At some point I counted my DROP rules in my firewall and the result was kinda frightening. A lot of subnets and even more IPs… What was really annoying was that there were a lot of IP addresses which belonged to an already blocked subnet, so I needed a script to check this for me. … Continue reading Check if an IP is in a subnet
A while ago I had to renew the SSL certificate for a website I’m taking care of. How do I verify that a private key matches a certificate? [codesyntax lang=”bash”] openssl x509 -noout -modulus -in server.crt | openssl md5 openssl rsa -noout -modulus -in server.key | openssl md5 [/codesyntax] How do I verify that a … Continue reading (openssl) verify that a private key matches a certificate
dnsmasq is a lightweight DNS, TFTP, PXE, router advertisement and DHCP server. It is intended to provide coupled DNS and DHCP service to a LAN. From time to time dnsmasq decided to resolve some hosts over a VPN tunnel to their external IP address instead the internal one. This was quite annoying… After digging a … Continue reading How to disable dnsmasq on ubuntu based distribution
If you see [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) in you apache error.log file means you have created a cert that is intended to be used to sign other certs, but you’re using that cert as your SSL cert. So, it depends how you create the SSL cert. … Continue reading How to deal with “RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)” problem
This document describes a stealth method to externally open ports that, by default, are kept closed by the firewall. Server side 1. Install knockd [codesyntax lang=”bash”] apt-get install knockd [/codesyntax] 2. Configure knockd [codesyntax lang=”bash”] vim /etc/knockd.conf [options] UseSyslog [OpenClosePort] sequence = 2123:udp,3543:tcp,6454:udp seq_timeout = 5 Start_Command = /sbin/iptables -I INPUT -s %IP% -p tcp … Continue reading Set port knocking with knockd and iptables
This post describes all required steps to make your Raspberry Pi to act as a Access Point. Prerequisites: A Raspberry Pi, model B. A boot SD card for the Raspberry Pi. A USB WiFi device that supports “Access Point” mode. An Ethernet cable to connect to the local network. IMPORTANT NOTES: Please make sure you … Continue reading Use Your Raspberry Pi as Access Point
Setup a socks proxy (check this page for more details) on port 8888 (the port is not that important). Start chrome with the following parameters: [codesyntax lang=”bash”] chrome –proxy-server=”socks5://localhost:8888″ [/codesyntax] Also we can check if this works and run the following command on the SSH server. The tcpdump will show show dns traffic for any activity … Continue reading Force Chrome to tunnel DNS requests through a SSH socks proxy
This document describes the required steps to make a fully functional L2TP/IPSEC PSK VPN PSK (with pre-shared keys) on debian squeeze. L2TP/IPSec is an advanced protocol formally standardized in IETF RFC 3193 and now the recommended replacement for PPTP where secure data encryption is required. The L2TP payload is encrypted using the standardized IPSec protocol. … Continue reading Setting up a L2TP over IPSec VPN on Debian on 10 steps
This document describes how boot a Knoppix from PXE Server. I am assuming that you already setup PXE booting BEFORE you start doing this. If you don’t, and you have CentOS please read this page or if you have a Debian/Ubuntu please read this page. We are going to use Knoppix and a NFS server … Continue reading Knoppix – PXE boot install rescue
This document describes how to configure your CentOS 6.x linux to act as a NFS Server to share any directories on your Network Install required software [codesyntax lang=”bash”] yum install nfs-utils [/codesyntax] Configure NFS server [codesyntax lang=”bash”] vim /etc/idmapd.conf [/codesyntax] # line 5: uncomment and change to your domain name Domain = test.org Configure NFS … Continue reading How to setup a NFS server on CentOS 6