Free Linux Tutorials

Installation & Setup of Free Tacacs+ server in Linux
(Tested via GNS3 & VirtualBox)

Software Used:

GNS3 0.8.3.1
-use 3700 IOS as Router & DHCP
-use Ethernet switch to connect hosts
-use VirtualBox guest running on Ubuntu Linux server 12.04.2 LTS

http://shrubbery.net/tac_plus/

Installation:

1.Login as root and install dependencies such as tcp wrappers and compilation tools e.g. gcc, bison, flex, make

If you’re not sure if these packages are installed, you can use the command:

dpkg -s [packagename]

Sample:

root@freelinux:~# dpkg -s gcc bison flex

Package `gcc’ is not installed and no info is available.

Latest stable Linux kernel  is now ready for download on Linux Kernel archives or kernel.org. #linux

http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.6.8.tar.bz2

For the tutorial “Securing your OpenSSH server in Linux” , key-based authentication is one way to secure your SSH server. Below are the details how it’s done:

Users can login remotely to Secure Shell(SSH) server using public/private key without typing the password. This can put added security on your boxes as it reduces password cracking attempts. Aside from that, it will give convenience to users especially if running scripts that require SCP or SFTP transfers.

These are the steps on doing this:

1. Generate a public/private key pair on the client to identify on the servers. It can be protected with password/passphrase or choose not to have

Secure Shell (SSH) is a program used to secure communication between two entities, often used as a replacement for Telnet and the Berkeley protocols such as remote shell (RSH) and remote login (Rlogin). SSH is also used as a secure remote copy utility, replacing traditional protocols such as the File Transfer Protocol (FTP) and Remote Copy Protocol (RCP).

For this tutorial, we are going to demonstrate steps on securing your OpenSSH which is a free version of the SSH protocol suite.

Note: Steps 1-9 can be done by  tweaking your sshd_config and do ssh service restart after changes to take effect.

Linux comes with a built-in syslog package that you can use as a centralized syslog server. Basically, it can be used to send all log files from your network devices or appliances in a remote and centralized location. There are also some popular syslog packages for Linux that you can use  such as syslog-ng,rsyslog & splunk syslog server which all offers more features and flexibility.

On this tutorial, we are going to use the syslogd/sysklogd server which is a multi-platform and proven stable software.

[Syslog Server]

1.verify if the sysklogd package is installed.

Important note to remember:
a. capture it in full length, using the -s 0 options
b. save it in a file, better to make the extension as .pcap so wireshark can associate directly

1.Identify which interface you want to listen to

[root@freelinux tmp]# ifconfig 

eth0 Link encap:Ethernet HWaddr 08:00:27:72:24:E6
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe72:24e6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:942 errors:0 dropped:0 overruns:0 frame:0
TX packets:612 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:78095 (76.2 KiB) TX bytes:198882 (194.2 KiB)
Interrupt:10 Base address:0xd020

2. Run “tcpdump” command with the following options. For instance, you want to monitor the DNS packets.Run:

There is some instance during the Linux installation that you did not bother to set the correct timezone for any reasons like sometimes you are just lazy to set it, you’re in a rush to finish what your boss want you to complete in that day, or you just don’t give a damn Seriously, timezone is a bit important especially if you have scheduled scripts that you intended to run.

Here are some ways to change your timezone depending on your Linux distribution:

for RHEL/CENTOS:

Assuming you have the default or current timezone as UTC and you would like to change it to Singapore timezone

There are few ways to set the date and time on Linux command line. In order to do this, you must login as root and execute the following methods as follow:

For you to remember the syntax, issue the command “date” first

[root@freelinux ~]# date 
Mon Aug 20 18:30:29 SGT 2012

Let say you want to change it to Sept 6, 2012, 3pm, just follow the pattern above

[root@freelinux ~]# date 090615002012
Thu Sep  6 15:00:00 SGT 2012

where as:
09 = month (September)
06 = day
15 = hour
00 = min
2012 = year

The following procedure will install and configure snmp daemon on your Redhat-based distribution such as CentOS & Fedora. Here are the steps:

1. Verify if snmp package is installed, there are few ways

[root@localhost ~]# rpm -qa | grep snmp

[root@localhost ~]# snmpwalk
-bash: snmpwalk: command not found

[root@localhost ~]# ls /etc/snmp*
ls: /etc/snmp*: No such file or directory

This mean net-snmp package is not installed yet

2. Install net-snmp & net-snmp-utils package via yum or up2date

Here’s one trick to do that:
Step 1. Install  FreeTDS

FreeTDS Website: http://www.freetds.org/ choose FreeTDS source distribution

Compile parameter: –prefix=/usr/local/freetds –enable-msdblib

Then, copy /etc/ld.so.conf, to /usr/local/freetds/lib; and then run ldconfig

Step 2. Change /usr/local/freetds/etc/freetds.conf

[sql2k]

host = your.mssql.server.ip
port = 1433
client charset = cp950
tds version = 8.0

b. tds version: 4.2 (for MS SQL Server 6.x); 7.0 (for 7.x); 8.0 (for 2000)

Step 3. Test FreeTDS connect to MS SQL Server

#cd /usr/local/freetds/bin
#./tsql -S sql2k -U sa
1> use mydatabase
2> select * from mytable
3> go