DHCP Server – Fedora 10

April 20, 2009

Configuration file: /etc/dhcpd.conf

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#   see ‘man 5 dhcpd.conf’
#
#
ddns-update-style interim;
ignore client-updates;

subnet 192.168.100.0 netmask 255.255.255.0 {

# — default gateway
option routers            192.168.100.1;
option subnet-mask        255.255.255.0;

option domain-name        “milton.ca”;
option domain-name-servers    192.168.100.1;

#option ntp-servers        192.168.1.1;

range dynamic-bootp 192.168.100.10 192.168.100.20;
default-lease-time 7200;
max-lease-time 56800;
}

host freebsd2 {
hardware ethernet 08:00:27:9E:66:67;
fixed-address 192.168.100.252;
}

Set up the dhcpd for auto start on boot time

#chkconfig dhcpd on

You could also set up in which interface will dhcp server run in the file:

/etc/sysconfig/dhcpd

Func Verification Method – Release 0.9

April 18, 2009

Release 0.9 is done, now with glob integration !!!!

The new code is available at:

http://func.pastebin.com/f75c77458

—————————-

def verify(self, pattern=”, flatten=True):
“””
Returns information on the verified package(s).
“””
import rpm
import yum
from re import split
ts = rpm.TransactionSet()
mi = (ts.dbMatch() if pattern == ” else self.glob(pattern))
results = []
for hdr in mi:
name = hdr[‘name’] if pattern == ” else split(“\s”,hdr)[0]
if flatten:
yb = yum.YumBase()
pkgs = yb.rpmdb.searchNevra(name)
for pkg in pkgs:
errors = pkg.verify()
for fn in errors.keys():
for prob in errors[fn]:
results.append(‘%s %s %s’ % (name, fn, prob.message))
else:
results.append(“%s-%s-%s.%s” % (name, version, release, arch))
return results

—————————-

Now is possible in my method to verify all the packages on the system or even only one !

func-logo-small1

VPN with OpenSwan on Fedora 10 x64

April 12, 2009

The intention of this document is guide you step by step to install openswan on the Fedora Core 10.

=Hardware=

Toshiba Laptop Core 2 Duo with 4 GB of ddr2 667.

=Operational System=

Fedora Core 10 x64
*Default configurations
*Updated

=Installation Process=

To install Openswan in both computers, follow the steps bellow:

==Packages to Install==
*openswan
*ipsec-tools
*curl

#yum -y install openswan ipsec-tools curl

==Generate the keys==

To generate the keys, type the command:
#ipsec newhostkey –output /etc/ipsec.d/keys.secrets –bits 2048 –hostname play2.milton.ca

Remember to do the same procedure in both computers with the proper information.

After that edit the key file and copy the part with the public key and past in the /etc/ipsec.conf, also go to computer B, take its public key and past it in the configuration file.

”’Both computers must have the same configuration file”’

The configuration file of openswan is:

==/etc/ipsec.conf==

# /etc/ipsec.conf – Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
protostack=netkey
# Debug-logging controls: “none” for none, “all” for lots.
klipsdebug=all
#plutodebug=”control parsing”
plutodebug=all
nat_traversal=no
uniqueids=yes
interfaces=”ipsec0=eth0″ # interface that connects the computers

# VPN connections
conn play2
type=tunnel
# Left security gateway, subnet behind it, next hop toward right.
left=200.199.1.1 # output ip of computer A
leftsubnet=192.168.0.0/24 # subnet computer A
# RSA 2048 bits
leftrsasigkey=0sAQNj2pqKQARhiLkYakKhMJoovBacqR+6xh//2Bw2ZsgbOzl+wE5JOlFfTdD8Q+hWnyuULTl9c8O5fkrBcdDGWggF
leftnexthop=200.199.1.1 # gateway of computer A
leftsourceip=192.168.0.1 # internal ip of computer A
rightnexthop=200.199.1.2 # gateway of computer B
# Right security gateway, subnet behind it, next hop toward left.
right=200.199.1.2 # output ip of computer B
rightsubnet=172.16.1.0/24 # subnet of computer B
rightsourceip=172.16.1.1 # internal ip of computer B
# RSA 2048 bits
rightrsasigkey=0zAQOJBXgYPyV3nJ9vxExcYfQd6PfWsVA6ubzZSUDYKdp/TGyvDRcDD43FwqPcKAD+0SAOc/w8b1QdWPY5gBoS0MdB
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
authby=rsasig
auto=add # former argumet = start

include /etc/ipsec.d/*.conf

=Configuring Additional Steps on the OS=

Create the following shell script in the folder /etc/rc.d/ and named it ”’vpn.sh”’

==/etc/rc.d/vpn.sh==

#!/bin/bash
#Thanks Nestor for the script

echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $f; done
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $f; done

==Add a line in /etc/rc.d/rc.local==
/etc/rc.d/vpn.sh

*Give the proper permissions in the file: #chmod +x /etc/rc.d/vpn.sh

==Initializing openswan==
#service ipsec start

==Verifying the Status==

#service ipsec status

or

#ipsec verify

==Activate the service on boot time==
#chkconfig –level 3 ipsec on

=Final Steps=

==Conectivity Test==

From computer A, try to ping computer B

If it was successfully you vpn is working fine.

Now Let’s stop the vpn
# service ipsec stop

From computer A, try to ping computer B again.

At this moment you are not supposed to ping computer B.

Then start ipsec and try ping from both computers.

To make sure everything is working properly, reboot the computer and repeat all tests.

The ”’tcpdump tool”’ could capture some traffic, just to make sure the traffic is encrypted.

=Logs=
The Logs for the OpenSwan can be accessed at:
/var/log/secure
and
/var/log/messages

=Final Consideration=

Sometimes the files are not  blog friendly, then I have another version of this tutorial available in a wiki format:

http://zenit.senecac.on.ca/wiki/index.php/Milton-vpn-openswan

logo_fedoralogo1

openswanlogo

Func Verification Method – Release 0.9 Beta

April 7, 2009

Release 0.9 Beta of the Verification Method is done, the support for glob queries in the code has been added.

http://zenit.senecac.on.ca/wiki/index.php/Func/Rpms_Module_-_Function_Verify

http://func.pastebin.com/f59ccf2f7

def verify(self, pattern=”, flatten=True):
“””
Returns information of the verification of all installed packages.
“””
print “”
# For some reason, if this print is removed, the previous one does not happen until the lines after this have been evaluated. – Greg.
ts = rpm.TransactionSet()
mi = (ts.dbMatch() if pattern == ” else self.glob(pattern))
results = []
for hdr in mi:
name = hdr[‘name’] if pattern == ” else split(“\s”,hdr)[0]
if flatten:
yb = yum.YumBase()
pkgs = yb.rpmdb.searchNevra(name)
for pkg in pkgs:
errors = pkg.verify()
for fn in errors.keys():
for prob in errors[fn]:
results.append(‘%s %s %s’ % (name, fn, prob.message))
else:
results.append(“%s-%s-%s.%s” % (name, version, release, arch))
return results

I would like to thank Greg for his help.

func-logo-small1

Cool Linux Command

April 4, 2009

tail -f /var/log/secure -n 200 | less

It will keep showing the new content in the file and at the same time you will be able to see the previous screen and everything from “less”.

Func Verification Method – Release 0.8

April 4, 2009

Lot of work has been done for this release, but now I have the 0.8 working smoothly. I also participated in the effort to created a new module called “packages” that will substitute the rpm module and the yum module.

The Code is available at: http://matrix.senecac.on.ca/~mpaivaneto/packages.py or http://func.pastebin.com/f215bec3b

func-logo-small1

Func Verification Method – Release 0.7

March 19, 2009

I am working in a method to verify the installed packages for the rpms module.

I checked python api and there isn’t any buildin method I could use, but I checked yum api and I found something interesting,

The output with the external command was:

S.?…..    /usr/sbin/groupmod
prelink: /usr/sbin/useradd: at least one of file’s dependencies has changed since prelinking
S.?…..    /usr/sbin/useradd
prelink: /usr/sbin/userdel: at least one of file’s dependencies has changed since prelinking
S.?…..    /usr/sbin/userdel
prelink: /usr/sbin/usermod: at least one of file’s dependencies has changed since prelinking
S.?…..    /usr/sbin/usermod

While the output with the yum api is:

/usr/sbin/userdel – checksum does not match
/usr/sbin/userdel – size does not match
/usr/sbin/groupdel – checksum does not match
/usr/sbin/groupdel – size does not match
/etc/login.defs – mtime does not match
/etc/login.defs – checksum does not match
/etc/login.defs – size does not match
/usr/bin/newgrp – checksum does not match

I intend to work now to allow the verification for only one package each time adding support for rpms.glob(). When its done the plan is to merge the yum module with the rpm module and create a new module called “packages”.

The current code  is:
http://func.pastebin.com/m523b93ac

def verify(self, flatten=True):
“””
Returns information of the verification of all installed packages.
“””
import yum
ts = rpm.TransactionSet()
mi = ts.dbMatch()
results = []
for hdr in mi:
name = hdr[‘name’]
if flatten:
yb = yum.YumBase()
pkgs = yb.rpmdb.searchNevra(name)
for pkg in pkgs:
errors = pkg.verify()
for fn in errors.keys():
for prob in errors[fn]:
results.append(‘%s %s %s’ % (name, fn, prob.message))
else:
results.append(“%s-%s-%s.%s” % (name, version, release, arch))
return results

Feel free to give me some ideas or comments, thanks.

func-logo-small1

VirtualBox – Cloning a Virtual Machine

March 17, 2009

The folder who store the DVI files is:

~/.VirtualBox/HardDisks

Just go there

$ cd ~/.VirtualBox/HardDisks

And type the following command to clone the virtual machine

$VBoxManage clonehd SOURCE.VDI DESTINATION.VDI -format VDI

Now enter at VirtualBox, -> new -> next -> type the name and kind of vm -> amount of memory ->

virtual harddisk – click on existing -> add -> and then select your new VDI file.

Have fun !

96px-virtualbox_logo

Sun VirtualBox – After a Kernel Update

March 11, 2009

Always after update the kernel of my Fedora 10 x64, VirtualBox stop working. The problem I found was that VirtualBox requires  a module to be compile for the new kernel.

To avoid all of the work to build the new module, I found a fast and effective solution:

After update to the new kernel, boot from it, open the shell the type:

# /etc/init.d/vboxdrv setup

This command will build a fresh new module for the current kernel.

96px-virtualbox_logo

Func Verification Method – Release 0.6

March 7, 2009

Release 0.6 is available in the wiki page of my project:

http://zenit.senecac.on.ca/wiki/index.php/Func/Rpms_Module_-_Function_Verify

func-logo-small1