Nasser Heidari

September 26, 2009

Slackware boot on CCISS Dev

Filed under: Linux — Nasser Heidari @ 1:34 pm

Today , after Installing Slackware 13 on HP DL360 , i found out that lilo can not write the MBR and eventually the OS could not be loaded !
After a bit Googling, i solved my problem , here is the solution :

After Slackware installation finished , before rebooting to OS follow the below commands:


# mkdir /mnt/root
# mount /dev/cciss/c0d0p1 /mnt/root     (c0d0p1 is my / Partition)
# mount -o bind /dev /mnt/root/dev
# mount -t proc none /mnt/root/proc
# chroot /mnt/root

After chrooting edit your lilo configuration file and change boot device:

boot = /dev/cciss/c0d0p4

and then :

# lilo -M /dev/cciss/c0d0 mbr
# lilo

and then reboot to your new OS .

September 24, 2009

Defending Against Slowloris (Centos)

Filed under: Linux — Nasser Heidari @ 1:52 pm 
# cd /tmp
# wget ftp://ftp.monshouwer.eu/pub/linux/mod_antiloris/mod_antiloris-0.3-1.el5.MIND.i386.rpm
# rpm -ivh mod_antiloris-0.3-1.el5.MIND.i386.rpm
# /etc/init.d/httpd restart

September 16, 2009

Slackware 13 -> Kernel 2.6.31, iptables-1.4.5 + l7-filter + TARPIT + ipp2p

Filed under: Linux — Nasser Heidari @ 3:19 pm

————— Download and Extracting Packages:

# cd /usr/src
# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.31.tar.bz2
# wget http://iptables.org/projects/iptables/files/iptables-1.4.5.tar.bz2
# wget http://enterprise.bih.harvard.edu/pub/tarpit-updates/iptables-1.4.2-tarpit.diff
# wget http://ufpr.dl.sourceforge.net/sourceforge/xtables-addons/xtables-addons-1.18.tar.bz2
# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.22.tar.gz
# wget http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz

# for archive in *.bz2; do tar -jxf $archive;done
# for archive in *.gz; do tar -zxf $archive;done

————— Creating symbolic links: 

# ln -s linux-2.6.31 linux
# ln -s iptables-1.4.5 iptables
# ln -s xtables-addons-1.18 xtables-addons

————— Patching Kernel and Kernel Compile :

# cd /usr/src/linux
# patch -p1 < ../netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch
# make menuconfig
		Networking options  --->
		...
		...
		[*] Network packet filtering framework (Netfilter)  --->
	           Core Netfilter Configuration  --->
			 Netfilter connection tracking support
			...
			...
			 "layer7" match support

# make all && make modules_install
# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.31-l7
# cp System.map /boot/System.map-2.6.31-l7
# cp .config /boot/config-2.6.31-l7
# vi /etc/lilo.conf

default = Sl-2.6.31

image = /boot/vmlinuz-2.6.31-l7
  root = /dev/sda2
  label = Sl-2.6.31
  read-only
# lilo
# Reboot

————— Patching and installing iptables 1.4.5:

# cd /usr/src/iptables/extensions
# cp ../../netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/libxt_layer7.* .
# sed -i 's/exit_error(/xtables_error(/' libxt_layer7.c
# cd ..
# patch -p1 -NE < ../iptables-1.4.2-tarpit.diff
# cp /usr/src/linux/include/asm-generic/bitsperlong.h /usr/src/linux/include/asm/
# ./configure --with-ksource=/usr/src/linux \
--prefix=/usr --with-xtlibdir=/lib/xtables --libdir=/lib --enable-libipq --enable-devel
# make && make install
# cd /usr/src/l7-protocols-2009-05-28/
# make install

————— Xtables-addons compile: 

# cd /usr/src/xtables-addons
# ./configure  --with-xtables=/lib  --prefix=/usr \
--mandir=/usr/share/man --infodir=/usr/share/info --libexecdir=/lib  \
--with-ksource=/usr/src/linux --includedir=/usr/include/
# make && make install

————— Testing the Installation:

# iptables -j TARPIT -h
# iptables -m ipp2p  -h
# iptables -m layer7 -h

Thanks to:
http://www.ecualug.org
http://www.altctrldel.com

Squid as a reverse proxy (Web Accelerator)

Filed under: Linux — Nasser Heidari @ 3:25 am

Web Server IP Address –> 192.168.0.1
Public IP address (The Address that Squid will listen on to handle web requests) –> 10.10.10.10
web Server FQDN name —> http://linax.wordpress.com

# cd /usr/local/src/
# wget http://www.squid-cache.org/Versions/v2/2.7/squid-2.7.STABLE6.tar.bz2
# tar -jxf squid-2.7.STABLE6.tar.bz2
# cd squid-2.7.STABLE6/
# ./configure  --prefix=/opt/squid2.7 --disable-internal-dns \
 --enable-forward-log  --enable-follow-x-forwarded-for  --enable-snmp \
--enable-linux-netfilter  --enable-http-violations  --enable-delay-pools \
--enable-storeio=diskd,aufs,ufs,coss  --with-coss-membuf-size=8388608  --with-large-files \
--enable-large-cache-files  --with-maxfd=8192  --enable-async-io=64  \
--enable-removal-policies=lru,heap --enable-useragent-log  --enable-referer-log  \
--enable-err-languages=English  --enable-default-err-language=English
# make && make install
# cd /opt/squid2.7/etc/
# cp squid.conf{,-bak}

here is my squid.conf :
—————————————————————
# cat squid.conf 


acl all src all
acl web-server dst 192.168.0.1/255.255.255.255
acl http_port port 80
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow web-server http_port all
http_access deny all
deny_info http://linax.wordpress.com/ all
icp_access deny all
http_port 10.10.10.10:80 accel defaultsite=linax.wordpress.com
cache_peer 192.168.0.1 parent 80 0 no-query originserver default
icp_port 0
hierarchy_stoplist cgi-bin ?
cache_mem 1024 MB
maximum_object_size_in_memory 128 KB
cache_dir aufs /opt/squid2.7/var/cache 4096 16 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
maximum_object_size 104857 KB
access_log /opt/squid2.7/var/logs/access.log squid
logfile_rotate 1
refresh_pattern         cgi-bin         1 40% 2
refresh_pattern         \.asp$          1 40% 2
refresh_pattern         \.acgi$         1 40% 2
refresh_pattern         \.cgi$          1 40% 2
refresh_pattern         \.pl$           1 40% 2
refresh_pattern         \.shtml$        1 40% 2
refresh_pattern         \.php3$         1 40% 2
refresh_pattern         \?              1 40% 2
refresh_pattern         \.gif$          10080   90%     43200 reload-into-ims
refresh_pattern         \.jpg$          10080   90%     43200 reload-into-ims
refresh_pattern         \.bom\.gov\.au     30   20%       120 reload-into-ims
refresh_pattern         \.html$           480   50%     22160 reload-into-ims
refresh_pattern         \.htm$            480   50%     22160 reload-into-ims
refresh_pattern         \.class$        10080   90%     43200 reload-into-ims
refresh_pattern         \.zip$          10080   90%     43200 reload-into-ims
refresh_pattern         \.jpeg$         10080   90%     43200 reload-into-ims
refresh_pattern         \.mid$          10080   90%     43200 reload-into-ims
refresh_pattern         \.shtml$          480   50%     22160 reload-into-ims
refresh_pattern         \.exe$          10080   90%     43200 reload-into-ims
refresh_pattern         \.thm$          10080   90%     43200 reload-into-ims
refresh_pattern         \.wav$          10080   90%     43200 reload-into-ims
refresh_pattern         \.txt$          10080   90%     43200 reload-into-ims
refresh_pattern         \.cab$          10080   90%     43200 reload-into-ims
refresh_pattern         \.au$           10080   90%     43200 reload-into-ims
refresh_pattern         \.mov$          10080   90%     43200 reload-into-ims
refresh_pattern         \.xbm$          10080   90%     43200 reload-into-ims
refresh_pattern         \.ram$          10080   90%     43200 reload-into-ims
refresh_pattern         \.avi$          10080   90%     43200 reload-into-ims
refresh_pattern         \.chtml$          480   50%     22160 reload-into-ims
refresh_pattern         \.thb$          10080   90%     43200 reload-into-ims
refresh_pattern         \.dcr$          10080   90%     43200 reload-into-ims
refresh_pattern         \.bmp$          10080   90%     43200 reload-into-ims
refresh_pattern         \.phtml$          480   50%     22160 reload-into-ims
refresh_pattern         \.mpg$          10080   90%     43200 reload-into-ims
refresh_pattern         \.pdf$          10080   90%     43200 reload-into-ims
refresh_pattern         \.art$          10080   90%     43200 reload-into-ims
refresh_pattern         \.swf$          10080   90%     43200 reload-into-ims
refresh_pattern         \.mp3$          10080   90%     43200 reload-into-ims
refresh_pattern         \.ra$           10080   90%     43200 reload-into-ims
refresh_pattern         \.spl$          10080   90%     43200 reload-into-ims
refresh_pattern         \.viv$          10080   90%     43200 reload-into-ims
refresh_pattern         \.doc$          10080   90%     43200 reload-into-ims
refresh_pattern         \.gz$           10080   90%     43200 reload-into-ims
refresh_pattern         \.Z$            10080   90%     43200 reload-into-ims
refresh_pattern         \.tgz$          10080   90%     43200 reload-into-ims
refresh_pattern         \.tar$          10080   90%     43200 reload-into-ims
refresh_pattern         \.vrm$          10080   90%     43200 reload-into-ims
refresh_pattern         \.vrml$         10080   90%     43200 reload-into-ims
refresh_pattern         \.aif$          10080   90%     43200 reload-into-ims
refresh_pattern         \.aifc$         10080   90%     43200 reload-into-ims
refresh_pattern         \.aiff$         10080   90%     43200 reload-into-ims
refresh_pattern         \.arj$          10080   90%     43200 reload-into-ims
refresh_pattern         \.c$            10080   90%     43200 reload-into-ims
refresh_pattern         \.cpt$          10080   90%     43200 reload-into-ims
refresh_pattern         \.dir$          10080   90%     43200 reload-into-ims
refresh_pattern         \.dxr$          10080   90%     43200 reload-into-ims
refresh_pattern         \.hqx$          10080   90%     43200 reload-into-ims
refresh_pattern         \.jpe$          10080   90%     43200 reload-into-ims
refresh_pattern         \.lha$          10080   90%     43200 reload-into-ims
refresh_pattern         \.lzh$          10080   90%     43200 reload-into-ims
refresh_pattern         \.midi$         10080   90%     43200 reload-into-ims
refresh_pattern         \.movie$        10080   90%     43200 reload-into-ims
refresh_pattern         \.mp2$          10080   90%     43200 reload-into-ims
refresh_pattern         \.mpe$          10080   90%     43200 reload-into-ims
refresh_pattern         \.mpeg$         10080   90%     43200 reload-into-ims
refresh_pattern         \.mpga$         10080   90%     43200 reload-into-ims
refresh_pattern         \.pl$           10080   90%     43200 reload-into-ims
refresh_pattern         \.ppt$          10080   90%     43200 reload-into-ims
refresh_pattern         \.ps$           10080   90%     43200 reload-into-ims
refresh_pattern         \.qt$           10080   90%     43200 reload-into-ims
refresh_pattern         \.qtm$          10080   90%     43200 reload-into-ims
refresh_pattern         \.ras$          10080   90%     43200 reload-into-ims
refresh_pattern         \.sea$          10080   90%     43200 reload-into-ims
refresh_pattern         \.sit$          10080   90%     43200 reload-into-ims
refresh_pattern         \.tif$          10080   90%     43200 reload-into-ims
refresh_pattern         \.tiff$         10080   90%     43200 reload-into-ims
refresh_pattern         \.snd$          10080   90%     43200 reload-into-ims
refresh_pattern         \.wrl$          10080   90%     43200 reload-into-ims
refresh_pattern         ^ftp:           1440   60%      22160
refresh_pattern         ^gopher:        1440   20%      1440
refresh_pattern         -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern         .               480     50%     22160 reload-into-ims
quick_abort_min 32 KB
quick_abort_max 32 KB
quick_abort_pct 95
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /opt/squid2.7/var/cache
cache_mgr nasser@linax.wordpress.com
visible_hostname linax.wordpress.com
dns_children 8
forwarded_for on
emulate_httpd_log on
redirect_rewrites_host_header off
buffered_logs on

—————————————————————
First Start:

# mkdir /opt/squid2.7/var/cache
# chown -R nobody:nobody /opt/squid2.7/var/cache
# /opt/squid2.7/sbin/squid -z

# /opt/squid2.7/sbin/squid -D

Thanks to Pejman Moghadam

September 12, 2009

Linux Dummy network device

Filed under: Linux — Nasser Heidari @ 6:05 pm

A dummy interface is used by TCP/IP to assign an IP address to your machine, which is required for both SLIP and PPP. The reason for a dummy interface is simple: When you connect to an ISP, your IP address is often assigned dynamically, and you never know what the IP address will be in advance. This can cause problems for TCP/IP routines in your kernel that need to know an IP address to function properly. TCP/IP is happy when you assign an IP address—the dummy interface IP address—to your machine. The need for an IP address internally is most important when you are not connected to your ISP because many network-aware applications (such as email, newsreaders, and so on) need to have some IP address to connect to, even if it doesn’t lead anywhere. This dummy interface IP address does not conflict with the one assigned by your ISP.

# modprobe dummy
# ifconfig dummy0 1.2.3.4 netmask 255.0.0.0

# modprobe dummy -o dummy1
# ifconfig dummy1 4.3.2.1 netmask 255.255.0.0

if you need to create 5 dummy interfaces , you can use this command :

# modprobe dummy numdummies=5

August 26, 2009

PF – Packet Filter (Part 1)

Filed under: freebsd — Nasser Heidari @ 8:22 am

From: http://www.openbsd.org/faq/pf

# echo 'pf=YES' >> /etc/rc.conf.local

# pfctl -e    -> activate PF
# pfctl -d    -> deactivate PF

Note:Note that this just enables or disables PF, it doesn’t actually load a ruleset. The ruleset must be loaded separately, either before or after PF is enabled.

# pfctl -f /etc/pf.confLoad the pf.conf file
# pfctl -nf /etc/pf.conf    Parse the file, but don't load it
# pfctl -Nf /etc/pf.conf    Load only the NAT rules from the file
# pfctl -Rf /etc/pf.conf    Load only the filter rules from the file

# pfctl -sn   		    Show the current NAT rules
# pfctl -sr                 Show the current filter rules
# pfctl -ss                 Show the current state table
# pfctl -si                 Show filter stats and counters
# pfctl -sa                 Show EVERYTHING it can show

Lists:

Lists are defined by specifying items within { } brackets:

block out on fxp0 from { 192.168.0.1, 10.5.32.6 } to any
block out on fxp0 proto { tcp udp } from { 192.168.0.1, 10.5.32.6 } to any port { ssh telnet }

trusted = “{ 192.168.1.2 192.168.5.36 }”
pass in inet proto tcp from { 10.10.0.0/24 $trusted } to port 22

Note:The commas between list items are optional.

Tables:

table { 192.0.2.0/24 }
table const { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }
table persist file “/etc/spammers”

block in on fxp0 from { , } to any
pass in on fxp0 from to any


Table Address Matching

An address lookup against a table will return the most narrowly matching entry. This allows for the creation of tables such as:

table { 172.16.0.0/16, !172.16.1.0/24, 172.16.1.100 }

block in on dc0 all
pass in on dc0 from to any

Any packet coming in through dc0 will have its source address matched against the table :
• 172.16.50.5 – narrowest match is 172.16.0.0/16; packet matches the table and will be passed
• 172.16.1.25 – narrowest match is !172.16.1.0/24; packet matches an entry in the table but that entry is negated (uses the “!” modifier); packet does not match the table and will be blocked
• 172.16.1.100 – exactly matches 172.16.1.100; packet matches the table and will be passed
• 10.1.4.55 – does not match the table and will be blocked

Manipulating with pfctl

Tables can be manipulated on the fly by using pfctl(8). For instance, to add entries to the table created above: 

# pfctl -t spammers -T add 218.70.0.0/16

This will also create the table if it doesn’t already exist. To list the addresses in a table: 

# pfctl -t spammers -T show

The -v argument can also be used with -Tshow to display statistics for each table entry. To remove addresses from a table: 

# pfctl -t spammers -T delete 218.70.0.0/16

August 25, 2009

OpenBSD pkg_add’s interactive mode

Filed under: Uncategorized — Nasser Heidari @ 7:19 pm 
# export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.5/packages/i386/
# pkg_add -i pidgin

Choose one package
0:
1: pidgin-2.5.4p0
2: pidgin-2.5.4p0-gtkspell
Your choice:

FreeBSD Policy Routing

Filed under: freebsd — Nasser Heidari @ 2:22 pm

Policy routing is the art of deviating from destination-based shortest-path routing decisions of dynamic routing protocols. Policy routing considers aspects such as source/destination address, ports, protocol, type of service (ToS), and entry interfaces; do not confuse it with a routing policy or traffic policing. Traffic policing and shaping are sometimes summarized as traffic conditioning. Linux offers by far the most evolved policy routing approach of all Unices via multiple routing tables, the Routing Policy Database (RPDB), and the iproute2 (ip and tc) package for administration. Most other UNIX implementations implement policy routing via firewall marks and packet-mangling hooks.
Policy-routing setup on BSD platforms is pretty straightforward, limited, and essentially integrated into firewall architectures . Firewalling, NAT, and policy enforcement are done by basically the same “packet-mangling” structures.

# pass out quick on bge0 to bge1:192.168.1.1 from 172.16.1.200 to any
# pass out log quick on bge0 route-to le0:192.168.1.1 proto icmp from le0 to any
# pass out log quick on bge0 proto icmp from any to any

Original Document: etutorials.org

August 17, 2009

Extracting an RPM Package

Filed under: Linux — Nasser Heidari @ 5:29 am 

# mkdir /tmp/test ; cd /tmp/test
# wget http://people.redhat.com/jdennis/freeradius-rhel-centos/x86_64/freeradius2-mysql-2.1.6-2.el5.x86_64.rpm
# rpm2cpio freeradius2-mysql-2.1.6-2.el5.x86_64.rpm | cpio -idmv

August 4, 2009

Happy Birthday to me!

Filed under: Uncategorized — Nasser Heidari @ 1:58 am

Happy Birthday to me!
I wish myself truck loads of cheer! I hope I laugh out loud. I wish me well!
I didn’t stay up last night to watch the clock change over. I went to bed at a reasonable hour and woke up this morning in time to Pray.
Truth is last year was great! When I look back at where I was a year ago I see myself with good friends . I have friends who make me laugh, but who are also wicked smart and teach me something new almost everyday.

It’s the Dawn of a new year!
Happy My Birthday!

« Previous PageNext Page »

Blog at WordPress.com.