twitter
    Find out what I'm doing, Follow Me :)

Wednesday, December 5, 2012

Howto: Squid proxy authentication using ncsa_auth helper Centos 6.2


Configure an NCSA-style username and password authentication
1.htpasswd -c /etc/squid/passwd user1
2.chmod o+r /etc/squid/passwd

 Locate nsca_auth authentication helper
 If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
3. rpm -ql squid | grep ncsa_auth

4.add below line in the TOP of squid.conf file. Remember on the TOP.

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

(Add this to the bottom of the ACL section of squid.conf)
acl ncsa_users proxy_auth REQUIRED 
(Add this at the top of the http_access section of squid.conf)
http_access allow ncsa_users 

e.g.
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl ncsa_users proxy_auth REQUIRED

# Only allow cachemgr access from localhost
http_access allow ncsa_users
http_access allow manager localhost
http_access allow our_networks
http_access deny manager

5. /etc/init.d/squid restart

Posted by at No comments:

Wednesday, April 20, 2011

NTP SERVER AND CLIENT CONFIGURATION

====================================================================
Configure NTP Server
====================================================================
Note: NTP server IP:192.168.2.40
         NTP client2 IP: 192.168.2.2
         NTP client2 IP: 192.168.2.2

# Make sure to install ntp

** Step To create NTP server

# chkconfig ntpd on

# edit /etc/ntp.conf

    --> add this line :

                             peer 192.168.2.2
                             peer 192.168.2.3

# edit /etc/sysconfig/iptables

    --> please enable port 123

# restart ntpd

    --> /etc/init.d/ntpd restart

# restart firewall

    --> /etc/init.d/iptables restart
=======================================================================
** To configure NTP client to syn with NTP server
=======================================================================
# edit /etc/ntp.conf

    --> add this line :

                        restrict 192.168.2.40 mask 255.255.255.0 nomodify notrap noquery
  
                        server 192.168.2.40

                        ** comment out others restrict ..... mask 255.255.255.0 nomodify notrap noquery

# edit /etc/ntp/ntpservers

    --> add this line :

                        192.168.2.40

                        ** comment out others server IP/url

# edit /etc/ntp/step-tickers

    --> add this line :

                        192.168.2.40


# edit /etc/sysconfig/iptables

     --> please enable port 123

# restart ntpd

      --> /etc/init.d/ntpd restart

# restart firewall

      --> /etc/init.d/iptables restart

# fire this command to set the local date and time:

                       ntpdate -u server_IP

# fire this command to query the NTP server-client synchronisation:

                       ntpq -pn

****************************************************************************
****************************************************************************
TESTING

SERVER
# update the time and date

CLIENT
# fire command : ntpdate -u 192.168.2.40
# fire comamnd : ntpq -pn

Creadit to chikaro Natrah

Posted by at No comments:

Friday, April 15, 2011

SSL LDAP how to in Centos

1.Install LDAP
# yum install openldap-servers openldap-clients nss_ldap

2.Copy DB_CONFIG
#cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG

3.Created encrypted password for slapd
# slappasswd
{SSHA}372BLnDbuRFpPdQpKi2SRISPaoQEcQW9

4.copy and pasted above encrypted password into slapd.conf
# rootpw                {crypt}ijFYNcSNctBYg    <--------------replace here

5.Change rootDN and suffix accordingly like below example
suffix          "dc=ezmcom,dc=com"
rootdn        "cn=Administrator,dc=ezmcom,dc=com"
6.uncomment below parts
#vi /etc/openldap/slapd.conf
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

7.edit ldap.conf file and change to
#vi /etc/openldap/ldap.conf
base dc=ezmcom,dc=com
uri ldap://127.0.0.1:636
TLS_CACERTDIR /etc/openldap/cacerts   
ssl start_tls

8.Generate an RSA key using below command.
#openssl genrsa -out cert.key 1024
#openssl req -new -key cert.key -out cert.csr
Note:common name should match with ur suffix dc (ezmcom)

9.Generate self-signing certificate using below command
#openssl x509 -req -in cert.csr -days 365 -signkey cert.key -out cert.crt

10.restart ldap
#/etc/init.d/ldap restart

Credit to chikaro Natrah. ehehe
Posted by at No comments:

Wednesday, February 23, 2011

How to Configure VPN (PPTP) Server on CentOS

In this document you will find the steps on how to build a Linux Point to Point Tunneling Protocol (PPTP) server using Poptop.
This allows roaming users to connect to their corporate network from anywhere on the Internet securely and inexpensively.
It supports Windows 95/98/Me/NT/2000/XP PPTP clients and Linux PPTP clients.
Requirements: -
Server: CentOS 5.3
kernel-2.6.18-128.el5
ppp-2.4.4-2.el5
pptpd-1.3.4-1.rhel5

Kernel version 2.6.15 or above has MPPE built-in which is required for MSCHAPv2. CentOS 5 kernel version is 2.6.18 that means you do not need to install the MPPE module. CentOS 5comes with ppp-2.4.4-1.el5 and it is MPPE support enabled.

Step-1: Install ppp if already not installed and Check if kernel supports MPPE
#yum install ppp
Run the command below to test if your kernel supports MPPE and you should get a return an “ok”: -
#modprobe ppp-compress-18 && echo ok

Step-2: Install PPTPD
You cannot install the pptpd using yum utility because it’s not in yum repo. Download the RPM file pptpd-1.3.4-1.rhel5.1.i386.rpm from http://poptop.sourceforge.net/yum/stable/packages/

#wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm
Install the RPM by running this command: -
#rpm -ivh pptpd-1.3.4-2.rhel5.x86_64.rpm

Step-3: Configuration
Change the /etc/ppp/options.pptpd as below: -
#vi /etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd

Change the following file /etc/pptpd.conf
#vi /etc/pptpd.conf
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.2.1
remoteip 192.168.2.11-15

Add the following username (johndie) and password (passwrd) in /etc/ppp/chap-secrets as below: -
# Secrets for authentication using CHAP
# client server secret IP addresses

shamsul pptpd passwrd *

Step-4: Run the following command to enable the pptpd to start automatically in runlevel 3 and 5 as below: -
#chkconfig --level 35 pptpd on
Now, you can start the pptpd service as below: -
#service pptpd start

Step-5: For pptpd to work, the packet forwarding must be enabled. Edit /etc/sysctl.conf and change the line to below: -
#vi /etc/sysctl.conf
net.ipv4.ip_forward = 1

To enable it immediately, run following command: -
#sysctl -p
Now test your setup by creating a vpn connection from any windows or linux pc.

credit to: http://almamunbd.blogspot.com/2009/06/how-to-configure-vpn-pptp-server-on.html
Posted by at 2 comments:

Thursday, February 10, 2011

Setup VNC Server on CentOS


  1. yum install vncserver 
  2. vi /etc/sysconfig/vncservers
    3. VNCSERVERS="1:tiger 2:albatros 3:leopard"                                      VNCSERVERARGS[1]="-geometry 1024x768 -depth 16"                                      VNCSERVERARGS[2]="-geometry 800x600 -depth 8"                                      VNCSERVERARGS[3]="-geometry 1024x768 -depth 16"
    3.  vncpasswd tiger
    4.  vi /home/tiger/.vnc/xstartup (uncomment below line)
         unset SESSION_MANAGER
         exec /etc/X11/xinit/xinitrc
    5. /etc/init.d/vncserver start

    Posted by at No comments:

    Tuesday, May 11, 2010

    dump mysql database and sync with DR

    1.Create crontab script and name it as sync.sh
      mysqldump --no-create-info -h CMS-AUTH01 -uroot -pezidentity eziden > sync.sql
      echo "Sync data retrieved..."
      mysql -uroot -pezidentity -e "drop database eziden;"
      mysql -uroot -pezidentity -e "create database eziden;"
      echo "Database initialized for sync..."
      mysql -uroot -pezidentity eziden < /usr/ezidentity/scripts/cron/tables.sql
      echo "Database sync in progress..."
      mysql -uroot -pezidentity eziden < /usr/ezidentity/scripts/cron/sync.sql
      echo "Database sync completed."

      2. dump mysql database using below command. This command will dump tables structure only without dumping data.

      mysqldump -d -uroot -pezidentity eziden > eziden.sql

      3.add cron jab using below command

      $ crontab -e

      Note: point to above script (sync.sh)


      00 3 * * * bash /usr/ezidentity/scripts/cron/sync.sh
      Posted by at No comments:

      Thursday, April 8, 2010

      CVS and cvsWEB

       
      CVS how to
      ------------------------------
      OS: CENTOS
      1. install xinetd server using
      # yum install xinetd
      2. install cvs
      # yum install cvs
      3.vim /etc/xinetd.d/cvs
      ------------------------------------------------------------------
      service cvspserver
      {
              disable                 = no
              port                    = 2401
              socket_type             = stream
              protocol                = tcp
              wait                    = no
              user                    = root
              passenv                 = PATH
              server                  = /usr/bin/cvs
              env                     = HOME=/var/cvs
              server_args             = -f --allow-root=/var/cvs pserver
      #       bind                    = 127.0.0.1
      }
      ------------------------------------------------------------------
      Note: by default this cvs service is disabled. you need to enable it by change "no"

      4.initialized repository according to the path you want using below command
      # cvs -d /var/cvs/ init
      5.start xinedd server
      #/etc/init.d/xinetd start
      6.test cvs server is running using following command
      # netstat -tap | grep cvs
      tcp        0      0 *:cvspserver                *:*                         LISTEN      13496/xinetd
       
      7.Cvs allows the user to add user independently of the underlying OS intallation.. Im going to add user for cvs using OS level
      # useradd -G cvs cvs
       
      8.create file name random.pl and put in below code on it
      ---------------------------------------------------------------
      #!/usr/bin/perl
      srand (time());
      my $randletter = "(int (rand
      (26)) + (int (rand (1) + .5)
      % 2 ? 65 : 97))";
      my $salt = sprintf ("%c%c",eval $randletter, eval $randletter);
      my $plaintext = shift;
      my $crypttext = crypt ($plaintext, $salt);
      print "${crypttext}\n";
      --------------------------------------------------------------- 
      use above random.pl to create cvs user password. To create encrypted password run below command
      #./random.pl cvsadmin
      copy and paste this password into passwd file in /var/cvs/CVSROOT/passwd

      9.Create a text file in /usr/local/cvsroot/CVSROOT called passwd and enter the users as shown below (format is: userid:encrypted-password:cvs )
      username1:x$5itFdsw123:cvs
      username2:3fgRH4p3443:cvs

      10.change owner and group of cvs repository and file to cvs
      # chown -R cvs.cvs /var/cvs/

      11.Set restrictive permissions on the file:
      # chmod 400 /var/cvs/CVSROOT/passwd

      Posted by at No comments:
      Labels:
      Subscribe to: Posts (Atom)