Category Archives: Linux

The Linux Category actually encompasses *BSD, RH, Fedora, Ubuntu, and the like.

Linux

Upgrade NAS4Free Firmware

Leave a comment

I had NAS4Free server version x64_9.0.0.1.188 installed on a server and wanted to upgrade it to the latest version before moving into production.

I’m assuming you already have a ZFS (or other filesystem) share mounted on the server. And that SSH is enabled.

Copy the file to your share – I used WinSCP as it 1.) works and 2.) is free and 3.) I’m used to it.
SSH to the NAS and run the following:
/etc/rc.firmware enable
/etc/rc.firmware upgrade /path/to/img/file.img

The server will then reboot and you’ll be running the newest version.

ZFS tuning on freenas nas4free – I’ll split this out eventually.
http://forums.nas4free.org/viewtopic.php?f=55&t=26
# mkdir /mnt/data/zfskerntune
# cd /mnt/data/zfskerntune
# fetch http://www.kav91.com/nas4free/zfskerntune-20111022-nas4freeKav91.tar.gz
# tar xvf zfskerntune-20111022-nas4freeKav91.tar.gz
# cd zfskerntune
# ./zfskerntune-install.php

Linux

Ubuntu BIND Webmin NXDOMAIN

Leave a comment

I had setup two BIND9 servers on ubuntu to service all VPN connected users. They were both linked just fine. I managed BIND via webmin installed.

A linux user and a Mac user were connecting to the VPN and then finding they could no longer connect to any web sites outside of the DNS domain.

nslookup google.com
;; Got recursion not available from 10.10.5.60, trying next server
Server: 10.10.5.61
Address: 10.10.5.61#53
** server can’t find google.com: NXDOMAIN

Well that’s no good. First server isn’t allowing recursive connections and the second one is not forwarding properly. I checked webmin and saw in the forwarding and transfers section that I had, indeed, already added 8.8.8.8, 8.8.4.4, 4.2.2.2, and 10.10.5.70 (internal DNS). So why was it not working?

Fired up putty and SSH’d in
nano /etc/bind/named.conf.options
Under the options { area add the following:
allow-query { any; };
allow-recursion { any; };
Save and quit

Reload Bind
/etc/init.d/bind9 reload

Profit

Linux, Microsoft

Owncloud 4 and AD LDAP

Leave a comment

I recently migrated from owncloud 3 to owncloud 4 for a few of the newest features (versioning, security, working ldap).

LDAP configuration
LDAP Basic
Host: IP or Resolvable DNS
Base: dc=DOMAIN,dc=TLD
Name: user@domain.tld
Password: password
User Login Filter: sAMAccountName=%uid
User List Filter: objectClass=user
Group Filter objectClass=group

Advanced
Port: 389
Case insensitive LDAP server checked
Display Name Field: sAMAccountName

Linux

Change Timezone Linux CLI

Leave a comment

I had a security-onion box running and it defaults to UTC/GMT time.  This was fine for me as I could do the subtraction of time in my head, but for some in management they were questioning my findings due to the time being off.  So, to make my life easier, I decided to change the timezone.

The timezone under Linux is set by a symbolic link from /etc/localtime to a file in the /usr/share/zoneinfo directory that corresponds with what timezone you are in. For example, since I’m in Chicago, /etc/localtime is a symlink to /usr/share/zoneinfo/America/Chicago. To set this link, type:

ln -sf /usr/share/zoneinfo/your/zone /etc/localtime

http://www.linuxsa.org.au/tips/time.html

Linux

Proxmox Syslog Errors

Leave a comment

So I run proxmox 2.1 (pve-manager/2.1/f9b0f63a). I monitor the servers with Dell’s OpenManage 6.5 and Nagios. I started noticing the following in my syslog (/var/log/syslog)

Jun 26 07:35:21 pveserver1 snmpd[2015]: error on subcontainer ‘ia_addr’ insert (-1)
Jun 26 07:35:21 pveserver1 snmpd[2015]: error on subcontainer ‘ia_addr’ insert (-1)
Jun 26 07:35:51 pveserver1 snmpd[2015]: error on subcontainer ‘ia_addr’ insert (-1)
Jun 26 07:35:51 pveserver1 snmpd[2015]: error on subcontainer ‘ia_addr’ insert (-1)

Quick check online points me to SNMP issues – apparently there is a “bug” that was fixed, but is still technically present due to the default settings of snmpd.

Login as root
nano /etc/default/snmpd
Change the line with SNMPDOPTS to
SNMPDOPTS='-LS6d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
And the line with TRAPDOPTS to
TRAPDOPTS='-LS6d -p /var/run/snmptrapd.pid'
Save and Exit

Then restart SNMPD
/etc/init.d/snmpd restart

Watch the log file and see if you receive any more snmpd messages
watch tail -45 /var/log/syslog

Linux, Troubleshooting

Proxmox Ubuntu Debian Force Reboot

Leave a comment

I had a cluster of proxmox servers (debian) that refused to reboot. I had just run some updates as part of the monthly maintenance schedule and issued the “reboot” command. I have molly-guard installed, so I had to type the name of the server as well, but they were just sitting there.

Checked the /var/log/messages for any ideas – system preparing for reboot.

The server continued to function as it had before the reboot command – I could use apache, ssh, webmin, etc all fine. As the servers are located at a not-close datacenter AND I have KVM control from any VPN connection, I decided to try to find a way to force it down. Unfortunately our DC does not allow us to control the smart PDUs installed in each rack as they retain the right to remotely monitor our power consumption.

After a short search on my favorite g search engine site, I come across this:
echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger

As soon as you hit enter on the second command the server will drop and start to reboot.

Linux, Networking

Security Onion

1 Comment

After reading some more sans security documents I was pointed toward Security Onion as my go-to for IDS/IPS. I had been using snorby TKL by smooth-sec (Bailey.st), but it wasn’t doing a great job and the documentation was lacking. Security onion is more of a resource hog but offers quite a few awesome tools. Here is my basic setup to get Security Onion working properly:

Download ISO, burn, Install on a server (Dell PE1850, 2x 2.8GHz Xeon, 16GB RAM, Mirror 300GB SCSI)

Added Root User – I still dislike all this “sudo this” and “sudo that”
sudo passwd root

Update Operating system
apt-get update
apt-get upgrade

Update Onion
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Turn off sensor for Eth1 (assuming Eth0 is mirror port and Eth1 is LAN)
nsm_sensor_ps-stop --sensor-name=YOURSERVERNAME-eth1
nano /etc/nsm/sensortab
Comment out the Interface to disable

Reboot
reboot

Remove SIDs/Block Addresses (*OLD*)
Block SIDs will stop snort from even reporting the issue – by default ALL rules are enabled
nano /etc/pulledpork/disablesid.conf

1:1411-1:1419,1:OTHERRULES,1:ETC

/usr/local/bin/pulledpork_update.sh
nsm_sensor_ps-stop
nsm_sensor_ps-start

Remove SIDs/Block Addresses (*NEW*)
Block SIDs will stop snort from even reporting the issue – by default ALL rules are enabled
nano /etc/nsm/pulledpork/disablesid.conf

1:1411-1:1419,1:OTHERRULES,1:ETC

/usr/bin/rule-update
nsm_sensor_ps-stop
nsm_sensor_ps-start

Blocking IPs will stop snort from worrying about certain hosts – by default ALL hosts are worried
nano /etc/nsm/YOURSERVERNAME-eth1/bpf.conf

Add the following template:

#Nothing from src host to dst port
!(src host xxx.xxx.xxx.xxx && dst port 161) &&
#Nothing from src host to dst host and dst port
!(src host xxx.xxx.xxx.xxx && dst host xxx.xxx.xxx.xxx && dst port 80) &&
#Nothing to or from:
!(host xxx.xxx.xxx.xxx) &&
#Last entry has no final &&
!(host xxx.xxx.xxx.xxx)

nsm_sensor_ps-restart