sábado, outubro 22, 2016

pftop filter specific pattern / example

OpenBSD, Simple and Secure : pftop filter specific pattern



pftop filter example


pftop -f 'src host 172.30.26.34'

http://www.eee.metu.edu.tr/~canacar/pftop/

Pftop is a small, curses-based utility for real-time display of active states and rule statistics for pf, the packet filter. for OpenBSD.

Current release pftop-0.7, written and maintained by Can E. Acar.

Screenshots:

80 column:
pfTop: Up State 1-3/64, View: default, Order: none

PR   DIR SRC                  DEST                 STATE   AGE   EXP  PKTS BYTES
icmp Out 192.168.100.32:361   192.168.100.22:361    0:0      9     1     2    96
icmp Out 192.168.100.32:361   192.168.100.23:361    0:0      9     1     2    96
tcp  In  192.168.100.7:1029   192.168.100.32:443    4:4   4165 86302 25871 9251K

120 column:
pfTop: Up State 1-3/68, View: default, Order: none

PR   DIR SRC                      DEST                              STATE                AGE       EXP     PKTS    BYTES
tcp  In  192.168.100.1:1029       192.168.100.32:80        ESTABLISHED:ESTABLISHED  01:12:52  23:58:55    25873  9473801
tcp  In  192.168.100.9:38474      192.168.100.32:25        ESTABLISHED:ESTABLISHED  00:02:47  24:00:00      193   140803
tcp  In  192.168.100.12:1031      192.168.100.32:110       ESTABLISHED:ESTABLISHED  06:27:26  23:55:31    37249 15556515


For more information read the manual page

STATE FILTERING

The expression filter selects which states will be displayed. It is based
     on the tcpdump filtering language. The following is based on the tcpdump
     manual page, modified for state filtering.

     The filter expression consists of one or more primitives.  Primitives
     usually consist of an id (name or number) preceded by one or more quali-
     fiers.  There are three different kinds of qualifiers:

     type   Specify which kind of address component the id name or number
            refers to.  Possible types are host, net and port.  If there is no
            type qualifier, host is assumed.

     dir    Specify a the address component (src, dest, gateway) that id ap-
            plies. Possible directions are src, dst, gw, src or dst, src and
            dst.  If there is no dir qualifier, src or dst or gw is assumed.

     proto  Restrict the match to a particular protocol.  Possible protocols
            are: ah, carp, esp, icmp, ip, ip6, pfsync, tcp, and udp.  If there
            is no protocol qualifier, all protocols consistent with the type
            are assumed.

     In addition to the above, there are some special primitive keywords that
     don't follow the pattern and arithmetic expressions.  All of these are
     described below.

     More complex filter expressions are built up by using the words and, or,
     and not to combine primitives.

     Allowable primitives are:

     dst host host  True if the IP destination field of the state is host,
                    which may be either an address or a name.

     gw host host   True if the IP gateway field of the state is host.

     src host host  True if the IP source field of the state is host.

     host host      True if either the IP source or destination or gateway of
                    the state is host.  If host is a name with multiple IP ad-
                    dresses, each address will be checked for a match.

     dst net net    True if the IP destination address of the state has a net-
                    work number of net.  net may be either a name from
                    /etc/networks or a network number (see networks(5) for de-
                    tails).

     gw net net     True if the IP gateway address of the state has a network
                    number of net.

     src net net    True if the IP source address of the state has a network
                    number of net.

     net net        True if either the IP source, destination or gateway ad-
                    dress of the state has a network number of net.

                    Any of the above host or net expressions can be prepended
                    with the keywords, ip, or ip6.

     dst port port  True if the packet is IP/TCP or IP/UDP and has a destina-
                    tion port value of port.  The port can be a number or name
                    number or ambiguous name is used, only the port number is
                    checked;

     port port      True if either the source, destination or gateway port of
                    the state is port.

                    Any of the above port expressions can be prepended with
                    the keywords tcp or udp, as in:

                          tcp src port port

                    which matches only TCP states whose source port is port.

     inbound, in    True if the state has an inbound direction.

     outbound, out  True if the state has an outbound direction.

     proto proto    True if the IP protocol type of the state is proto.  proto
                    can be a number or name from protocols(5), such as icmp,
                    udp, or tcp.

     rnr num        True if the state was generated with the rule number in
                    the main ruleset.

     ah, carp esp, icmp, pfsync, tcp, udp
                    Abbreviations for: proto p where p is one of the above
                    protocols.

     expr relop expr
                    True if the relation holds, where relop is one of `>',
                    `<', `>=', `<=', `=', `!=', and expr is an arithmetic ex-
                    pression composed of integer constants (expressed in
                    standard C syntax), the normal binary operators (`+', `-',
                    `*', `/', `&', `|'), a length operator, and special state
                    data accessors.

                    The following expressions can be used to access numerical
                    fields inside a state: inp, and outp return input and out-
                    put packet counts.  inb, and outb is for input and output
                    bytes transferred through the state.  age is the seconds
                    since the state is created, and exp is the number of sec-
                    onds left before the state expires.

     Primitives may be combined using a parenthesized group of primitives and
     operators.  Allowable primitives and operators are:

           Negation (``!'' or ``not'')

           Concatenation (``&&'' or ``and'')

           Alternation (``||'' or ``or'')

     Negation has highest precedence.  Alternation and concatenation have
     equal precedence and associate left to right.

     Expression arguments must be passed to pftop as a single argument. Since
     the expression usually contains shell metacharacters, it should be placed
     in quotes.

quinta-feira, outubro 20, 2016

services - Chkconfig alternative for debian 8 jessie

services - Chkconfig alternative for Ubuntu Server? - Ask Ubuntu

debian 8 chkconfig





Best alternative IMHO is sysv-rc-conf To install just need to run the command:
sudo apt-get install sysv-rc-conf
Once installed run the command:
sudo sysv-rc-conf
You can check or uncheck the options to start a service on any level of execution and may even stop or start the services from this console. It is an indispensable tool to enable or disable applications on an permanently way to boot your ubuntu If you need a quick change, then you can use the CLI interface:
For example to stop ssh at levels 3 and 5 of execution:
sysv-rc-conf-off level 35 ssh
Atd to start in runlevels 2,3,4 and 5:
sysv-rc-conf on atd
If you want to know more:
man sysv-rc-conf








domingo, outubro 16, 2016

How to install Composer on Debian / Ubuntu Linux



How to install Composer on Debian / Ubuntu Linux

Installation

#apt-get install curl php5-cli git

OR

#apt install curl php7.0-cli git

Install composer tool

Next install composer on Debian or Ubuntu Linux in /usr/local/bin/ directory as follows:
# curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer


Verify composer

To verify installation type:
# composer
OR
# /usr/local/bin/composer

Sample output

composer
Do not run Composer as root/super user! See https://getcomposer.org/root for details
   ______
  / ____/___  ____ ___  ____  ____  ________  _____
 / /   / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__  )  __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
                    /_/
Composer version 1.2.1 2016-09-12 11:27:19

Usage:
  command [options] [arguments]

Options:
  -h, --help                     Display this help message
  -q, --quiet                    Do not output any message
  -V, --version                  Display this application version
      --ansi                     Force ANSI output
      --no-ansi                  Disable ANSI output
  -n, --no-interaction           Do not ask any interactive question
      --profile                  Display timing and memory usage information
      --no-plugins               Whether to disable plugins.
  -d, --working-dir=WORKING-DIR  If specified, use the given directory as working directory.
  -v|vv|vvv, --verbose           Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Available commands:
  about           Short information about Composer
  archive         Create an archive of this composer package
  browse          Opens the package's repository URL or homepage in your browser.
  clear-cache     Clears composer's internal package cache.
  clearcache      Clears composer's internal package cache.
  config          Set config options
  create-project  Create new project from a package into given directory.
  depends         Shows which packages cause the given package to be installed
  diagnose        Diagnoses the system to identify common errors.
  dump-autoload   Dumps the autoloader
  dumpautoload    Dumps the autoloader
  exec            Execute a vendored binary/script
  global          Allows running commands in the global composer dir ($COMPOSER_HOME).
  help            Displays help for a command
  home            Opens the package's repository URL or homepage in your browser.
  info            Show information about packages
  init            Creates a basic composer.json file in current directory.

sábado, outubro 15, 2016

Xterm settings variables for bash

TipsAndTricks/CustomizeBash - CentOS Wiki



Customize Bash Prompt

User Specific Configuration

There are different approaches to customize the Bash Prompt. For user specific configuration edit ~/.bashrc and add your customization below the line '# User specific aliases and functions'
This example:
PS1='\u@\H:\w\$ ' 
will result in the following prompt:
user@hostname.domain.tld:/working/directory$
If you prefer a colorful prompt, try:
PS1='\[\033[02;32m\]\u@\H:\[\033[02;34m\]\w\$\[\033[00m\] '
A detailed description of color codes can be found here.
You can also display the hostname only, instead of the complete url by using 'h' instead of 'H' in the PS1 definition.

System-wide Configuration

System-wide configuration is done in /etc/bashrc. Comment out the default settings and add your customization below:
# [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \w]\\$ "
PS1='\u@\H:\w\$ ' 

XTerm

To set the XTerm window title, create a file called
/etc/sysconfig/bash-prompt-xterm
with the following content:
echo -ne "\033]0;${USER}@${HOSTNAME}:${PWD/#$HOME/~}\007"
and make it executable using:
chmod +x /etc/sysconfig/bash-prompt-xterm
If you only want to display the hostname instead of the complete url you can change:
${HOSTNAME}
to
${HOSTNAME%%.*}


which will strip all the information after the first '.'

Change to XTERM

segunda-feira, outubro 03, 2016

Samba 4 as domain controller using debian 8.5


apt-get -y install rsync
apt-get -y install vim
apt-get -y install apt-file
apt-get -y install mlocate
apt-get -y install samba
apt-get -y install smbclient winbind
apt-get -y install chkconfig
apt-get -y install klibc-utils
apt-get -y install krb5-user libpam-krb5
apt-get -y install libnss-winbind




samba-tool domain provision --use-rfc2307 --realm=AD.domain.com --domain=domain --server-role=dc --adminpass='PassWord'

Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=ad,DC=domain,DC=com,DC=br
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=ad,DC=domain,DC=com,DC=br
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              dc1
NetBIOS Domain:        domain
DNS Domain:            ad.domain.com
DOMAIN SID:            S-1-5-21-2204263205-3035504052-alska;lska;lska

ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf


GPO - Polices
Map Network Shared Drive in Group Policy




--- samba as ad member smb client with winbindd working getent passwd
smb.conf bellow is what worked for me ...

/etc/hosts
192.168.7.1     DC1.ad.domain.com    DC1
 /etc/resolv.conf 
domain ad.domain.com
nameserver 192.168.7.1
smb.conf
dns forwarder = 192.168.10.254

smbcontrol all reload-config
change /etc/nsswitch.conf

smb.conf - client
[global]
       netbios name = SMB-TEST
       security = ADS
       workgroup = domain
       realm = AD.domain.com
 
       log file = /var/log/samba/%m.log
       log level = 1
       idmap config *:backend = tdb
       idmap config *:range = 2000-9999
       winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        winbind use default domain = yes




apt-get -y install libpam-winbind
(allow setup change files /etc/pam.d/common*)


# The primary network interface
allow-hotplug eth0
#iface eth0 inet dhcp
iface eth0 inet static
        address 192.168.7.2
        netmask 255.255.255.0
        network 192.168.7.0
        broadcast 192.168.7.255
        gateway 192.168.7.254

cat /etc/resolv.conf 
domain ad.domain.com
nameserver 192.168.7.1

cat /etc/hosts
127.0.0.1       localhost 
192.168.7.2     smb-test.ad.domain.com smb-test