En hurtig snort installation uden brug af MySql

apt-get install snort

Sikre at snort køre på den korrekte interface og ret dette i snort.debian.conf filen.

vi /etc/snort/snort.debian.conf

Start snort

/etc/init.d/snort start

Tilføj bleedingsnort reglerne til snort skal vi have disse tilføjet til oinkmaster.conf

 vi /etc/oinkmaster.conf

tilføj:

url = http://www.bleedingsnort.com/downloads/bleeding.rules.tar.gz

Default snort reglerne i denne file er opsolite, så disse kan fjernes.

Tilføj bleeding reglerne til snort.conf
de regler som er udkommenteret kunne jeg ikke få til at køre på debian's stabile version af snort

vi /etc/snort/snort.conf

tilføj:

 include $RULE_PATH/bleeding.rules
include $RULE_PATH/bleeding-attack_response.rules
#include $RULE_PATH/bleeding-dos.rules
include $RULE_PATH/bleeding-drop.rules
include $RULE_PATH/bleeding-dshield.rules
include $RULE_PATH/bleeding-exploit.rules
include $RULE_PATH/bleeding-game.rules
include $RULE_PATH/bleeding-inappropriate.rules
#include $RULE_PATH/bleeding-malware.rules
include $RULE_PATH/bleeding-p2p.rules
include $RULE_PATH/bleeding-scan.rules
include $RULE_PATH/bleeding-virus.rules
#include $RULE_PATH/bleeding-web.rules

Lav en backup dir til gamle snort regler.

mkdir /etc/snort/backup

Opdater snort reglerne via oinkmaster manuelt engang for at se at snort kan starte med disse regler.

oinkmaster -o /etc/snort/rules -b /etc/snort/backup

Tilføj opdateringerne af reglerne til crontab.

crontab -e

0 10 * * * /usr/sbin/oinkmaster -o /etc/snort/rules -b /etc/snort/backup 2>&1 |  mail -s "snort-update server" This email address is being protected from spambots. You need JavaScript enabled to view it.

For nyelig kom jeg i en situation med en ældre sbs installation, der simpelhen er ved at løbe tør for disk storage, serveren har kun 2 x 143 GB i raid, desværre kunne jeg ikke finde en esata controller som jeg kunne få til at virke korrekt under windows SBS 2003R2 :-( hvilket var mit første forsøg på at få tilknyttet ekstra storage til serveren.

I stedet for blev løsningen en gang disk via ATA over Ethernet.
Target: Debian Firewall - Intel Atom baseret hardware.
Initiator: Windows SBS 2003R2 - HP DL360

Installatione og konfiguration af Target på debina, er meget nemt, blot følg side 1 her: http://www.howtoforge.com/using-ata-over-ethernet-aoe-on-debian-lenny-initiator-and-target
Initiator er www.starwindsoftware.com AOE initiator software, som man kan downloade efter at registere det hos starwindsoftware.
Herefter tager det meget få minutter at installer initiator softwaren og derefter at få mounted den disk som stilles til rådighed på Target.

 

Et godt site til at test certificater på er:
http://www.digicert.com/help/index.htm?host=mailin01.jndata.dk:25

det fede ved denne cert checker, er at man kan difinere alternative porte, dvs. denne også kan bruges til at se på SSL certificater som bruges i forbindelse med SMTP TLS forbindelser.

En anden god site er Openssl commandline
http://www.madboa.com/geek/openssl/#cs-smtp

openssl s_client -connect remote.host:25 -starttls smtp
eller
openssl s_client -connect remote.host:25 -crlf -starttls smtp
alt efter MTA, Output bliver noget alla når det går godt:

openssl s_client -connect  mailin01.jndata.dk:25 -crlf -starttls smtp
CONNECTED(00000003)
depth=1 /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=DK/ST=8600 Silkeborg/L=Frichsvej 18/O=JN Data A/S/OU=JN Data A/S/CN=mailin01.jndata.dk
   i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
 1 s:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdzCCA+CgAwIBAgIQKQLNqZKomLm8KdgF843S6zANBgkqhkiG9w0BAQUFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
OTAyMTcwMDAwMDBaFw0xMTAyMTcyMzU5NTlaMIGGMQswCQYDVQQGEwJESzEXMBUG
A1UECBMOODYwMCBTaWxrZWJvcmcxFTATBgNVBAcUDEZyaWNoc3ZlaiAxODEUMBIG
A1UEChQLSk4gRGF0YSBBL1MxFDASBgNVBAsUC0pOIERhdGEgQS9TMRswGQYDVQQD
FBJtYWlsaW4wMS5qbmRhdGEuZGswgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
ALk+LtfavrxQIWMCjPWfjiHliMnxnTeMYFzMwA7A20Tney94J3xKjFBYUjh4u6zI
aD5zWi6zXznDmIya5BhFyFO4+kjDD0LhoeVHFV08H2RwYVURdSUJO9bw4LuJdp2g
lxQwl52VHxHIygphTP5RsXpGb/m6QlXjBIqF5Cyo1eAHAgMBAAGjggGuMIIBqjAy
BgNVHREEKzApghJtYWlsaW4wMS5qbmRhdGEuZGuCE21haWxvdXQxMi5qbmRhdGEu
ZGswCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0
cDovL2NybC52ZXJpc2lnbi5jb20vQ2xhc3MzSW50ZXJuYXRpb25hbFNlcnZlci5j
cmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRw
czovL3d3dy52ZXJpc2lnbi5jb20vcnBhMCgGA1UdJQQhMB8GCWCGSAGG+EIEAQYI
KwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY
aHR0cDovL29jc3AudmVyaXNpZ24uY29tMG4GCCsGAQUFBwEMBGIwYKFeoFwwWjBY
MFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFEtruSiWBgy70FI4mymsSweLIQUY
MCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28xLmdpZjANBgkqhkiG
9w0BAQUFAAOBgQBQgdmcE6+4cIU8K2Oc6oleYJivNwV/ayBEHkUXkxeqampcZ0xr
yMUKqlbmGOCMvF+OqIWwLghnWENSK2x4KY4NRiARbtrV5hjShoJ6gE7zTG2hA/mK
G5mLDpkgFTdfCUzUrC3Yhne3cP9yFWUDRGLJy6HPOv1BqGVzKCSmKuyeWQ==
-----END CERTIFICATE-----
subject=/C=DK/ST=8600 Silkeborg/L=Frichsvej 18/O=JN Data A/S/OU=JN Data A/S/CN=mailin01.jndata.dk
issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
---
No client certificate CA names sent
---
SSL handshake has read 2741 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 19FE276A7B999E00B9AACE36E0764D1C3DA92BCD13E385BA94EB7A8C4E389A8A
    Session-ID-ctx:
    Master-Key: 76A2D2DF4969D0D2E998D289756B329836DD3AD39B1B1055C11E70ECAFAA7AED2BD5E563828A542136305B75AF86EE01
    Key-Arg   : None
    Start Time: 1283243766
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
250 STARTTLS

eller vil man få en sådan output.

No client certificate CA names sent
---
SSL handshake has read 3022 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 60DEF783F755C96F7F8F8B51A46FA9FEE59EC31985DF3541FD9C1A79AFB4FE60
    Session-ID-ctx:
    Master-Key: 590CE493718260A532112F3BE959B7FEE7FA95E275BD9025B4251D66ECD46E89B78BA4BBA2DDD751D5F057BF54840100
    Key-Arg   : None
    Start Time: 1283240998
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)

 

En installation af likewise-open på en Ubundu-lucid desktop

Linuxbruger@linuxbox:~$ sudo apt-get install likewise-open
[sudo] password for
Linuxbruger:
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
krb5-config krb5-user libgssrpc4 libkadm5clnt-mit7
Suggested packages:
krb5-doc likewise-open-gui
The following NEW packages will be installed:
krb5-config krb5-user libgssrpc4 libkadm5clnt-mit7 likewise-open
0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
Need to get 3.402kB of archives.
After this operation, 10,1MB of additional disk space will be used.
Do you want to continue [Y/n]? y

Hvis man på nuværrende tidspunkt prøver at Join domainet vil man få nedestående error.

Linuxbruger@linuxbox:~$ sudo domainjoin-cli join AD-Domain.local administrator
Joining to AD Domain:  
AD-Domain.local
With Computer DNS Name:
linuxbox.AD-Domain.local

administrator@
AD-Domain.LOCAL's password:

Error: Lsass Error [code 0x00080047]

40286 (0x9D5E) LW_ERROR_LDAP_SERVER_DOWN - Unknown error

Configurations scriptet kan ikke finde LDAP servern

Linuxbruger@linuxbox:~$ ping AD-Domain.local
ping: unknown host
AD-Domain.local

For at løse dette problem ligger vi domain navnet og en ip på en DC ind i hosts filen.

Linuxbruger@linuxbox:~$ sudo vi /etc/hosts
10.10.100.3 
AD-Domain.local

Herefter er det også nødvedig at ændre i nsswitch.conf

Linuxbruger@linuxbox:~$ sudo vi /etc/nsswitch.conf
ændre linjen:
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
til
hosts:          files dns

Genstart maskinen.

Linuxbruger@linuxbox:~$ sudo reboot

Nu er det mulig at JOIN domainet.

Linuxbruger@linuxbox:~$ sudo domainjoin-cli join AD-Domain.local administrator
[sudo] password for
Linuxbruger:
Joining to AD Domain:  
AD-Domain.local
With Computer DNS Name:
linuxbox.AD-Domain.local

administrator@AD-Domain.LOCAL's password:
Warning: System restart required
Your system has been configured to authenticate to Active Directory for the
first time.  It is recommended that you restart your system to ensure that all
applications recognize the new settings.

SUCCESS
You should reboot this system before attempting GUI logins as a domain user.
Linuxbruger@linuxbox:~$

Vi genstarter iigen ;-)

Linuxbruger@linuxbox:~$ sudo reboot

og nu kan man logge ind med sin Windows Credentials og browse windows netværet med disse, dog har man ikke admin rettigheder på den lokale linux-box, dette kan dog ændres ved at tilføje ens bruger-id til via visudo.

AD-Domain\ADbruger@linuxbox:~$ ssh Linuxbruger@localhost

Linuxbruger@linuxbox:~$ sudo visudo
tilføj for en enkelt bruger

AD-Domain\\ADbruger ALL=(ALL) ALL

eller som grupper

%AD-Domain\\Dksil01_all   ALL=(ALL) ALL
%AD-Domain\\domain^admins ALL=(ALL) ALL

Hvorved at man undgåer nedestående fejl.

T-NERD\ADbruger@linuxbox:~$ sudo su
[sudo] password for
AD-Domain\ADbruger:
Your password will expire in 9 days

Your password will expire in 9 days

AD-Domain\ADbruger is not in the sudoers file.  This incident will be reported

    domainjoin-cli join likewisedemo.com Administrator

Linuxbruger@linuxbox:~$ sudo domainjoin-cli join AD-Domain.local administrator
Joining to AD Domain:   AD-Domain.local
With Computer DNS Name: linuxbox.AD-Domain.local

This email address is being protected from spambots. You need JavaScript enabled to view it.'s password:

Error: Lsass Error [code 0x00080047]

40286 (0x9D5E) LW_ERROR_LDAP_SERVER_DOWN - Unknown error

Her er lidt om hvordan, jeg har opsat en debian server med asterisk til at benytte et par bluetooth mobiler som bærelinje for softphones.

Bluetooth

http://rc98.net/cellxfer - passkey-agent  ( skyldes at nokia 6310i ikke kan søge efter andet end bluetooth audiodevices, og derfor skal paring startes fra debian boxen)

http://www.voipphreak.ca/2008/page/9/  opsætning af chan_mobile til bluetooth

http://www.voip-info.org/wiki/view/chan_mobile

 http://www.saghul.net/blog/2007/08/29/howto-review-chan_mbile/

 http://www.voipphreak.ca/2008/10/30/installing-and-configuring-chan_mobile-for-bluetooth-presence-support-in-asterisk-16/

 

debian asterisk 1.6 install script

http://www.k1lnx.net/wiki/index.php/Asterisk_1.6_install_on_Debian_Lenny

http://www.k1lnx.net/wiki/index.php/Setting_up_streaming_Music_On_Hold

http://www.the-asterisk-book.com/unstable/faxserver-mit-iaxmodem-und-hylafax.html  asterisk fax server