Force syn date and time

21 05 2017

apt-get install tlsdate
tlsdate -H mail.google.com





Enable autologin in Debian with Systemd

19 05 2017

For allow autologin in a Debian system with systemd (very usefull with testing virtual machines):

Create dir:
mkdir /etc/systemd/system/getty@tty1.service.d/

Create file /etc/systemd/system/getty@tty1.service.d/override.conf with the following content:
[Service]
ExecStart=
ExecStart=-/sbin/agetty --autologin root --noclear %I $TERM

More info:
http://forums.debian.net/viewtopic.php?f=16&t=123694





Deny ssh access to one user

18 05 2017

If you want to deny the access of one user (or group) to a server via ssh, these are the steps for a Debian/Ubuntu server:

Add the user to /etc/security/access.conf
- : user1 : ALL

Assure that “/etc/ssh/sshd_config” have the following line (by default yes):
UsePAM yes

Assure that “/etc/pam.d/sshd” have uncommented the following line:
account required pam_access.so





Configure phpmyadmin for connect to RDS AWS MariaDB

30 03 2017

Ensure that “/etc/phpmyadmin/config-db.php” doesn’t haven any configured values:

$dbuser='';
$dbpass='';
$basepath='';
$dbname='';
$dbserver='';
$dbport='';
$dbtype='';

Create a new file with for your particular values in “/etc/phpmyadmin/conf.d/myconf.php”

<?phpConfigure phpmyadmin for connect to RDS AWS MariaDB
$cfg['Servers'][$i]['extension'] = 'mysql';
$cfg['Servers'][$i]['host'] = 'name.of.rds.amazonaws.com';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['compress'] = TRUE;

Go to the phpmyadmin website and log with the administrative account.

More info: http://stackoverflow.com/questions/4402482/using-phpmyadmin-to-administer-amazon-rds





Quick vsftp install and configuration

4 12 2016

This is the simple method for install and have a basic configuration for log into the ftp server with the local users of the system:
apt-get install vfstp
vi /etc/vsftpd.conf
Uncomment the following lines:
local_enable=YES
write_enable=YES

Restart the service and enjoy!
/etc/init.d/vsftpd restart





Testing virtual interface inside a namespace

12 09 2016

One virtual interface (veth0/1) into one namespace (blue) with internet conectivity

– First of all, enable ip forward:

echo 1 > /proc/sys/net/ipv4/ip_forward

– Create the virtual ethernet interface, a veth pair, and bring one side up:

ip link add veth0 type veth peer name veth1
ip link set veth0 up

– Create the network namespace, called blue, in which the other side of the veth is going to reside:

ip netns add blue

– Put the corresponding veth side, veth1, into the namespace. Take into account that the other side, veth0, reside in the system namespace:

ip link set veth1 netns blue

– Configure the veth1 with an IP address and bring it up. The command is executed inside the namespace:

ip netns exec blue ifconfig veth1 10.1.1.1/24 up

– Bring up lo interface too for avoid extrange problems:

ip netns exec blue ip link set dev lo up

– Create the bridge, called br0, and bring it up:

ip link add name br0 type bridge
ip link set br0 up

– Assign an IP address to the bridge interface for gain the level3 behaviour, if not, only works as level2:

ip addr add 10.1.1.254/24 dev br0

– Include the veth0, which is outside the namespace, into the bridge:

ip link set veth0 master br0

– Add a default route for the namespace inside it:

ip netns exec blue ip route add default via 10.1.1.254

– Add the iptables rules for allow NAT in the host system:

iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

– Test 1. Ping and traceroute from the host to the namespace:

ping -c1 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.063 ms

traceroute 10.1.1.1
traceroute to 10.1.1.1 (10.1.1.1), 30 hops max, 60 byte packets
1 10.1.1.1 (10.1.1.1) 0.051 ms 0.012 ms 0.010 ms

– Test 2. Ping and traceroute from the namespace to the bridge:

ip netns exec blue ping -c1 10.1.1.254
PING 10.1.1.254 (10.1.1.254) 56(84) bytes of data.
64 bytes from 10.1.1.254: icmp_seq=1 ttl=64 time=0.038 ms

ip netns exec blue traceroute 10.1.1.254
traceroute to 10.1.1.254 (10.1.1.254), 30 hops max, 60 byte packets
1 10.1.1.254 (10.1.1.254) 0.059 ms 0.013 ms 0.009 ms

– Test 3. Ping and traceroute from the namespace to internet:

ip netns exec blue ping -c1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=0.838 ms

ip netns exec blue traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.1.1.254 (10.1.1.254) 0.050 ms 0.012 ms 0.008 ms
...
9 google-public-dns-a.google.com (8.8.8.8) 0.884 ms 0.701 ms 0.681 ms

Two virtual interfaces (veth0/1 and veth10/11) into two different namespaces each one (blue and green) using the same subnet with internet conectivity

– Plus the steps done above…

– Create the virtual ethernet interface, and bring it up:

ip link add veth10 type veth peer name veth11
ip link set veth10 up

– Create the network namespace, and include the veth11 interface into it:

ip netns add green
ip link set veth11 netns green

– Include the veth10 into the bridge:

ip link set veth10 master br0

– Configure the veth11 with an IP address, bring it up, the same for lo, and add the default route to the bridge:

ip netns exec green ifconfig veth11 10.1.1.11/24 up
ip netns exec green ip link set dev lo up
ip netns exec green ip route add default via 10.1.1.254

– Test 4. Ping and traceroute from the blue namespace to the green:

ip netns exec blue ping -c1 10.1.1.11
PING 10.1.1.11 (10.1.1.11) 56(84) bytes of data.
64 bytes from 10.1.1.11: icmp_seq=1 ttl=64 time=0.059 ms

ip netns exec blue traceroute 10.1.1.11
traceroute to 10.1.1.11 (10.1.1.11), 30 hops max, 60 byte packets
1 10.1.1.11 (10.1.1.11) 0.055 ms 0.015 ms 0.015 ms

– Test 5. Ping and traceroute from the green namespace to the blue:

ip netns exec green ping -c1 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.068 ms

ip netns exec green traceroute 10.1.1.1
traceroute to 10.1.1.1 (10.1.1.1), 30 hops max, 60 byte packets
1 10.1.1.1 (10.1.1.1) 0.060 ms 0.010 ms 0.008 ms

– Test 6. Ping and traceroute from green namespace to internet:

ip netns exec green ping -c1 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=0.804 ms

ip netns exec green traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 10.1.1.254 (10.1.1.254) 0.073 ms 0.010 ms 0.007 ms
...
9 google-public-dns-a.google.com (8.8.8.8) 0.663 ms 0.726 ms 0.680 m





Install VMWare Tools in Debian – 2016

1 09 2016

Since the supoort for the official and propietary VMWare Tools shiped from VMWare are ended in favour of the Open VM Tools, the execution of the “vmware-install.pl” script passed away.

The official document pointed to this change is the “VMware support for Open VM Tools (2073803)”, highlightning from there the following lines:

– VMware recommends using OVT redistributed by operating system vendors.
– VMware fully supports virtual machines that include OVT redistributed by operating system vendors, which is done in collaboration with the OS vendor and OS communities. However, the operating system release must be published as certified by the specific VMware product in the online VMware Compatibility Guide.
– VMware provides assistance to operating system vendors and communities with the integration of open-vm-tools with OS releases.
– VMware fully supports virtual appliances that include OVT , which is done in collaboration with the virtual appliance vendor.
– VMware does not recommend removing OVT redistributed by operating system vendors.

So, now, installing Open VM Tools is as easier as other package:

# apt-get install open-vm-tools

https://packages.debian.org/search?keywords=open-vm-tools

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2073803