pxe live antivirus

hi

need some live antivirus boot from pxe?
here another one of my howto’s to boot avg live cd from pxe

wget http://download.avg.com/filedir/inst/avg_arl_cdi_all_120_150814a10442.iso
mount -o loop avg_arl_cdi_all_120_150814a10442.iso /mnt
 cp -rv /mnt/* /var/lib/tftpboot/avg/
vim /var/lib/tftpboot/pxelinux.cfg/avg.menu
LABEL 1
 MENU LABEL AVG Antivirus Live
 KERNEL avg/isolinux/vmlinuz
 APPEND max_loop=255 vga=791 initrd=avg/isolinux/initrd.lzm init=linuxrc reboot=bios
 TEXT HELP
 AVG Antivirus Live
 ENDTEXT
vim /var/lib/tftpboot/pxelinux.cfg/default
...
MENU BEGIN AVG-Antivirus
 MENU TITLE AVG-Antivirus
 LABEL Previous
 MENU LABEL Previous Menu
 TEXT HELP
 Return to previous menu
 ENDTEXT
 MENU EXIT
 MENU SEPARATOR
 MENU INCLUDE pxelinux.cfg/avg.menu
 MENU END
...

happy virus removal!

l2tp ipsec linux client bash script

hi

here is my simple approach of a vpn client via bash
The main script i found https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup
I’ve adopted it to my needs.

First we configure strongswan:

/etc/ipsec.conf
conn yourcompany
    keyexchange=ikev1
    authby=secret
    type=transport
    left=%defaultroute
    leftprotoport=17/1701
    right=2.2.2.2
    rightprotoport=17/1701
    auto=add
/etc/ipsec.secrets
2.2.2.2 : PSK "yourpsk"

Now we configure xl2tpd

/etc/xl2tpd/xl2tpd.conf
[lac vpn-connection]
lns = 2.2.2.2
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
/etc/ppp/options.l2tpd.client
ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
debug
lock
connect-delay 5000
name yourusername
password yourpassword

Here is my bash script

#!/bin/bash
if [ $# != 1 ] ; then
    echo "Usage: (sudo) sh $0 {start|stop}" 
    exit 1;
fi

VPN_ADDR=2.2.2.2

function getIP(){
    /sbin/ifconfig $1 | grep "inet "| awk '{print $2}'
}

function getGateWay(){
    /sbin/route -n | grep -m 1 "^0\.0\.0\.0" | awk '{print $2}'
}

function getVPNGateWay(){
    /sbin/route -n | grep -m 1 "$VPN_ADDR" | awk '{print $2}'
}

function saveInterface() {
    echo $(/sbin/route -n | grep -m 1 "^0\.0\.0\.0" | awk '{print $8}') > /tmp/interface.txt
}

function getInterface(){
    cat /tmp/interface.txt
}

GW_ADDR=$(getGateWay)  

function start(){
    saveInterface
    ipsec up youconnectioname
    sleep 2    #delay to ensure that IPsec is started before overlaying L2TP

    systemctl start xl2tpd
    sleep 2
    /bin/echo "c vpn-connection" > /var/run/xl2tpd/l2tp-control     
    sleep 2    #delay again to make that the PPP connection is up.

    route add $VPN_ADDR gw $GW_ADDR $(getInterface)
    route add default gw $(getIP ppp0)
    route delete default gw $GW_ADDR
}

function stop(){
    ipsec down yourconnectioname
    /bin/echo "d vpn-connection" > /var/run/xl2tpd/l2tp-control
    systemctl stop xl2tpd
    
    VPN_GW=$(getVPNGateWay)
    route delete $VPN_ADDR gw $VPN_GW $(getInterface)
    route add default gw $VPN_GW
}
$1
exit 0

sstp client linux howto

Hi  There

Here some nice howto to get SSTP client for Linux to run:

1)Download deb or rpm or compile yourself:

http://sstp-client.sourceforge.net/

2)Install deb or rpm or binary
(in my case install deb for ubuntu)

dpkg -i libsstp-client0_1.0.9_amd64.deb
dpkg -i sstp-client_1.0.9_amd64.deb

3)Configure ppp manager
sudo su
3.1) you may want your targets reachable over your sstp tunnel, therefore we need to setup some routes

vim /etc/ppp/ip-up.d/route
#!/bin/bash
NET="1.1.1.1/24 x.x.x.x/24"
GW="192.168.x.5"

if (ip addr show | grep -q $GW) then
        for PREF in $NET
        do
                route add -net $PREF gw $GW
        done
fi
chmod 755 /etc/ppp/ip-up.d/route

3.2) we need to store your credentials in chap-secrets file

vim /etc/ppp/chap-secrets
bla-user.name   *       passwordtopsecret

3.3)we need to add a ppp peer

vim /etc/ppp/peers/youpeername
#
# Put this file in /etc/ppp/peers/sstp-test, the name should be the same as 
#   for remotename, linkname, and ipparam. Update the url for the server as a part
#   of the pty statement, and finally update your username.
#
# Make sure your user 'kendo' have an appropriate entry in /etc/ppp/chap-secrets.
# Example:
#  #client              server  secret                  IP addresses
#  kendo                *       xxxxxxx                 *
#  'DOMAIN\\kendo'      *       xxxxxxx
#
# Connect to sstp-test peer:
#   sudo pon sstp-test
#
remotename      fqdn-of-your-vpn-peer
linkname        fqdn-of-your-vpn-peer
ipparam         fqdn-of-your-vpn-peer
pty             "sstpc --save-server-route --cert-warn --ipparam fqdn-of-your-vpn-peer --log-level 0 --nolaunchpppd fqdn-of-your-vpn-peer"
name            bla-user.name
plugin          sstp-pppd-plugin.so
sstp-sock       /var/run/sstpc/sstpc-fqdn-of-your-vpn-peer
usepeerdns
#require-mppe
require-mschap-v2
noauth
lock
refuse-pap
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
persist

# Uncomment this if you want additional debug in your /var/log/messages
# debug

4)fire it up

pon youpeername

Have fun!