Wednesday, December 18, 2013

How to turn on wireless monitor mode to sniffer 802.11 wireless frame on OSX 10.9?

Install:
Step1. Install XQartz(X11) for OSX 10.6 or later (http://xquartz.macosforge.org/landing/)
Step2. Logout and login OSX by Admin account.
Step3. Install Wireshark for OSX 10.6 and later Intel 64 bit (http://www.wireshark.org/download.html)
Step4. Launch Wireshark and chose XQartz as X11 environment.
Step5. Turn on monitor mode -> http://ask.wireshark.org/questions/26270/how-to-turn-on-monitor-mode-on-mac-osx-1075

Specify channel for 2.4G or 5G radio:
Step1. sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport
Step2. sudo airport -z #disassociates you card from the current network
Step3. sudo airport --channel= ["channel you want to switch to"] #sets the channel the card monitors on

Tuesday, December 03, 2013

為何tail -f | grep "" >> 檔案 然後發現資料不完全? missing line?

昨天被同事問到這個問題,由於小弟智力有限一時間竟無法理解,然而今天找到答案了,原來是libc對於這種 pipe的結構不會自動去清除buffer,所以一旦buffer滿了(4KB by default)那接下來的資料就無法繼續傳給pipe之後來處理,所以就會missing line囉,解決的方法就是手動自行清除buffer如下以避免爆炸。

tail -f | grep "pattern" --line-buffered >> /tmp/log &

Monday, October 28, 2013

How does snmptrap work on Linux?

在此簡單記錄下如何設定CentOS接收snmp v2與v3的trap event.

Steps:
1. 安裝net-snmp。

2. 確定snmptrapd已經安裝於系統。

3. 匯入mibs files:
先確定mibs的目錄:
[root@localhost ~]# net-snmp-config --default-mibdirs
/root/.snmp/mibs:/usr/share/snmp/mibs
可以看到我的mibs可以放在/root/.snmp/mibs or /usr/share/snmp/mibs,在此我選擇放在/usr/share/snmp/mibs。

4. 設定snmptrapd可以接收snmp v2與v3的trap event:
開啟並編輯[root@localhost mibs]# vi /etc/snmp/snmptrapd.conf 如下:
#SNMP v2 with community as public
disableAuthorization no
authCommunity log,execute,net public
# SNMP v3 with user as admin and passphase as aaaaaaaa
createUser admin MD5 aaaaaaaa DES aaaaaaaa
authUser log,execute,net admin

5. 不以daemon的方式啟動snmptrapd:
[root@localhost mibs]# snmptrapd -m all -c /etc/snmp/snmptrapd.conf -Lo -f
NET-SNMP version 5.3.2.2
-m all -> 讀入所有的mibs files
-c -> 預設的configuration file
-Lo -> 輸出到基本output
-f -> do not fork from the shell
這邊你會看到snmp trap event會輸出至螢幕,方便debug用。

6. 以daemon的方式啟動snmptrapd:
[root@localhost mibs]# /etc/init.d/snmptrapd start
正在啟動 snmptrapd:                                        [  確定  ]
而這裡你將會看到snmp trap event會被寫入到/var/log/messages。






Friday, August 02, 2013

How to enable auth details in FreeRADIUS log?

Here to describe how to enable detail auth information and authentication requests to the log file in FreeRADIUS.

FreeRADIUS 1.x:
Open and edit /etc/raddb/radiusd.conf to set:
log_auth = yes
auth_log
detail auth_log {
                detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
                #
                #  This MUST be 0600, otherwise anyone can read
                #  the users passwords!
                detailperm = 0600
         }


FreeRADIUS 2.x:
Open and edit /etc/raddb/radiusd.conf to set:
auth = yes
Open and edit /etc/raddb/sites-available/default to set:
auth_log



Thursday, June 27, 2013

How can I allow IP protocol 47 (gre) via iptables to connect a GRE GW?

Topology:
GRE GW1 ----- Switch -----(eth0)Linux NAT Router(eth1) ----- Switch ----- GRE GW2

To configure IP protocol 47 to GRE GW on NAT Router below:
# iptables -t nat -A PREROUTING -i eth0 -p gre -j DNAT --to-destination 10.10.2.186  
Where 10.10.2.186 is GRE GW2's IP.


To configure L2oGRE on Linux:
# modprobe ip_gre
# ip link add link gre0 name tunnel0 type gretap remote 192.168.0.1 local 10.10.2.186
# ip link set tunnel0 up
# brctl addbr br0
# ip link set br0 up
# ip link set eth2 up
# brctl addif br0 tunnel0
# brctl addif br0 eth2

Monday, April 01, 2013

Set http/https proxy server in Linux CLI

HTTP:
# export http_proxy="http://10.10.10.254:8080"

HTTPs:
# export https_proxy="https://10.10.10.254:8080"

Where 10.10.10.254 is the IP of Proxy Server, and 8080 is port number.

Remove:
# unset http_proxy
# unset https_proxy

Afterward you can use curl to verify.

Wednesday, March 13, 2013

Howto TACACS+ on CentOS6.x

Here to describe howto install/configure TACACS+ on CentOS6.x on step by step.

Step1. Download rpm:
wget ftp://ftp.muug.mb.ca/mirror/redhat/contrib/libc6/i386/tac_plus-4.0.3-2.i386.rpm

Step2. Install:
rpm -ivh tac_plus-4.0.3-2.i386.rpm

Step3. Configure user in TACACS+:
vi /etc/tacacs/tac_plus.cfg
# Created by Devrim SERAL(devrim@tef.gazi.edu.tr)
# It's very simple configuration file
# Please read user_guide and tacacs+ FAQ to more information to do more
# complex tacacs+ configuration files.
#
# Put your NAS key below
key = "testing123"
# Use /etc/passwd.loc file to do authentication
# it's must be in passwd file format. So you must mix shadow-passwd files to do it
#default authentication = file /etc/passwd.loc
user = lawrence {        login = cleartext 123456}

# Where is the accounting records to go
accounting file = /var/log/tacacs.log
# Permit all authorization request
default authorization = permit
# End config file

# The user lawrence with password 123456 will be created.


Step4. Start TACACS+ daemon:

[root@server1 tmp]# /etc/init.d/tacacs start
Starting tacacs+:
[root@server1 tmp]# netstat -tupln | grep 49
tcp        0      0 0.0.0.0:49                  0.0.0.0:*                   LISTEN      9027/tac_plus

Done~

Update1, small snapshot from user guide:


At the service authorization level i.e. inside the braces of a
service declaration, arguments in an authorization request are
processed according to the algorithm described later. Some actions
when authorizing services (e.g. when matching attributes are not
found) depend on how the default is configured. The following
declaration changes the default from deny to permit for this user and
service.

user = lol {
    service = exec {
        default attribute = permit
    }
}

Howto debug:

DEBUGGING A RUNNING SERVER
--------------------------

There is a myriad of debugging values that can be used in conjunction
with the -d flag to produce debugging output in /var/tmp/tac_plus.log.

For example, starting the daemon with

        tac_plus -C CONFIG -d 16

will put authentication debugging into /var/tmp/tac_plus.log. You can
view this information by using the tail command.

        tail -f /var/tmp/tac_plus.log

See the man page for more information.




Thursday, February 07, 2013

增加FreeRADIUS的listen port

預設FreeRADIUS的listen port為1812(認證)與1813(計費),但是FreeRADIUS允許我們可以多bind幾個port來使用。

測試版本: CentOS 5.8/FreeRADIUS 1.1.3-1.6.el5

Steps:
1. 確定目前只有1812/1813在使用,1814/1815無任何daemon使用,等會將設定1814為Auth而1815為ACCT。

[root@server1 raddb]# netstat -tupln | grep 1812
udp        0      0 0.0.0.0:1812                0.0.0.0:*                               7300/radiusd      
[root@server1 raddb]# netstat -tupln | grep 1813
udp        0      0 0.0.0.0:1813                0.0.0.0:*                               7300/radiusd      
[root@server1 raddb]# netstat -tupln | grep 1814
[root@server1 raddb]# netstat -tupln | grep 1815


2. 開啟/etc/raddb/radiusd.conf,並新增listen ports 1814與1815。

listen {
 ipaddr = *
 port=1814
 type=auth
}
listen {
 ipaddr = *
 port=1815
 type=acct
}

3. 重新啟動FreeRADIUS:

[root@server1 raddb]# /etc/init.d/radiusd restart
正在停止 RADIUS 伺服器:                                    [  確定  ]
正在啟動 RADIUS 伺服器: Thu Feb  7 13:31:06 2013 : Info: Starting - reading configuration files ...
                                                           [  確定  ]

4. 檢查1812, 1813, 1814, 1815為FreeRADIUS所使用。

[root@server1 raddb]# netstat -tupln | grep 1812
udp        0      0 0.0.0.0:1812                0.0.0.0:*                               7347/radiusd      
[root@server1 raddb]# netstat -tupln | grep 1813
udp        0      0 0.0.0.0:1813                0.0.0.0:*                               7347/radiusd      
[root@server1 raddb]# netstat -tupln | grep 1814
udp        0      0 0.0.0.0:1814                0.0.0.0:*                               7347/radiusd      
[root@server1 raddb]# netstat -tupln | grep 1815
udp        0      0 0.0.0.0:1815                0.0.0.0:*                               7347/radiusd   


大功告成!

Tuesday, February 05, 2013

CentOS 5.9 has released!

CentOS 5.9 釋出了,明天來update。
http://www.tecmint.com/how-to-upgrade-from-centos-5-x-to-centos-5-9/