Hacktopia » Uncategorized

Disable IPv6 on Red Hat Enterprise linux 6

admin — Thu, 26 Jan 2012 17:35:52 +0000

You might be saying that IPv6 is the bees knees, and I must be crazy for wanting to disable it. Well that is partially true. In this case I need to disable it because my machinne is on a network that can only handle IPv4 packets. It also slowed down connections on the machine because of how the network was set up. So basically it was necessary in order to speed up the networking on the server.

add the “options single-request” to the /etc/resolv.conf file

nameserver 4.2.2.1
nameserver 4.2.2.2
options single-request

add “NETWORKING_IPV6=off” to /etc/sysconfig/network

NETWORKING_IPV6=off

next edit the /etc/modprobe.d/ECS.conf file and add “alias ipv6 off” and “net-pf-10″

alias ipv6 off
alias net-pf-10 off

remove the running module

# rmmod ipv6

Then restart network by

# service network restart

or reboot to box to make sure it works after a reboot with

# reboot

To test to make sure that the changes have worked, you should not get anything returned

# lsmod | grep ipv6

You can also run “ifconfig -a” and make sure you do not see the fowling

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1

should see

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1

scp for Centos

admin — Thu, 21 Jul 2011 18:22:28 +0000

For some reason my new CentOS install has a working ssh but I could not find any scp.

So the package that contains openssh-clients

[root@localhost ~]# whereis scp
scp:
[root@localhost ~]# yum install openssh-clients
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.seas.harvard.edu
* epel: mirror.cogentco.com
* extras: centos.mirror.nac.net
* updates: mirrors.seas.harvard.edu
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package openssh-clients.x86_64 0:5.3p1-20.el6_0.3 set to be updated
–> Processing Dependency: libedit.so.0()(64bit) for package: openssh-clients-5.3p1-20.el6_0.3.x86_64
–> Running transaction check
—> Package libedit.x86_64 0:2.11-4.20080712cvs.1.el6 set to be updated
–> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================
Package                                      Arch                                Version                                               Repository                            Size
===================================================================================================================================================================================
Installing:
openssh-clients                              x86_64                              5.3p1-20.el6_0.3                                      updates                              351 k
Installing for dependencies:
libedit                                      x86_64                              2.11-4.20080712cvs.1.el6                              base                                  74 k

Transaction Summary
===================================================================================================================================================================================
Install       2 Package(s)
Upgrade       0 Package(s)

Total download size: 425 k
Installed size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): libedit-2.11-4.20080712cvs.1.el6.x86_64.rpm                                                                                                          | 74 kB     00:00
(2/2): openssh-clients-5.3p1-20.el6_0.3.x86_64.rpm                                                                                                          | 351 kB     00:00
———————————————————————————————————————————————————————————–
Total                                                                                                                                              1.0 MB/s | 425 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing     : libedit-2.11-4.20080712cvs.1.el6.x86_64                                                                                                                     1/2
Installing     : openssh-clients-5.3p1-20.el6_0.3.x86_64                                                                                                                     2/2

Installed:
openssh-clients.x86_64 0:5.3p1-20.el6_0.3

Dependency Installed:
libedit.x86_64 0:2.11-4.20080712cvs.1.el6

Complete!
[root@localhost ~]# whereis scp
scp: /usr/bin/scp /usr/share/man/man1/scp.1.gz

Protecting directories and files with Apache

admin — Mon, 30 Aug 2010 17:36:30 +0000

If you have Apache directories that you want only certain IP to be able to access. Say you have a management interface that you only want employees to have access to.

Once you have properly put the fowling code into
/etc/apache2/sites-available/default

and you are not comming from one of the allowed IP you will be greated with a page that says.

Forbidden

You don’t have permission to access /directory/onwebserver/index.php on this server.

Otherwise the normal web page will show up.

order deny,allow
deny from all
allow from 10.10.0.100 192.168.77.44

force dhcpd to log to it’s own file with syslog-ng

admin — Wed, 24 Mar 2010 18:33:53 +0000

So I did not want my dhcpd messages to be lumped in with all the other /var/log/syslog messages. I am running Debian 5 with comes running with syslog-ng. While syslog-ng is much more customizable then plain syslog, it can also be very confusing. Below is a example of all that I had to add to make syslog send all dhcpd messages to /var/log/dhcpd.log. All I had to do was add those lines to the end of the /etc/syslog-ng/syslog-ng.conf configuration file, and then restart syslog-ng with /etc/init.d/syslog-ng restart. Did not even have to touch /var/log/dhcpd.log, syslog-ng took care of creating that while writing the first log entry.

filter f_daemon {facility(daemon); };
filter f_dhcpd {match(“dhcpd”); };
destination dhcpmessages { file(“/var/log/dhcpd.log”); };
log { source(s_all); filter(f_daemon); filter(f_dhcpd); destination(dhcpmessages); };

remove passowrd from Apache SSL Certificate

admin — Mon, 15 Mar 2010 13:51:03 +0000

So you need to restart Apache that has a SSL certificate, but you don’t want to give the other admins the password, or for other reasons. My reason for taking it out was that logrotate wants to restart Apache after log rotation. Well with Apache sitting waiting for a password, it screws everything up, because it sits and waits for a password that is never entered.

server:/etc/apache2/keys# openssl rsa -in website.key -out website.key.nopass
Enter pass phrase for website.key:
writing RSA key

Make sure you edit /etc/apache2/sites-enabled/000-default or where ever you set up SSL on apache to make it use the new website.key.nopass key. Look how wonderfully it restarts apache with out bothering you for a password now.

So it now looks like

SSLCertificateKeyFile /etc/apache2/keys/roadwarriorvpn.key.nopass

Yaha it restarted with out having to enter a password.

front:/etc/apache2# /etc/init.d/apache2ssl restart
Restarting web server: apache2 … waiting .
front:/etc/apache2#