
udp        0      0 0.0.0.0:1815                0.0.0.0:*                               7347/radiusd   

大功告成！

CentOS 5.9 has released!

CentOS 5.9 釋出了，明天來update。
http://www.tecmint.com/how-to-upgrade-from-centos-5-x-to-centos-5-9/

Linux有Terminator，OSX呢？

Terminator在Linux上可說是神兵利器，絕對是工程師的最愛，那麼OSX呢? 唉，原生的終端機真的是跟不上時代...... 好在有iTerm2可以用，真是棒呀！現在我只能說13"的MBP螢幕有點小。:p

Disable IPv6 in Mac OSX 10.7

如下圖在OSX10.7裡面的網路設定，針對IPv6並沒有關閉的選項，搜尋了一下可以用command暫時將它關閉起來。

For Ethernet:

networksetup -setv6off Ethernet

For Wireless:

networksetup -setv6off Wi-Fi

Bonjour browser on OSX

You can use mDNS or Bonjour browser to query DNS-SD on OSX as following:

• Browser service:

mDNS -B                (Browse for services instances)
MBP:~ lawrence$ mDNS -B _sftp-ssh._tcp.
Browsing for _sftp-ssh._tcp.
Talking to DNS SD Daemon at Mach port 5891
Timestamp     A/R Flags Domain                   Service Type             Instance Name
12:18:11.060  Add     0 local.                   _sftp-ssh._tcp.          MBP

• Look up a service:

mDNS -L           (Look up a service instance)
MBP:~ lawrence$ mDNS -L "MBP" _sftp-ssh._tcp. .
Lookup MBP._sftp-ssh._tcp.local
Talking to DNS SD Daemon at Mach port 5891
12:18:54.882  Service can be reached at   10.10.2.7      :22
12:18:54.882  FE80:0000:0000:0000:3E07:54FF:FE35:5093%en0:22
12:18:54.883  3001:0288:0000:0000:3E07:54FF:FE35:5093%en0:22

• Bonjour browser:

References:

http://en.wikipedia.org/wiki/Multicast_DNS

Bonjour browser
How to reset the DNS cache on OSX

Bonjour browser for Windows and Android

mDNS repeater