Tag Archives: linux

Debian on Barracuda NG F10 Firewall

Hi

While I was tearing down the firewall the CF-Slot jumped right into my eyes. Every Linux guy might think the same. ūüôā

So i debootstraped a CF-card made it bootable and right after the first try, bam, working.
The Hardware got freed from the propritary Linux OS and crappy tools and … Yes the backdoors, bugs and security holes, because you won’t get any free downloadable firmware updates. This is really annoying on Barracuda firewalls. It’s a shitty firewall. Every crappy TP-Link does the same things in production.

Have fun!

Monitor the RAID Status Avago LSI Logic SAS3008 Fusion-MPT SAS-3 with Linux

Hi

Need to monitor the RAID Status of your Avago LSI Logic / Symbios Logic SAS3008 PCI-Express Fusion-MPT SAS-3 under Linux with perl?

Yes Avago has a crappy website. When you search the website for SAS3008 you only find some pdf. But not the utility to query your raid controller. Crappy website or intentionally. Who knows ūüôā

Below is a script which send’s a simple mail if something goes bad to your RAID. Just put it in your crontab. Might someone want’s to adopt it. Might use with Nagios/Icinga. Actually I’ve not the case to do this. Might later…

#!/usr/bin/perl

use warnings;
use MIME::Lite;

$emailFrom = 'root@server.domain.tld';
$emailTo = 'hostmaster@yourdomain.tpl';
$smartHost = 'smarthost.mail.local';
$hostName = 'server.domain.tld';
$pathSas3ircu = '/root/bin/SAS3IRCU_P12/sas3ircu_linux_x64_rel/sas3ircu';

if (check_status() == 1) {
  $body = join("", get_info("0","STATUS"));
  send_email($emailTo,$body);
}

sub check_status {
  $error = 0;

  foreach $line (get_info("0","DISPLAY")) {
    if ($line =~ /Status of volume/) {
      if ($line !~/Okay/) {
        $error = 1;
      }
    }
    if ($line =~ /State/) {
      if ($line !~ /Optimal/ ) {
        $error = 1;
      }
    }
  }
  return $error;
}

sub get_info {
  $arg1 = shift;
  $arg2 = shift;

  $cmd = "$pathSas3ircu $arg1 $arg2";
  @output = `$cmd`;
  return @output;
}

sub send_email {
  $arg1 = shift;
  $arg2 = shift;
  
  $subject = "Warning RAID inconsitent $hostName";

  $msg = MIME::Lite->new(
    From     => $emailFrom,
    To       => $arg1,
    Subject  => $subject,
    Data     => $arg2
  );

  $msg->send('smtp',$smartHost,Debug=>0);
}

Here a download link of the tool:
http://docs.avagotech.com/docs/SAS3IRCU_P12.zip

Here a link of an different controller where you find the download link:
http://www.avagotech.com/products/server-storage/host-bus-adapters/sas-9305-16e#downloads

Have Fun!

pxe live antivirus

hi

need some live antivirus boot from pxe?
here another one of my howto’s to boot avg live cd from pxe

wget http://download.avg.com/filedir/inst/avg_arl_cdi_all_120_150814a10442.iso
mount -o loop avg_arl_cdi_all_120_150814a10442.iso /mnt
 cp -rv /mnt/* /var/lib/tftpboot/avg/
vim /var/lib/tftpboot/pxelinux.cfg/avg.menu
LABEL 1
 MENU LABEL AVG Antivirus Live
 KERNEL avg/isolinux/vmlinuz
 APPEND max_loop=255 vga=791 initrd=avg/isolinux/initrd.lzm init=linuxrc reboot=bios
 TEXT HELP
 AVG Antivirus Live
 ENDTEXT
vim /var/lib/tftpboot/pxelinux.cfg/default
...
MENU BEGIN AVG-Antivirus
 MENU TITLE AVG-Antivirus
 LABEL Previous
 MENU LABEL Previous Menu
 TEXT HELP
 Return to previous menu
 ENDTEXT
 MENU EXIT
 MENU SEPARATOR
 MENU INCLUDE pxelinux.cfg/avg.menu
 MENU END
...

happy virus removal!

l2tp ipsec linux client bash script

hi

here is my simple approach of a vpn client via bash
The main script i found https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup
I’ve adopted it to my needs.

First we configure strongswan:

/etc/ipsec.conf
conn yourcompany
    keyexchange=ikev1
    authby=secret
    type=transport
    left=%defaultroute
    leftprotoport=17/1701
    right=2.2.2.2
    rightprotoport=17/1701
    auto=add
/etc/ipsec.secrets
2.2.2.2 : PSK "yourpsk"

Now we configure xl2tpd

/etc/xl2tpd/xl2tpd.conf
[lac vpn-connection]
lns = 2.2.2.2
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
debug
lock
connect-delay 5000
name yourusername
password yourpassword

Here is my bash script

#!/bin/bash
if [ $# != 1 ] ; then
    echo "Usage: (sudo) sh $0 {start|stop}" 
    exit 1;
fi

VPN_ADDR=2.2.2.2

function getIP(){
    /sbin/ifconfig $1 | grep "inet "| awk '{print $2}'
}

function getGateWay(){
    /sbin/route -n | grep -m 1 "^0\.0\.0\.0" | awk '{print $2}'
}

function getVPNGateWay(){
    /sbin/route -n | grep -m 1 "$VPN_ADDR" | awk '{print $2}'
}

function saveInterface() {
    echo $(/sbin/route -n | grep -m 1 "^0\.0\.0\.0" | awk '{print $8}') > /tmp/interface.txt
}

function getInterface(){
    cat /tmp/interface.txt
}

GW_ADDR=$(getGateWay)  

function start(){
    saveInterface
    ipsec up youconnectioname
    sleep 2    #delay to ensure that IPsec is started before overlaying L2TP

    systemctl start xl2tpd
    sleep 2
    /bin/echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control     
    sleep 2    #delay again to make that the PPP connection is up.

    route add $VPN_ADDR gw $GW_ADDR $(getInterface)
    route add default gw $(getIP ppp0)
    route delete default gw $GW_ADDR
}

function stop(){
    ipsec down yourconnectioname
    /bin/echo "d vpn-connection" > /var/run/xl2tpd/l2tp-control
    systemctl stop xl2tpd
    
    VPN_GW=$(getVPNGateWay)
    route delete $VPN_ADDR gw $VPN_GW $(getInterface)
    route add default gw $VPN_GW
}
$1
exit 0

sstp client linux howto

Hi  There

Here some nice howto to get SSTP client for Linux to run:

1)Download deb or rpm or compile yourself:

http://sstp-client.sourceforge.net/

2)Install deb or rpm or binary
(in my case install deb for ubuntu)

dpkg -i libsstp-client0_1.0.9_amd64.deb
dpkg -i sstp-client_1.0.9_amd64.deb

3)Configure ppp manager
sudo su
3.1) you may want your targets reachable over your sstp tunnel, therefore we need to setup some routes

vim /etc/ppp/ip-up.d/route
#!/bin/bash
NET="1.1.1.1/24 x.x.x.x/24"
GW="192.168.x.5"

if (ip addr show | grep -q $GW) then
        for PREF in $NET
        do
                route add -net $PREF gw $GW
        done
fi
chmod 755 /etc/ppp/ip-up.d/route

3.2) we need to store your credentials in chap-secrets file

vim /etc/ppp/chap-secrets
bla-user.name   *       passwordtopsecret

3.3)we need to add a ppp peer

vim /etc/ppp/peers/youpeername
#
# Put this file in /etc/ppp/peers/sstp-test, the name should be the same as 
#   for remotename, linkname, and ipparam. Update the url for the server as a part
#   of the pty statement, and finally update your username.
#
# Make sure your user 'kendo' have an appropriate entry in /etc/ppp/chap-secrets.
# Example:
#  #client              server  secret                  IP addresses
#  kendo                *       xxxxxxx                 *
#  'DOMAIN\\kendo'      *       xxxxxxx
#
# Connect to sstp-test peer:
#   sudo pon sstp-test
#
remotename      fqdn-of-your-vpn-peer
linkname        fqdn-of-your-vpn-peer
ipparam         fqdn-of-your-vpn-peer
pty             "sstpc --save-server-route --cert-warn --ipparam fqdn-of-your-vpn-peer --log-level 0 --nolaunchpppd fqdn-of-your-vpn-peer"
name            bla-user.name
plugin          sstp-pppd-plugin.so
sstp-sock       /var/run/sstpc/sstpc-fqdn-of-your-vpn-peer
usepeerdns
#require-mppe
require-mschap-v2
noauth
lock
refuse-pap
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
persist

# Uncomment this if you want additional debug in your /var/log/messages
# debug

4)fire it up

pon youpeername

Have fun!