Cisco ASA- Automatic Redistribute of VPN Static Routes

 Uncategorized  No Responses »
Apr 292008
 

When configuring an ASA for VPN tunnels I like to use the "Reverse Route Injection" feature. This feature automatically installs static routes to destinations defined in your Site-to-Site vpn profiles.

That makes it very easy to automatically inject routes to VPN sites into the routing protocol used on the internal network.

The way I’ve done it below is simple but powerful. Everytime a new Site-to-Site VPN comes up, the routes are automatically redistributed.

***Note – It was necessary to filter the default static route from the redistribution because it also points to the "outside" interface. The default static route is only for use in routing traffic that flows through this ASA. It must not be redistributed to the internal network.

Continue reading “Cisco ASA- Automatic Redistribute of VPN Static Routes” »

How to remove the last character of every filename in a directory

 Uncategorized  No Responses »
Apr 292008
  
#!/usr/bin/env python
#Created by LinuxDynasty
import os, re, sys

os.chdir(sys.argv[1])
ls = os.listdir('./')
for file_o in ls:
  file_n = re.sub("w.", ".", file_o)
  os.rename(file_o, file_n)

print os.listdir("./")

Continue reading “How to remove the last character of every filename in a directory” »

Script to locate, edit Apache VirtualHost entries

 Uncategorized  No Responses »
Apr 282008
 

#!/usr/bin/perl
# Author: Christopher Hahn, 2006

sub usage {
print STDERR <<EOT;
usage:
$0 <match> [<path> [...]]

Find and edit Apache virtual hosts matching <match>

<path> Path to an Apache conf to edit.
If a directory, equivalent to all files in <path>/
If omitted, "./" is assumed

<match> is a PERL regular expression to match against ServerName or
ServerAlias for the virtual host entry you want to edit.

If <match> is not found and <path> evaluates to a single file (extant or not)
a template is provided to append a VirtualHost to the file.
EOT

die "n";
}

Continue reading “Script to locate, edit Apache VirtualHost entries” »

Generate MAC addresses for XEN using shell

 Uncategorized  No Responses »
Apr 282008
 

#!/bin/bash
# Generate unique valid XEN MAC addresses in shell, ’cause it’s faster ;)
# Xen MAC’s begin with 00:16:3e

declare -i num=”${1:-0}”
until [[ $num -gt 0 ]]; do
read -p “How many MAC’s do you want to generate? ” num
done

declare -a macs=( )

while [[ $num -gt 0 ]]; do
mac=$(printf ‘%02x:%02x:%02x’ $((RANDOM % 256)) $((RANDOM % 256)) $((RANDOM % 256)))

for i in “${macs[@]}”; do
[[ $mac = $i ]] && continue 2
done

macs[${#macs[*]}]=$mac
echo 00:16:3e:$mac
num=$((num-1))
done

idoit – Run commands based on input records

 Uncategorized  No Responses »
Apr 282008
  
#!/bin/bash
# Execute commands locally or remotely based on fields in records.

# Only supports single-character record separators, but field delimiters may be
# many characters (and that's probably a good idea).

# Author: Christopher Hahn, Apr 2008

 Continue reading “idoit – Run commands based on input records” »

Restricting Telnet Access To/From a Cisco Router/Switch

 Uncategorized  No Responses »
Apr 272008
 

This simple setup has two components:

1) An Access List that defines source and destination IP addresses for the session
2) The command under the vty lines that references the Access List

In the examples below the router IP Address is 192.168.1.1

Example (Telnet to Router/Switch):

access-list 100 remark allow hosts on the 192.168.1.0/24 network to telnet to the router/switch
access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.1 eq 23

line vty 0 4
access-class 100 in

Example (Telnet from Router/Switch):

access-list 101 remark allow the router/switch to telnet to hosts on the 192.168.1.0/24 network
access-list 101 permit tcp host 192.168.1.1 192.168.1.0 0.0.0.255 eq 23

line vty 0 4
access-class 101 out

The inbound and and outbound access can be combined as follows:

line vty 0 4
access-list 100 in
access-list 101 out

Restricting Telnet Access To/From a Cisco Router/Switch

 Uncategorized  No Responses »
Apr 272008
 

This simple setup has two components:

1) An Access List that defines source and destination IP addresses for the session
2) The command under vthe vty lines that references the Access List

In the examples below the router IP Address is 192.168.1.1

Example (Telnet to Router/Switch):

access-list 100 remark allow hosts on the 192.168.1.0/24 network to telnet to the router/switch
access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.1 eq 23

line vty 0 4
access-class 100 in

Example (Telnet from Router/Switch):

access-list 101 remark allow the router/switch to telnet to hosts on the 192.168.1.0/24 network
access-list 101 permit tcp host 192.168.1.1 192.168.1.0 0.0.0.255 eq 23

line vty 0 4
access-class 101 out

The inbound and and outbound access can be combined as follows:

line vty 0 4
access-list 100 in
access-list 101 out

Basic TCP Connectivity

 Uncategorized  No Responses »
Apr 272008
 

TCP

Create a connection

It uses a three-way handshake

  1. The
    client [a machine/device requesting a service/connection] sends a SYN flag
    & the server port number of the service it wants to communicate (i.e.
    Port 80 for http/web services)
    The packet also includes the client’s Initial Sequence Number (ISN)
  2. Server
    – Resplies with it’s own SYN flag & ISN to the client’s TCP port
    An ACK flag is included in the packet in reply to the client’s SYN flag
  3. Client
    replies with an ACK flag that acknowledges the server’s SYN Flag


Terminate a
connection

After all data is sent or session no longer needs the
session is terminated. This can be done either by client or server. Here is an
example of what is called an active
close

  1. The
    application (i.e. Web browser –Firefore) on the client sends a close command to the application
    (i.e. Web Server – Apache) on the
    server
  2. Server
    sends a FIN flag to client
  3. Client
    sends an ACK flag to acknowledge the FIN flag
  4. Client
    sends a FIN flag to server
  5. Server
    replies with ACK flag –acknowledging the termination of the TCP connection

Flags used in TCP
Connections?

SYN Synchronized sequence number
FIN Sender FINished sending data –end connection
RST Reset Connection
PSH Push the data
ACK Acknowledgment
URG Urgent

Discovered Zenoss Devices

 Zenoss  No Responses »
Apr 262008
 

For those Zenoss users out there, this script will send a emailof devices that are in the discovered class.

So once you receive this email you will know that you need to move those devices into there appropriate classes.


#!/bin/env python
#Copyright (C) 2008  Allen Sanabria

#This program is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.

#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#GNU General Public License for more details.

#You should have received a copy of the GNU General Public License along
#with this program; if not, write to the Free Software Foundation, Inc.,
#51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
##############################################################
#Created by Allen Sanabria aka LinuxDynasty aka PrNino69
#This script is to check how many devices are in the
#Discovered Class
#Started Nov 28th
#Completed, Nov 28th
##############################################################

import os, sys
from re import sub
from string import split
from string import join
from urllib import urlopen
from smtplib import SMTP
from time import sleep


user = "zenoss"
passwd = 'zenoss'
util = '@zenoss'
base = "http://%s:%s%s:8080" % (user,passwd,util)
discovered_url = urlopen(base+'/zport/dmd/Devices/Discovered/getSubDevices').read()
discovered_sub = sub("<Device at /zport/dmd/Devices/Discovered/devices/|>|^[|]$|,", "", discovered_url)
discovered_list = list(split(discovered_sub))


message = """nThe boxes below were discovered in the last run of zendisc.nThey are all located under /Devices/Discovered Class.n
                     Please move Devices to appropriate Device class, if one does not exist please create one.n
                     This script runs on the zenoss (cc17-22) server."""
devices = sub(",|[|]", "n", str(discovered_list))
BODY = join((message, devices),"n")
print BODY
FROM = "zenoss@linuxdynasty.org"
TO = "sa@linuxdynasty.org"
SUBJECT = "Devices That Were Discovered During The Network Scan!"
body = join(("From: %s" % FROM, "To: %s" % TO, "Subject: %s" % SUBJECT, "", BODY), "n")
server = SMTP('localhost')
server.set_debuglevel(1)
server.sendmail(FROM, [TO], body)
sleep(10)
server.quit()

How to generate MAC Addresses for XEN

 Blog  No Responses »
Apr 232008
  
#!/usr/bin/env python# Quick Python script to generate random valid MAC address for XEN Domains#Copyright (C) 2008 Allen Sanabria #This program is free software; you can redistribute it and/or modify#it under the terms of the GNU General Public License as published by#the Free Software Foundation; either version 2 of the License, or#(at your option) any later version. #This program is distributed in the hope that it will be useful,#but WITHOUT ANY WARRANTY; without even the implied warranty of#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the#GNU General Public License for more details. #You should have received a copy of the GNU General Public License along#with this program; if not, write to the Free Software Foundation, Inc.,#51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.# This address range is reserved for use by Xen 00:16:3E# I'm importing the function choice of the random module# The reason for this is so that it will pick a random character from the string I gave it to generate a valid MAC for XEN
from random import choice
from sys import stdin

def x():  
    X = choice("0123456789ABCDEF")  
    return str(X)

print "Enter how many MAC Addresses do you want me to generate: "
mac = stdin.readline()
mac_list = []
for i in range(int(mac)):  
    mac_list.append("00:16:3E"+":"+x()+x()+":"+x()+x()+":"+x()+x())
for con in range(len(mac_list)):  
    while mac_list.count(mac_list[con]) > 1:    
        print "OH NOOO DUPPPE "+mac_list[con]    
    mac_list.pop(con)    
    mac_list.insert(con, "00:16:3E"+":"+x()+x()+":"+x()+x()+":"+x()+x())  
    print mac_list[con]

 

OUTPUT

python random1.py
Enter how many MAC Addresses do you want me to generate:
5
00:16:3E:09:EB:6F
00:16:3E:5E:4B:AE
00:16:3E:E0:EC:F9
00:16:3E:CF:2A:AE
00:16:3E:A9:D8:DB

Warning: fopen(/home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/lib/standard.txt) [function.fopen]: failed to open stream: No such file or directory in /home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/plusone.php on line 104

Warning: fread(): supplied argument is not a valid stream resource in /home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/plusone.php on line 105

Warning: fclose(): supplied argument is not a valid stream resource in /home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/plusone.php on line 106
.