Thursday 25 September 2014

(bash vulnerability) Bash software bug could be bigger threat than Heartbleed, experts warn

Secure your Linux , apple pc, servers
Try the vulnerability test (in Terminal): 

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
if you are vulnerable, you get back:
vulnerable
hello
if get it "vulnerable" please immediate update bash shell at linux.

for Centos\RHEL linux :
yum update bash

For ubuntu :

apt-get update aptapt-get install --only-upgrade bash or
mkdir srccd srcwget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patchesfor i in $(seq -f "%03g" 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; donetar zxvf bash-4.3.tar.gz cd bashcd bash-4.3#apply all patchesfor i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done#build and install./configure && make && make install cd
cd .. cd
cd ..rm -r src
Verify patch
export VULNCHECK='() { :; }; echo You are still vulnerable'; bash
You are still vulnerable


You can see if you’re vulnerable by running the following command:
In a vulnerable environment, it’ll say:

And again check vulnerability if look like its fine.
or
$ env X="() { :;} ; echo busted" /bin/sh -c "echo hello"
hello
 or
otherwise you get:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

Tuesday 23 September 2014

Install and configure atlassian jira and atlassian confluence for mysql on Linux\Centos\RHEL

Download jira and confluence package
cd /opt
wget http://www.atlassian.com/software/confluence/downloads/binary/atlassian-confluence-5.3-x64.bin

wget http://www.atlassian.com/software/jira/downloads/binary/atlassian-jira-6.1-x64.bin

wget http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.26.tar.gz/from/http://cdn.mysql.com/

Make executable jira/confluence bin file
chmod +x *.bin

tar -xvzf mysql-connector-java-5.1.26.tar.gz

Installing mysql server

yum install mysql-server mysql
service mysqld start
chkconfig mysqld on   (auto start service on system reboot)

Setup jira database 
mysql -u root -p
CREATE DATABASE jiradb CHARACTER SET utf8 COLLATE utf8_bin;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,INDEX on jiradb.* TO 'jirauser'@'localhost' IDENTIFIED BY 'jiradb';
FLUSH PRIVILEGES;
QUIT

./atlassian-jira-6.1-x64.bin

Configure atlassian jira for mysql
cd mysql-connector-java-5.1.26
cp *.jar /opt/atlassian/jira/lib/
service jira stop
service jira start
chkconfig jira on    (auto start service on system reboot)

Open jira on web browser and complete setup
http://localhost:8080


Setup confluence for mysql

mysql -u root -p
CREATE DATABASE confluence CHARACTER SET utf8 COLLATE utf8_bin;
GRANT ALL PRIVILEGES ON confluence.* TO 'confluenceuser'@'localhost' IDENTIFIED BY 'confluence';
FLUSH PRIVILEGES;
QUIT

./atlassian-confluence-5.3-x64.bin
cd mysql-connector-java-5.1.26
cp *.jar /opt/atlassian/confluence/lib/
service confluence restart
chkconfig confluence on

Open confluence on web browser and complete setup
http://localhost:8090




Wednesday 17 September 2014

OpenVPN Server and Client common issue

1. How to automatically log in to OpenVPN on Windows :

The following launch string is needed for either method:

For 32 bit Windows - "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect client.ovpn

For 64 bit Windows - "C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe" --connect client.ovpn

The client is replaced with the name of the OpenVPN configuration file you wish to start. Your list of available .ovpn files can be found in the 'OpenVPN/config' folder on your computer.

You now need to add this to your WIndows registry start settings. Open regedit on your computer and go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Add a new string entry. Give it a name you can identify later such as "openvpn" then add the above string.

OpenVPN auto start

2.  TLS related Error :

Wed Aug 27 16:05:18 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 27 16:05:18 2014 TLS Error: TLS handshake failed

Solution  :
1. may be openvpn server was not start
2. Check firewall - may respected port is not opened or try with disabled windows or third party firewall

----------------------------------------------------------------------------------
3. Error: 

VERIFY ERROR: depth=1, error=certificate is not yet valid:  in openvpn

Solution :

It may be date/time is not correct server and client machine.

----------------------------------------------------------------------------------
4. Error: 

No server certificate verification method has been enabled.

Solution :
make entry in client.ovpn  file
ns-cert-type server


Install and configure latest OpenVPN Server and Client on Windows machine

ON VPN SERVER :

1. On windows machine Enabling TCP/IP Forwarding

    Use Registry Editor (Regedt32.exe) to view the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    Set the following registry value:
    Value Name: IPEnableRouter
    Value type: REG_DWORD
    Value Data: 1
    NOTE: A value of 1 enables TCP/IP forwarding for all network connections installed and used by this computer.

2. Install openvpn (openvpn-install-2.3.4-I603-x86_64) with full packages, you will get easy-rsa tools
3. Create certificate for server and client
cd cd "Program Files\OpenVPN\easy-rsa"
C:\Program Files\OpenVPN\easy-rsa>init-config.bat  ( it's simply copy vars.bat.sample to vars.bat )
C:\Program Files\OpenVPN\easy-rsa>vars.bat         ( open vars and modify according to our requirement , like
set KEY_COUNTRY=IN
set KEY_PROVINCE=DL
set KEY_CITY=DELHI
set KEY_ORG=ABC
set KEY_EMAIL=abc@gmail.com
set KEY_CN=DELHI-IN
set KEY_NAME=DELHI-IN
set KEY_OU=ABCXYZ
set PKCS11_MODULE_PATH=changeme
set PKCS11_PIN=1234
C:\Program Files\OpenVPN\easy-rsa>clean-all.bat
C:\Program Files\OpenVPN\easy-rsa>build-ca.bat
C:\Program Files\OpenVPN\easy-rsa>build-key-server server
C:\Program Files\OpenVPN\easy-rsa>build-key client
note : please be sure Common Name value and Name value should be change
C:\Program Files\OpenVPN\easy-rsa>build-dh.bat

4. All keys files are stored in keys folder (C:\Program Files\OpenVPN\easy-rsa\keys) copy ca.crt, server.crt, server.key,dh1024.pem and
past in C:\Program Files\OpenVPN\config folder
5. copy server.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past in (C:\Program Files\OpenVPN\config) folder

6. open server.ovpn and make below changes and save it.

Server config :

local 192.168.1.20    (OpenVPN Server ip)
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"   (OpenVPN server network ips)
push "dhcp-option DOMAIN xxxx.com"    (if you are using domain)
client-to-client
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

7. Go to services.msc and make openVpn to start automatic on system start.

8. Be sure udp 1194 port should be open on firewall.

DONE................... server configuration

openVPN client configuration :

1. Install openvpn (openvpn-install-2.3.4-I603-x86_64) on default mode.
2. copy copy ca.crt, client.crt, client.key from server and past in client machine C:\Program Files\OpenVPN\config
3. copy client.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past it on client machine (C:\Program Files\OpenVPN\config)

4. open client.ovpn and make below changes
client config :
client
dev tun
proto udp
remote openvpn server ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3

5. Click on OpenVPN GUI and connect to OpenVPN SERVER


or

OpenVPN GUI connect command line

cd C:\Program Files\OpenVPN\bin
openvpn-gui.exe --config client.ovpn or openvpn.exe --config client.ovpn

Done!.....

Friday 12 September 2014

XEN SERVER 6.2- apply hotfixes,install client, xentools

XenServer 6.2

Download latest all hotfixes from below link :
http://support.citrix.com/article/CTX138115#XenServer%206.2

Apply hotfixes on XENSERVER 

[root@xenserver ~]#
    5  xe patch-upload file-name=XS62ESP1008.xsupdate
    7  xe patch-list | more                         ( find patch uuid )
    8  xe host-list                                  (find host uuid)
   12  xe patch-apply uuid=0850b186-4d47-11e3-a720-001b2151a503 host-uuid=b079bb9c-ab15-499b-90ad-93fd8142fde5
   15  xe-toolstack-restart
Error when applying Update 3: The upload update already exist. Check your settings and try again
http://support.citrix.com/article/ctx121325

Clean hotfix first then apply again :

type the command xe patch-list end press Enter.
Write down the Universally unique Identifier (UUID) of the Update 3 which is 1244e029-4f48-4503-82c7-db4e2ec8f70d.

Type the command xe patch-clean uuid=1244e029-4f48-4503-82c7-db4e2ec8f70d and press Enter.

Create NFS ISO library :

NFS ISO Library [10.201.8.2:/opt/images]

Installing XenServer Tools on Windows VMs

Important: Note that installing XenServer Tools will cause any media in the virtual machine's CD/DVD-drive to be ejected. Do not attempt to install XenServer Tools if the virtual machine's CD/DVD-drive is in use, for example, during OS install from CD.
Select the VM in the Resources pane, right-click, and then click Install XenServer Tools on the shortcut menu. Alternatively, on the VM menu, click Install XenServer Tools.
Click Install XenServer Tools on the message dialog to go to the VM's console and begin the installation.
If Autoplay is enabled for the VM's CD drive, installation will be started automatically after a few moments. If Autoplay is not enabled, double-click on the CD drive to begin installing XenServer Tools.
Follow the on-screen instructions, and reboot the VM when prompted.

Installing XenServer Tools on Linux VMs 

Select the VM in the Resources pane, right-click, and then click Install XenServer Tools on the shortcut menu. Alternatively, on the VM menu, click Install XenServer Tools.
Click Install XenServer Tools on the message dialog to go to the VM's console.
As the root user, mount the image into the VM:
mount /dev/xvdd /mntExecute the installation script as the root user:

/mnt/Linux/install.sh

Download and Install xencenter client on windows:

http://downloadns.citrix.com.edgesuite.net/8708/XenCenter.msi

Install openxenmanager( xencenter client) on linux/centos :

 1008 cd /opt
 1009 wget http://sourceforge.net/projects/openxenmanager/files/openxenmanager_rev48.tar.gz
 1010  tar -xvzf openxenmanager_rev48.tar.gz
 1012  cd openxenmanager
 1014  vi /usr/bin/xenmanager
 1015  chmod 755 /usr/bin/xenmanager
 1019  yum install rrdtool
 1023  yum search python|grep gtk
 1024  yum install gtk-vnc-python.x86_64

 1025  yum install pygtk2.x86_64


Create template :
 

 https://www.youtube.com/watch?v=hK0P6I-JPgo

Change DNS SERVER IP in xen server :
 1. login shell prompt
 2.  Now you'll want to run xe pif-list
Take note of the uuid of your management interface.
3.  Now you'll want to run the xe pif-reconfigure-ip uuid=youruuid mode=static IP=192.168.1.12 netmask=255.255.255.0 gateway=192.168.1.1 DNS=192.168.1.1,8.8.8.8

Press enter and you're set :)
Comman error:

Error:
0x000000FE

Solution :

Change clone machine name

Error on clone machine :

ERROR:

[root@localhost ~]# yum install php ( installing any package )
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os error was
14: PYCURL ERROR 22 - "The requested URL returned error: 403 Forbidden"
Error: Cannot find a valid baseurl for repo: base
[root@localhost ~]#

Solution :
network issue related to internet



Install XRDP in Centos 7

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum update yum groupinstall "GNOME Desktop" ...