20090731
I might as well be hanged/hung for a sheep as a lamb
!, I might as well be hanged/hung for a sheep as a lamb.
something that you say when you are going to be punished for something so you decide to do something worse because your punishment will not be any more severe
Usage notes: In the past, people who stole lambs were killed, so it was worth stealing something more because there was no worse punishment.
YOU MIGHT AS WELL BE HUNG FOR A SHEEP AS A LAMB’
something that you say when you are going to be punished for something so you decide to do something worse because your punishment will not be any more severe
Usage notes: In the past, people who stole lambs were killed, so it was worth stealing something more because there was no worse punishment.
YOU MIGHT AS WELL BE HUNG FOR A SHEEP AS A LAMB’
20090728
Linux tips - Part 1
# Mounting ISO files on Linux
mkdir /mnt/mountpoint
mount -o loop -t iso9660 filename.iso /mnt/mountpoint
cd /mnt/mountpoing
#
# Certificate generation on linux box
openssl genrsa -des3 -out nameofkey.key 1024
openssl req -new -key nameofkey.key -out nameofkey.csr
openssl req -new -key nameofkey.key -x509 -out nameofkey.crt
## Mounting windows network share on linux system
smb mountsmbmount \\\\hostname.network.com \\username /localmountpoint -o username="username" ,password="password"
## Setting up hostname for http/apache webserver error
echo HOST.DOMAIN.com > /etc/hostname
/bin/hostname -F /etc/hostname
edit /etc/hosts
10.x.y.z \t host.domain.com \t host
restart apache after making changes in /etc/hosts file.
mkdir /mnt/mountpoint
mount -o loop -t iso9660 filename.iso /mnt/mountpoint
cd /mnt/mountpoing
#
# Certificate generation on linux box
openssl genrsa -des3 -out nameofkey.key 1024
openssl req -new -key nameofkey.key -out nameofkey.csr
openssl req -new -key nameofkey.key -x509 -out nameofkey.crt
## Mounting windows network share on linux system
smb mountsmbmount \\\\hostname.network.com \\username /localmountpoint -o username="username" ,password="password"
## Setting up hostname for http/apache webserver error
echo HOST.DOMAIN.com > /etc/hostname
/bin/hostname -F /etc/hostname
edit /etc/hosts
10.x.y.z \t host.domain.com \t host
restart apache after making changes in /etc/hosts file.
GRE tunnel between two linux boxes
host1 - 10.x.y.h1
ip tunnel add interfacegre3 mode gre remote 10.x.y.h2 local 10.x.y.h1
ip addr add 10.0.30.1 dev interfacegre3
ip link set interfacegre3 up
ip route add 10.0.40.0/24 dev interfacegre3
ifconfig interfacegre up
host2 - 10.x.y.h2
ip tunnel add interfacegre4 mode gre remote 10.x.y.h1 local 10.x.y.h2
ip addr add 10.0.40.1 dev interfacegre4
ip link set interfacegre4 up
ip route add 10.0.30.0/24 dev interfacegre4
ifconfig interfacegre up
# use this only to remove the greinterface
ifconfig interfacegre down
ip link set interfacegre down
ip tunnel del interfacegre
ip tunnel add interfacegre3 mode gre remote 10.x.y.h2 local 10.x.y.h1
ip addr add 10.0.30.1 dev interfacegre3
ip link set interfacegre3 up
ip route add 10.0.40.0/24 dev interfacegre3
ifconfig interfacegre up
host2 - 10.x.y.h2
ip tunnel add interfacegre4 mode gre remote 10.x.y.h1 local 10.x.y.h2
ip addr add 10.0.40.1 dev interfacegre4
ip link set interfacegre4 up
ip route add 10.0.30.0/24 dev interfacegre4
ifconfig interfacegre up
# use this only to remove the greinterface
ifconfig interfacegre down
ip link set interfacegre down
ip tunnel del interfacegre
Syslog-ng - mailing options
source s_local { unix_stream("dev/log"); internal(); };
filter f_denials { match("[Dd]enied[Ff]ail"); };
destination d_mailtoraj { program("/usr/local/sbin/mailtoraj.sh"); };
log { source(s_local);
filter(f_denials);
destination(d_mailtoraj); };
#!/bin/bash# mailtoraj.sh#
while read line;
do
echo $line mail -s "Something weirdness on that Linux box" rajs@nowhere.com
done
filter f_denials { match("[Dd]enied[Ff]ail"); };
destination d_mailtoraj { program("/usr/local/sbin/mailtoraj.sh"); };
log { source(s_local);
filter(f_denials);
destination(d_mailtoraj); };
#!/bin/bash# mailtoraj.sh#
while read line;
do
echo $line mail -s "Something weirdness on that Linux box" rajs@nowhere.com
done
Cisco PIX - client access vpn configuration 6.x
vpn name - "nameofvpn"
access-list nonatacl permit ip 192.168.100.0 255.255.255.0 192.168.200.0 255.255.255.0
ip local pool "nameofvpnpool" 192.168.200.1-192.168.200.30
nat (inside) 0 access-list nonatacl
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 20 set transform-set myset
crypto map mymap 20 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication LOCAL
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup "nameofvpn" address-pool "nameofvpnpool "
vpngroup "nameofvpn" dns-server 192.16b.100.x - ip address of internal/external dns server
vpngroup "nameofvpn" default-domain test1.test.com
vpngroup "nameofvpn" split-tunnel nonatacl
vpngroup "nameofvpn" idle-time 1800
vpngroup "nameofvpn" password "vpngrouppassword"
Those terms within " " - change it according to your requirement along with ipaddress ranges
access-list nonatacl permit ip 192.168.100.0 255.255.255.0 192.168.200.0 255.255.255.0
ip local pool "nameofvpnpool" 192.168.200.1-192.168.200.30
nat (inside) 0 access-list nonatacl
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 20 set transform-set myset
crypto map mymap 20 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication LOCAL
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup "nameofvpn" address-pool "nameofvpnpool "
vpngroup "nameofvpn" dns-server 192.16b.100.x - ip address of internal/external dns server
vpngroup "nameofvpn" default-domain test1.test.com
vpngroup "nameofvpn" split-tunnel nonatacl
vpngroup "nameofvpn" idle-time 1800
vpngroup "nameofvpn" password "vpngrouppassword"
Those terms within " " - change it according to your requirement along with ipaddress ranges
Cisco PIX - Client access VPN configuration for 7.x
--------------------------------------------------------------------------
global (outside) 1 interface
access-list splittunnelacl standard permit 192.168.160.0 255.255.255.0
access-list nonat-vpnacl extended permit ip 192.168.160.0 255.255.255.0 192.168.165.0 255.255.255.0
ip local pool vpnpool 192.168.165.10-192.168.165.200 mask 255.255.255.0
nat (inside) 0 access-list nonat-vpnacl
nat (inside) 1 0.0.0.0 0.0.0.0
group-policy "vpn-group-policy" internal
group-policy "vpn-group-policy" attributes
dns-server value 192.168.160.x - specify the dns server ipaddress
default-domain value "somenetwork.somewhere.com"
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splittunnelacl
crypto ipsec transform-set my-set esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set my-set
crypto dynamic-map dynmap 10 set reverse-route
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 1000
tunnel-group "vpn-tunnel-group" type ipsec-ra
tunnel-group "vpn-tunnel-group" general-attributes
address-pool vpnpool
default-group-policy "vpn-group-policy"
tunnel-group "vpn-tunnel-group" ipsec-attributes
pre-shared-key "yourtunnelgrouppassword-enterhere"
Those terms within " " - change it according to your requirement along with ipaddress ranges.
global (outside) 1 interface
access-list splittunnelacl standard permit 192.168.160.0 255.255.255.0
access-list nonat-vpnacl extended permit ip 192.168.160.0 255.255.255.0 192.168.165.0 255.255.255.0
ip local pool vpnpool 192.168.165.10-192.168.165.200 mask 255.255.255.0
nat (inside) 0 access-list nonat-vpnacl
nat (inside) 1 0.0.0.0 0.0.0.0
group-policy "vpn-group-policy" internal
group-policy "vpn-group-policy" attributes
dns-server value 192.168.160.x - specify the dns server ipaddress
default-domain value "somenetwork.somewhere.com"
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splittunnelacl
crypto ipsec transform-set my-set esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set my-set
crypto dynamic-map dynmap 10 set reverse-route
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 1000
tunnel-group "vpn-tunnel-group" type ipsec-ra
tunnel-group "vpn-tunnel-group" general-attributes
address-pool vpnpool
default-group-policy "vpn-group-policy"
tunnel-group "vpn-tunnel-group" ipsec-attributes
pre-shared-key "yourtunnelgrouppassword-enterhere"
Those terms within " " - change it according to your requirement along with ipaddress ranges.
Subscribe to:
Posts (Atom)