Expect Telnet Script – specific to Cisco devices

 Uncategorized  No Responses »
Jul 302008
 

This is a simple script written in Expectk. The purpose of this script is to allow entering the Telnet server name or address and the username/password combination (one time), then having the script open a telnet session, login to the Telnet server, then launch a telnet session from the telnet server to the device and drop you on a command prompt. As stated in the title, the prompts are what’s to be – expected (get it, expected, Expect script? – ahh, forget it :) – from a Cisco IOS device using username/password authentication.

Continue reading “Expect Telnet Script – specific to Cisco devices” »

 Posted by at 11:59 am  Tagged with: ,

Configuring IP on Linux from the Command Line (RedHat,CentOS,Fedora)

 Uncategorized  No Responses »
Jun 072008
 

Configuring IP on Linux from the Command Line
(RedHat,CentOS,Fedora)

This
guide assumes that you are adding an the IP on eth0. If you are doing this on
another Eth card (i.e. eth1) just adjust the eth numbers accordingly

 

Continue reading “Configuring IP on Linux from the Command Line (RedHat,CentOS,Fedora)” »

 Posted by at 2:10 pm  Tagged with: ,

Linux Guide to Free Tools for Network Engineers Part 2 -NMAP

 Uncategorized  No Responses »
May 292008
 

Ok. I’ve we’ve been getting some slaps via email for the delay in continuing this feature. You know we love this stuff too, but we also work for a living. And without those good old paychecks we can’t even pay the bills for this Community. Whew I didn’t know Linux folks could be so pushy. Oh wait, I take that back. Not that I’m saying the Co-Founder of LinuxDynasty is pushy at all 

Continue reading “Linux Guide to Free Tools for Network Engineers Part 2 -NMAP” »

 Posted by at 11:23 pm  Tagged with: ,

Linux Guide to Free Tools for Network Engineers

 Uncategorized  No Responses »
May 252008
 

Being and Network guy I had this idea (or if you speak to asanabria, he’ll probably say he had this idea) to show off the free tools built into that Linux that will help you in your day to day duties.

Now if you’ve already gotten familiar with Linux, you have an inkling of what’s to come. If your new to Linux, you’ve got some treats coming your way! The Linux guys in your shop will be familiar with a number of these tools, but there will be some that are not in the typical SysAdmin’s toolkit.

Since I’m running around doing chores today all you get – for the moment – is a little tease. Check this out.

Continue reading “Linux Guide to Free Tools for Network Engineers” »

 Posted by at 7:55 pm  Tagged with: ,

DSL/ADSL/XDSL – Installing/Configuring

 Uncategorized  No Responses »
May 172008
 

To Install/Configure DSL/ADSL On RedHat/Centos Linux

 

  1. Check to see if pppoe is installed
    rpm –qa | grep rp-pppoe
    if not then:
    yum install rp-pppoe
  2. After the install, run  adsl-setup
    and input your settings
  3. /sbin/ifup ppp0
    or adsl-start
  4. To stop your connection: adsl-stop
  5. To check the connection’s status: adsl-status

 

 Posted by at 2:44 pm  Tagged with: ,

SSH Blocking How To using Iptables

 Uncategorized  No Responses »
Feb 102008
 

This quick how to is for those linux admin/users who have there Linux server accessible to the outside world.

Don’t you hate when those bots start hitting you with a ssh dictionary attack??? Well block using IPTABLES.

    1. Here I will show you how to add the first rule in iptables…

    • The 1st rule we add is where we tell iptables to create a list called ssh_attempt and store the source ip of every recent ssh attempt on port 22 using tcp on interface eth0.
    • "iptables -A INPUT -i eth0 -p tcp -m tcp –dport 22 -m state –state NEW -m recent –set –name ssh_attempt –rsource"
    • step by step explanation..
    • iptables is the command that you use to enter the firewall rules in.
    • "-A INPUT" means APPEND to the INPUT chain
    • "-i eth0" means this rule will use the interface eth0
    • "-p tcp" means we are using the TCP protocol
    • "-m tcp" means we are matching the TCP protocol
    • "–dport 22" means we are matching based on the destination port 22
    • "-m state –state NEW" This rule will only apply to NEW incoming ssh connections not ESTABLISHED or RELATED.
    • "-m recent –set –name ssh_attempt –rsource" allows us to match packets based on recent events that we have previously matched and sets the name of the list , while saving the source ip address and port.
    2. In this step we will show you how to deny those bots..

    • "iptables -A INPUT -i eth0 -p tcp -m tcp –dport 22 -m state –state NEW -m recent –update –seconds 10 –hitcount 2 –name ssh_attempt –rsource -j DROP"
    • The only difference in this rule is these options.
    • "–update –seconds 10 –hitcount 1 –name ssh_attempt" This will match true if the source is available in the specified list and it also updates the last-seen time in the list. The "–seconds 10" match is used to specify how long since the "last seen". The "–hitcount 2" will limit the match to only include packets that have seen at least the hitcount amount of packets.
 Posted by at 11:55 pm  Tagged with: ,

How to setup a network interface

 Uncategorized  No Responses »
Feb 102008
 

I will try to make this tutorial as general as possible, as I can give you the REDHAT way of doing things as concerns to where REDHAT base systems maintain there networking files or Gentoo based systems…etc

    1. Lets start with the basics….

    • To view all your active network interface
      run this command "ifconfig"
      •   sabayon-dynasty ~ # ifconfigeth0      Link encap:Ethernet  HWaddr 00:0E:35:94:FB:D9inet addr:192.168.101.5  Bcast:192.168.101.255 Mask:255.255.255.0inet6 addr: fe80::20e:35ff:fe94:fbd9/64 Scope:LinkUP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1RX packets:2656195 errors:0 dropped:19 overruns:0 frame:0TX packets:1762149 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000RX bytes:3593125256 (3426.6 Mb)  TX bytes:144856589 (138.1 Mb)Interrupt:10 Base address:0xe000 Memory:e0200000-e0200fff
    • Or you can be specific and run (ifconfig and the interface name)"ifconfig eth0"
    2. Setup your network interfaces!

    • REDHAT WAYFor redhat based systems you will have to do this (assuming your network interface is eth0 and using DHCP)..
      "vi /etc/sysconfig/network-scripts/ifcfg-eth0"

      DEVICE=eth0BOOTPROTO=dhcpHWADDR=00:E0:81:24:CQ:82ONBOOT=yes
    • Now for a static ip setup (assuming eth0)..
      "vi /etc/sysconfig/network-scripts/ifcfg-eth0"

      DEVICE=eth0BROADCAST=192.168.101.255BOOTPROTO=staticHWADDR=00:E0:81:24:CQ:82IPADDR=192.168.101.5NETMASK=255.255.255.0NETWORK=192.168.101.0ONBOOT=yesTYPE=Ethernet
    • Now run this "service network restart" or run this "ifdown eth0" to make sure the interface is down, then "ifup eth0"
    3. GENTOO WAYFor gentoo based systems you will have to do this.

    • (assuming your network interface is eth0 and using DHCP)..
      "vi /etc/conf.d/net"

      config_eth0=( "dhcp" )dhcp_eth0="nosendhost"dns_domain_eth0="linuxdynasty"
    • Now for a static ip setup (assuming eth0)..
      "vi /etc/conf.d/net"

      config_eth0=( "192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255" )routes_eth0=("default via 192.168.0.1")   # IPv4 default route
    • Now run this "rc-update add net.eth0 default" so that it is in the default run level.
    • Now to get the interface up and running…
      "/etc/init.d/net.eth0 restart"
 Posted by at 11:52 pm  Tagged with: ,

How to log in IPTABLES

 Uncategorized  No Responses »
Feb 102008
 

Welcome again to LinuxDynasty.org. In this quick how to, we are going to show you how to get iptables to log when it drops packets.

    1. In the previous tutorial SSH BLOCKING HOW TO we showed you how to drop those pesky ssh attacks, well int his tutorial we are going to show you how to log those attacks. If you have not read the previous tutorial, then please read it now as I am not going to reexplain the options I used for blocking ssh attacks

    • Before we get into the iptables rules, lets make sure that what we are doing is going to log. First lets open up "/etc/syslog.conf" and add this entry 
      kern.*                          /var/log/firewall.log
    • Now restart your syslog daemon.. "/etc/init.d/syslog restart" (This is ofcourse assuming you are using Fedora or any other redhat base linux)
    • iptables -A INPUT -i eth0 -p tcp -m tcp –dport 22 -m state –state NEW -m recent –set –name ssh_attempt –rsource -j LOG –log-prefix "SSH connection attempt: "
    • As you can see this "-j LOG –log-prefix "SSH connection attempt: "" was appended to our previous SSH BLOCKING HOW TO. This is essentially logging all ssh attempts.
    • "-j LOG" This means to jump to the LOG chain in iptables.
    • "–log-prefix "SSH connection attempt: "" This is labeling the log with SSH connection attempt: ".
    2. That was basic logging, now we will get into some more options in logging.

    • Now lets say you want your logging to be more verbose. In iptables we can fix that by adding this entry in the rule.. –log-level 7. This is the highest level of logging (DEBUG LEVEL).
    • Now what if you logs are getting saturated by the second and overwhelming your processor? Well we can add limits also. Here is an example -m limit –limit 2/second –limit-burst 5. This will limit the logging to 2 entries per second and a max of 5 packets per second.
    3. So if we put it all together it would look like this..

    • iptables -A INPUT -i eth0 -p tcp -m tcp –dport 22 -m state –state NEW -m recent –set –name ssh_attempt –rsource -j LOG –log-level 7 -m limit –limit 2/second –limit-burst 5 –log-prefix "SSH connection attempt: "

There are a few more options that we can discuss on logging. If anybody wants to see them just leave a comment. If you liked the tutorial also please leave a comment. I will be adding a ULOG howto in the next day or so, which is my preferred way to log in iptables.

 Posted by at 11:45 pm  Tagged with: ,

How to change Duplexing/Speed

 Uncategorized  No Responses »
Feb 102008
 

In this tutorial we will show you how to view your speed/duplexing setting and also changing your duplexing/speed settings

    1. To view you interface settings, run this.."ethtool eth0"

      Settings for eth0:        Supported ports: [ TP MII ]        Supported link modes:   10baseT/Half 10baseT/Full                                100baseT/Half 100baseT/Full        Supports auto-negotiation: Yes        Advertised link modes:  10baseT/Half 10baseT/Full                                100baseT/Half 100baseT/Full        Advertised auto-negotiation: Yes        Speed: 100Mb/s        Duplex: Full        Port: MII        PHYAD: 1        Transceiver: internal        Auto-negotiation: on        Supports Wake-on: g        Wake-on: g        Current message level: 0x00000007 (7)        Link detected: yes

       

    • To change your settings for eth0 you will have to do this…
      "ethtool -s eth1 speed 100 duplex full autoneg off"
    • REDHATTo make these changes permanently you will have to append this ETHTOOL_OPTS="speed 100 duplex full autoneg off"to the /etc/sysconfig/network-scripts/ifcfg-eth0 file 
      DEVICE=eth0BROADCAST=192.168.101.255BOOTPROTO=staticHWADDR=00:E0:81:24:CQ:82IPADDR=192.168.101.5NETMASK=255.255.255.0NETWORK=192.168.101.0ONBOOT=yesTYPE=EthernetETHTOOL_OPTS="speed 100 duplex full autoneg off"
 Posted by at 11:43 pm  Tagged with: ,

How to add a virtual interface

 Uncategorized  No Responses »
Feb 102008
 

How to add Virtual Interfaces!!!

    1. Here we will show you how to add a virtual interface

    • To do this manually and not set it as default you will do this…
      "ifconfig eth0:0 192.168.101.6 netmask 255.255.255.0 up"
 Posted by at 10:41 pm  Tagged with: ,
© 2011 LinuxDynasty Suffusion theme by Sayontan Sinha

Warning: fopen(/home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/lib/standard.txt) [function.fopen]: failed to open stream: No such file or directory in /home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/plusone.php on line 104

Warning: fread(): supplied argument is not a valid stream resource in /home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/plusone.php on line 105

Warning: fclose(): supplied argument is not a valid stream resource in /home/dynasty/linuxdynasty.org/wp-content/plugins/wp-google-plus-one/plusone.php on line 106
.