Enabling SSH and block Telnet in Cisco Routers/Switches

SSH protocol encrypts the traffic between client and server in a remote session. So for network security purpose, we should enable only SSH access to networking devices.

Before enabling SSH, make sure we configured hostname and domain name properly. This will be used to store the name of the RSA key pair generated.  All the configurations are to be done in Global config mode.

hostname Router1
ip domain name ds.myorganization.in

Change hostname and 'ds.myorganization.in' domain name to your organization domain name. Now generate the RSA keys for SSH

crypto key generate rsa

This will ask the number of bits required for modulus function. Default is 512 bits but if we want to enable SSH version 2, bits should be more than 768. So, better keep 1024 bits.

Setting up wireless ad-hoc computer to computer network in Windows 8

 In earlier versions of Windows, It was easy to create ad-hoc network to share your internet connection with another computer or mobile through WiFi. In Windows 8 , there is no direct way to make ad-hoc network.

1. Geeky way:
   Use netsh wlan commands to setup a new network, and share your internet using Internet Connection Sharing (ICS)
• Go to cmd . Right click and Run as administrator.

• Type the following command
  netsh wlan set hostednetwork mode=allow ssid=network_name key=password_here
  For example:
  netsh wlan set hostednetwork mode=allow ssid=HOMEWIFI key=password1234
  (Note: Password should be minimum of 8 characters. )

How to find which application is using a TCP port in Windows

If a port is already in use by some unknown program and when you try to use the same port , you get a lot of errors like "Port already in use" , "Bind Exception" , "Port 80 already in use" etc. So in such case, You have to find out which process is already using this port and you can kill that process.

Steps to find which application is using a TCP port in Windows

1. Type the command to find the Process ID
Go to Run -> cmd and Type


 netstat -ano | more 

Installing TFTP Server on Ubuntu

TFTP Server is usefull for PXE booting or configuring automatic back up of Cisco routers and Switches etc. Installing TFTP Server can be done in a few steps :

We are going install TFTP Server on a machine running Ubuntu ( version 10.04 32 bit Desktop Edition).

Steps to Install and Configure TFTP Server on Ubuntu

1. Step 1: Install TFTP Server
Either you can install using command line or Go to Ubuntu Software center. In command line type"sudo apt-get install tftpd-hpa" Or Search for tftpd-hpa in Software Center and click install

Active Directory Authentication for APACHE Web Server

For authenticating users against their Active Directory account in APACHE Web Server, you have to edit the /etc/apache2/httpd.conf .

Notes

1. You should bind some other common AD account with LDAP
2. Provide LDAP URL of you Domain Controller . Here I assume the Domain is DC.EXAMPLE.COM and IP of the Domain Controller is 192.168.40.1 .
3. I am binding with another account guest@example.com . So give FQDN of this acount .
4. You should enable the authnz_ldap module for apache.

Delete lines inside a file matching a pattern

You can use pattern matching of sed to do so !

sed -i '/pattern/d' filename

Example: To remove the lines containing "server" from foo.txt ,do this

sed -i '/server/d' foo.txt

I felt this usefull often . For more SED tutorials , visit http://www.grymoire.com/Unix/Sed.html

MRTG Start Up Script for Ubuntu

MRTG as a Start Up Service in Ubuntu

I am monitoring a lot of routers and switches of my organization using MRTG ( Multi Router Traffic Grapher ) . It is one of the best tools to give you an overview of bandwidth utilizations, CPU/Memory Utilizations etc. Here is a small bash script to make all these MRTG process act as a service which is automatically start up at reboot.

Details of MRTG

I am using MRTG with RRDTool using routers.cgi script. My MRTG configurations arrangements are like

• Location1 Folder
  • router.cfg
  • switch.cfg
  • servers.cfg
• Location2 Folder
  • router.cfg
  • switch.cfg
  • servers.cfg
• Location3 Folder
  • SubLocation1 Folder
    • router.cfg
    • switch.cfg
    • servers.cfg
  • SubLocation2 Folder
    • router.cfg
    • switch.cfg
    • servers.cfg
  • router.cfg

Firewall in Ubuntu

How to set up a firewall in Ubuntu ?

Firewall is already in built into your Linux kernel. You just want to configure it properly for your needs !

Firewall is for filtering all the traffic which is headed into or out of your computer. In Linux Kernel , netfilter subsystem take care of this traffic. You just add the rules for accepting, rejecting or denying the traffic.

How to add rules into netfilter ?

 Use the IPTABLES . Iptables are really complex and flexible . See Basic How to of Iptables here https://help.ubuntu.com/community/IptablesHowTo  . 

UFW, Uncomplicated FireWall

There are many high level user interfaces for this Iptables. One is pre-installed with all Ubuntu distros higher that 8.04 , ie UFW or Uncomplicated FireWall . See more here https://help.ubuntu.com/community/UFW .  

GUFW, a Graphical Interface for UFW

GUFW is a GUI interface for UFW which is very easy to use and add rules .See more here https://help.ubuntu.com/community/Gufw

Keyboard shortcut to Open terminal in Ubuntu

CTRL + ALT + T

is the default key combination to open command line terminal ( BASH terminal ) in Ubuntu. This can be further changed by going to System -> Preferences -> Keyboard Shortcuts

Installing / Uninstalling .deb files in Ubuntu

In Ubuntu , the package files are in .deb files . To install the packages file , you should be having administrative password.

Installing .deb debian package file in Ubuntu

• Double click the .deb file , it will be automatically opened with the GDebi Package manager and you can install it
• From command line , use this command to install a package .
  

  sudo dpkg -i PACKAGEFILE.deb

Uninstalling a package in Ubuntu

• From command line, use this command
  

  sudo dpkg -r PACKAGENAME

Using GREP command in Terminal to search the entire directory

GREP command is one of most usefull commands in linux terminal.

Searching entire directory

To search a string in all files and sub-direcotries of directory, use the -nr option with GREP.

grep -nr "SEARCH_STRING" FOLDER 

Eg: For searching for "Hello World" in the current direcory , Use it like

grep -nr "Hello World" . 

Automatic wallpaper changer script for Linux

I always want linux to compete with windows. In windows 7 , wallpaper changes automatically .So i wrote this script .

#!/bin/bash

#author IRFAN NASEEF P
#       irfan@nitc.ac.in
# please report bugs to the author

# Usually the background pics are stored in /usr/share/backgrounds

cd /usr/share/backgrounds

num=`ls | wc -l`
#echo $num
choice=`expr $RANDOM % $num`
#echo "choice is $choice"
filename=`eval ls | head -$choice  | tail -1`
#echo "That is $filename"

if [ -f $filename ]
then
gconftool-2  --type string  --set /desktop/gnome/background/picture_filename "/usr/share/backgrounds/$filename"
else
  #echo "$filename is not a file"
  exit 1
fi

exit 0


#####

You can run this script in crontab for automatic changing of wallpaper.
Or you can put it as a nautilus-script .

script to copy file to remote server (Using scp)

I always want to copy files to my athena account, which is the server in our lab where i have an account.So i wrote this script , which helps me not to write a long line command always.

#!/bin/bash
#
#Author: IRFAN NASEEF 
#
#

if [ $# -lt 1 ]
then 
  echo "Error:Specify atleast a file"
  exit 1 ;
fi

echo "Specify Destination folder"
read dest;

for file in $@
do
  if [ -f $file ]
  then
    echo "Copying file $file to $dest"
    scp $file b070147cs@192.168.40.99:$dest
    if [ $? -eq 0 ]
    then
      echo "Successfull"
    else
      echo "Error :copying" 
    fi
  else
    echo "Error: $file doesnot exist"
    exit 2 ;
  fi
done 

exit 0;
#############################################

And if you have done as per this post(see here) , you can save typing passwords too .

tweeting from the BASH terminal

i feel this an awesome script..tweet from command line terminal in linux..
script is as follows:

#!/bin/bash

username="yourUserName" ;
password="yourPassword";

URL="http://twitter.com/statuses/update.xml" ;

if [ $(echo "$1" | wc -c ) -gt 140 ]
then
echo "Whoo: Its more than 140 characters"
exit 0;
fi

result=$(curl -u $username:$password -d status="$1" $URL) ;

exit 0 ;

save this in some file name "tweet" and make it executable ( chmod +x tweet )
And for simplicty add an alias ..
Now tweet from terminal using the command

tweet "tweeting from the command line"

Add file to VLC playlist by right clicking

I found a simple nautilus script which is very usefull for those who usually plays something in VLC. Script to add a file to VLC playlist by simple right clicking on the file .

What to do ?

cd ~/.gnome2/nautilus-scripts

touch "Add to VLC Playlist"

then copy the following to the file "Add to Playlist"

Pre-requisite: Install zenity from your package manager

#!/bin/bash

## Ny Narendra Sisodiya, for SchoolOS
## narendra.sisodiya@gmail.com
## modified by: IRFAN NASEEF P
##             irfan@nitc.ac.in

checkFileType()
{
  file $1 | grep -i "audio" || file $1 | grep -i "video" || file $1 | grep -i "ogv" || file $1 | grep -i "mpeg"
  RES=$?
  if [ $RES -eq 0 ]
  then
      return 0
  else
      zenity --error --title "VLC says: " --text "Error: $FILENAME is not an audio/video file"
      return 1
 
   
   fi
}

IFS=$'\n'
for FILENAME in $NAUTILUS_SCRIPT_SELECTED_FILE_PATHS
do
  checkFileType $FILENAME

  if [ $? -eq 0 ]
  then
    vlc --started-from-file --one-instance-when-started-from-file --playlist-enqueue "$FILENAME"
    
 fi
done

exit 0

################

Then save ..

Now you can see a 'Scripts' option when you right click , and a 'Add to VLC Playlist' in it. Now you can directly add files to playlist by simply right clicking .

Instant File sharing in LAN

Do you wanna share something in the local area network quickly..without wasting your time with apache or any daemons..here is the technique for that..

First of all, open a terminal and move into the folder you wanna share.Say i want to share /home/xxx/Downloads folder..So open a terminal and then cd /home/xxx/Downloads.

Then type this command

python -c "import SimpleHTTPServer; SimpleHTTPServer.test();"




Then your folder can be accessed through web browser by typing http://your_ip:8000/.



Njoy

NMAP: The Best network exploration tool

Nmap (“Network Mapper”) is an open source tool for network exploration. It was designed to rapidly scan large networks, although it works fine against single hosts.

WHAT IT CAN DO FOR YOU ?
Nmap determines what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, is there any open unfiltered ports and dozens of other characteristics.
Systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime and firewall monitoring.
In between the lines, it says that nmap is an unavoidable tool for a hacker..

INSTALLATION::

sudo apt-get install nmap

USAGE:

nmap -parameters -options target_specification

PORT SCANNING USING nmap::

What are ports? Don't think that they are the one you see behind your pc , used to insert the LAN cable and USB..these are not that physical ports..these are logical ones ..you can't see them.But they are the ways by which two computers can communicate. Processes in a computer will have ports associated with them..like port 80 for HTTP, port 22 for ssh etc.. So if you want to access some other computer, you should find a open unfiltered port in that..

Ports can have these stages:
1) open : these ports have some application linked to it( Attackers can attack this way..)
2) closed : these ports are accessible but there is no application listening to it..so no use
3) filtered: these are being monitored by firewalls..
4)unfiltered: Not under monitoring..may be open or closed.

There are different types of port scanning.

1) TCP SYN scan ( -sS )

> These are default and quick
> clearly differentiates open,closed and filtered ports
> Does not establish TCP connection..so nobody catches u
> it takes less time

2) TCP connect Scan (-sT )

> creates connection with target..so this takes more time

3) ACK scan ( -sA )

> This doesn't determine a port is closed or open.
> It differentiaties only filtered and non filtered.

The list goes on..i am not listing all here..

WHAT ELSE CAN YOU DO ?

> You can detect the Operating System of the target you specified. (option -O )

> You can scan an entire subnet and find the hosts .

> You can specify particular ports to scan.( -p <port ranges>)

> You can detect the services(and their versions ) running in these ports. (option -sV)

I will show u a few examples



nmap -v -O 192.168.75.97
This will scan the system and detect the operating systems used .Output of this command is shown here and you can see detected operating system is marked.




nmap -sS -p 22,53,110,143,4564 198.168.75.1-127
This will scan specified ports(22,53..) in host in specified ip range..

Njoy

Creating Permanent Aliases

I am too lazy to type long commands like "ssh username@remote_server_addres" ..etc...So Aliases came to help me..Now i just type 'aaa" to login to server..Ya it's true..commands make the life simpler..

So how to do this ? here you go..

1) gedit ~/.bash_aliases

Opens the file .bash_aliases [ even if it is not there now]

2) Type all aliases you want to give here..

alias any_name='ssh username@remote_address'

and save it

3) gedit ~/.bashrc

opens the .bashrc file

4) find following lines

if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi

5) If you got the above lines, uncomment it ( remove the # at the begining ,if any).

DONE..start a new terminal and type the name you gave as alias any_name,,it will connect to your server..
You can do this for any commands..like if u always want to list all files and folders(including hidden) in the current direcotry you do ls -a. In such case, create alias named ls as 'ls -a'..So typing ls will list hidden also.


Njoy.

SSH without Password Authentication

I feel very difficult to type passwords always when i login to our institution's remote server Athena. Recently i found this tip helped me a lot. I am sure it will help you.
Here we are using some cryptographic approach of generating a public key and private key pair.Don't think it's difficult ..i am not going to teach u about cryptography..


So follow these steps:[ with each command i will giv u a little explanation. You should know what you are doing ] .I assume that you have got ssh installed in your system(it will be there by default in many distros) and you have an account in remote server.

1) ssh-keygen -t dsa

Here you are generating key pair.The program will ask a series of prompted questions. For our purposes, it is Ok to just keep pressing the "enter key" for the defaults.

2) ls -l ~/.ssh

It will show like this. The file id_dsa.pub is the public key file.
total 12
-rw------- 1 irfan irfan 736 2009-11-12 23:45 id_dsa
-rw-r--r-- 1 irfan irfan 604 2009-11-12 23:45 id_dsa.pub
-rw-r--r-- 1 irfan irfan 2210 2009-11-12 18:43 known_hosts

3) chmod 700 ~/.ssh
chmod 600 ~/.ssh/*

This will make sure the user have necessary permissions with the file.( i will explain chmod in my coming posts..)

4) Copy the id_dsa.pub file to ~/.ssh folder of your account in remote server.I do it as:

scp id_dsa.pub username@server_address:~/.ssh

[Don't forget the colon : ]

5) Now login to your remote server

ssh username@remote_address

6) append contents of file id_dsa.pub to the file named authorized_keys2 . follow this command:

cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys2

[ do this even if the file named authorized_keys2 is not found in .ssh folder ]

7) Ensure the permissions once more

chmod 700 ~/.ssh chmod 600 ~/.ssh/*

DONE..

Next time onwards when you login to the server it wont ask you the password.

//Feel free to ask any clarifications

NAUTILUS-OPEN-TERMINAL

This is an introduction to a package i feel most useful for me. nautilus-open-terminal. The package nautilus-open-terminal does just what you might guess it does. It allows you to launch a gnome-terminal whereever you want by a right-click within that folder..
Package description says: "nautilus-open-terminal is a proof-of-concept Nautilus extension
which allows you to open a terminal in arbitrary local folders."

To install:
sudo apt-get install nautilus-open-terminal
And then restart nautilus(First quit nautilus using nautilus -q and press ALT+F2 and type nautilus ).
Done.
Afterwards you’ll have a “open terminal” button on your right-click menu anywhere within nautilus or gnome-desktop area. Enjoy.