tag:blogger.com,1999:blog-49277726761778110482024-03-13T00:30:09.137+01:00Sadar's Blogsadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.comBlogger36125tag:blogger.com,1999:blog-4927772676177811048.post-35884429549297815032016-06-06T14:08:00.003+02:002016-06-06T14:13:16.020+02:00VMDK to qcow / LVM<h3>
Change the vmdk file to qemu format ex :</h3>
<i>qemu-img convert -f vmdk myvm.vmdk -O qcow2 myvm.qcow2</i><br />
<br />
<h3>
Or, copy the vmdk to an LVM based disk of the same size or larger</h3>
<br />
<i>dd if=myvm.vmdk of=/dev/myVG/myvm</i><br />
<br />
<br />
That's all !! sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-39752587792230626952016-06-06T14:04:00.002+02:002016-06-06T14:04:57.860+02:00rsync via proxy socksrsync --ignore-errors --force --human-readable --progress --partial --bwlimit=80 -hav /mnt/share/jessie -e "ssh -o 'ProxyCommand nc -x localhost:10998 opera 22'" root@srv01:/mnt/vol01/08500.vm/virtualbox/disk/jessiesadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-15514331751500055562015-10-04T18:37:00.000+02:002015-10-04T18:43:26.543+02:00apache 2.2 ssh over ssl on debian 8 jessie# install apache2 and modules<br />
aptitude install libalgorithm-merge-perl libhtml-form-perl libhtml-format-perl libhttp-daemon-perl libssl-doc apache2 apache2-utils apache2.2-common libapache2-mod-proxy-html openssl libpcre3-dev libcrypt-ssleay-perl libcurl4-openssl-dev libwww-perl libalgorithm-diff-xs-perl<br />
<br />
# enable modules<br />
a2enmod proxy proxy_connect proxy_html proxy_http rewrite ssl xml2enc<br />
<br />
# test config<br />
apache2ctl configtest<br />
<br />
# create self signed certificates if you need <a href="http://sadar-ssi.blogspot.fr/2014/11/openssl-certificates-self-signed.html" target="_blank">http://sadar-ssi.blogspot.fr/2014/11/openssl-certificates-self-signed.html</a><br />
<br />
# disable default<br />
a2dissite 000-default<br />
<br />
#----------- create config <br />
touch /etc/apache2/sites-available/my-site.conf<br />
nano /etc/apache2/sites-available/my-site.conf<br />
<br />
#-------------------------------------------------------------------------------- <br />
<pre style="background-image: URL(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv88ftwRwkO8u4JnszfX7Q_z1pG0N7otMZPA305W4N2xQT58oGlQVQVQZoKIjd1gE3GAwsN2JmjLkgd_i-DSYjDF3_n_Noh6sJOS8jLtsJzuGL3iGzrMHFnC3qiLXdh3XkIagPFuNemEqJ/s320/codebg.gif); background: #f0f0f0; border: 1px dashed #CCCCCC; color: black; font-family: arial; font-size: 12px; height: auto; line-height: 20px; overflow: auto; padding: 0px; text-align: left; width: 99%;"><code style="color: black; word-wrap: normal;"> <VirtualHost *:80>
ServerName my-server
ServerAdmin my-user@my-user.org
Redirect permanent / https://my-server
HostnameLookups On
</VirtualHost>
<VirtualHost *:443>
ServerName my-server
ServerAlias my-server.dtdns.net
ServerAdmin my-user@my-user.org
ServerSignature off
SSLEngine on
SSLCompression Off
SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 -SSLv2 -SSLv3
SSLOptions +StdEnvVars
SSLproxyengine on
SSLVerifyClient none
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA2m56:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:!aNULL:!eNULL:!LOW:!3DES:
!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLCACertificateFile /etc/ssl/localcerts/my-ca.crt
SSLCertificateFile /etc/ssl/localcerts/my-server.crt
SSLCertificateKeyFile /etc/ssl/localcerts/my-server.nopassphrase.key
SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
LogLevel info
DocumentRoot /var/www/my-server
<Directory /var/www/my-server>
SSLVerifyDepth 1
SSLVerifyClient require
AuthType Basic
AuthName "my-server !!!! ---> @|@ <---"
require valid-user
AuthBasicProvider file
AuthUserFile /var/www/my-server/.htpasswd
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
HostnameLookups On
Proxyrequests On
ProxyVia full
AllowCONNECT 22
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
<ProxyMatch (my-server1|my-server2)>
Order deny,allow
Allow from all
</ProxyMatch>
</VirtualHost>
</code></pre>
#--------------------------------------------------------------------------------<br />
<br />
Create htpasswd from command line<br />
htpasswd -cbm /var/www/my-server/.htpasswd my-user my-password<br />
<br />
Update / add htpasswd from command line<br />
htpasswd -bm /var/www/my-server/.htpasswd my-user my-password<br />
<br />
#------------------------------<br />
chown -R www-data:www-data /var/www/my-server<br />
<br />
#------------------------------ enable site configuration<br />
a2ensite my-server.conf<br />
<br />sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-6393858723761680062014-12-16T17:14:00.001+01:002014-12-16T17:20:18.476+01:00ssh tunnelling : how to mount vpn via ssh...# on remote server edit /etc/ssh/sshd_config and add <br />
PermitTunnel yes<br />
<br />
# restart ssh<br />
sudo service ssh restart<br />
<br />
<br />
#From local computer connect to the remote server (ex : VM Virtualbox in my case)<br />
ssh -D 10998 -vv -N -C -w 0:0 my-remote-server<br />
<br />
#on remote serveur (@home)<br />
ifconfig tun0 172.16.0.1 netmask 255.255.255.252<br />
ifconfig tun0 up<br />
<br />
# verify<br />
ifconfig<br />
<br />
# active ip forwarding <br />
echo 1 > /proc/sys/net/ipv4/ip_forward<br />
<br />
# activate routing <br />
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br />
<br />
# on local computer route subnet 192.168.1.0 @home<br />
route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.0.1 tun0<br />
<br />
# on local windows use local proxy socks on 10998<br />
# exemple with chrome & Falcon Proxy plugin <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaqgtOk1jKfaEW1D7y_YnZSb6mHhZsy6Psbidb1xpHVnURV7MSX2G9bwxo7SgvcBu_yxJhfUyrAWllbvWeKmhQ0n0qezluntQ3ojT5XW1z8R3RteAMyz-peIHL842pp959EbQ94Os7Rim_/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaqgtOk1jKfaEW1D7y_YnZSb6mHhZsy6Psbidb1xpHVnURV7MSX2G9bwxo7SgvcBu_yxJhfUyrAWllbvWeKmhQ0n0qezluntQ3ojT5XW1z8R3RteAMyz-peIHL842pp959EbQ94Os7Rim_/s1600/Capture.PNG" height="273" width="320" /></a></div>
sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-52307869985772656682014-12-15T14:53:00.004+01:002014-12-21T23:26:33.833+01:00install guacamole ubuntu server 14.x# install packages & dependencies<br />
aptitude install make libssh2-1-dev libtelnet-dev libpango1.0-dev libossp-uuid-dev libcairo2-dev libpng12-dev freerdp-x11 libssh2-1 libvncserver-dev libfreerdp-dev libvorbis-dev libssl0.9.8 gcc libssh-dev libpulse-dev tomcat7 tomcat7-admin tomcat7-docs<br />
<br />
# download lasted version<br />
cd /usr/local/src<br />
wget http://downloads.sourceforge.net/project/guacamole/current/source/guacamole-server-0.9.3.tar.gz<br />
wget http://downloads.sourceforge.net/project/guacamole/current/binary/guacamole-0.9.3.war<br />
<br />
# decompress sources<br />
tar xvzf guacamole-server-0.9.3.tar.gz<br />
cd guacamole-server-0.9.3<br />
<br />
#compil version<br />
./configure --with-init-dir=/etc/init.d<br />
<br />
# see results<br />
#------------------------------------------------------------------------------------------------------------------------<br />
<br />
------------------------------------------------<br />
guacamole-server version 0.9.3<br />
------------------------------------------------<br />
<br />
Library status:<br />
<br />
freerdp ............. yes<br />
pango ............... yes<br />
libssh2 ............. yes<br />
libssl .............. yes<br />
libtelnet ........... yes<br />
libVNCServer ........ yes<br />
libvorbis ........... yes<br />
libpulse ............ yes<br />
<br />
Protocol support:<br />
<br />
RDP ....... yes<br />
SSH ....... yes<br />
Telnet .... yes<br />
VNC ....... yes<br />
<br />
Init scripts: /etc/init.d<br />
<br />
Type "make" to compile guacamole-server.<br />
<br />
#------------------------------------------------------------------------------------------------------------------------<br />
make<br />
make install<br />
cd .. <br />
<br />
# ldconfig & test service<br />
ldconfig ; service guacd restart<br />
<br />
#create the settings files for Guacamole<br />
mkdir /etc/guacamole<br />
nano /etc/guacamole/guacamole.properties<br />
<br />
#---------------------------------------------------------------------------------------<br />
# http://guac-dev.org/doc/gug/configuring-guacamole.html<br />
# initial-setup<br />
# --------------------------------------------------------------------<br />
<br />
# Hostname + port<br />
guacd-hostname: localhost<br />
guacd-port: 4822<br />
<br />
# lib-directory<br />
lib-directory: /var/lib/tomcat7/webapps/guacamole/WEB-INF/classes<br />
<br />
# auth-provider<br />
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider<br />
<br />
# basic-user-mapping<br />
basic-user-mapping: /etc/guacamole/user-mapping.xml<br />
<br />
#---------------------------------------------------------------------------------------<br />
<br />
# Now create the file /etc/guacamole/user-mapping.xml<br />
<br />
nano /etc/guacamole/user-mapping.xml<br />
<br />
#---------------------------------------------------------------------------------------<br />
<user-mapping><authorize password="mypasswd" username="my-user"></authorize></user-mapping><br />
<pre nbsp="" style="background-image: URL(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv88ftwRwkO8u4JnszfX7Q_z1pG0N7otMZPA305W4N2xQT58oGlQVQVQZoKIjd1gE3GAwsN2JmjLkgd_i-DSYjDF3_n_Noh6sJOS8jLtsJzuGL3iGzrMHFnC3qiLXdh3XkIagPFuNemEqJ/s320/codebg.gif); background: #f0f0f0; border: 1px dashed #CCCCCC; color: black; font-family: arial; font-size: 12px; height: auto; line-height: 20px; overflow: auto; padding: 0px; text-align: left; width: 99%;"><code style="color: black; word-wrap: normal;"> <user-mapping>
<authorize username="my-user" password="my-passwd">
<connection name="host1">
<protocol>vnc</protocol>
<param name="hostname">host1</param>
<param name="port">5900</param>
<!-- <param name="password">VNCPASS</param> -->
</connection>
<connection name="host2">
<protocol>vnc</protocol>
<param name="hostname">host2</param>
<param name="port">5900</param>
<!-- <param name="password">VNCPASS</param> -->
</connection>
</authorize>
</user-mapping> </code></pre>
<br />
#---------------------------------------------------------------------------------------<br />
<br />
# Create a symbolic link of the properties file for Tomcat7 <br />
mkdir /usr/share/tomcat7/.guacamole<br />
ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat7/.guacamole<br />
<br />
# Copy the guacamole war file to the Tomcat 7 webapps directory<br />
cp -fv guacamole-0.9.3.war /var/lib/tomcat7/webapps/guacamole.war<br />
<br />
# restart the Guacamole (guacd) service<br />
service guacd restart<br />
<br />
# restart Tomcat 7<br />
service tomcat7 restart <br />
<br />
# check tomcat log<br />
tail -f -n 40 /var/log/tomcat7/catalina.out | ccze<br />
<br />
# check netstat<br />
netstat -putlanv | grep -i list<br />
<br />
# try to connect<br />
http://your-server:8080/guacamole<br />
<br />
#---------------------------------------------------------------------------------------<br />
<pre class="line-pre"># Apache2 Proxy Installation and Configuration</pre>
<pre class="line-pre"> </pre>
<div class="line" id="file-guacamole_installer-LC202" style="box-sizing: border-box;">
# Install apache proxy module
</div>
<div class="line" id="file-guacamole_installer-LC203" style="box-sizing: border-box;">
sudo apt-get install -y libapache2-mod-proxy-html libxml2-dev
</div>
<div class="line" id="file-guacamole_installer-LC204" style="box-sizing: border-box;">
</div>
<div class="line" id="file-guacamole_installer-LC205" style="box-sizing: border-box;">
# Enable apache proxy modules
</div>
<div class="line" id="file-guacamole_installer-LC206" style="box-sizing: border-box;">
sudo a2enmod proxy proxy_http proxy_ajp rewrite</div>
<pre class="line-pre"> </pre>
<pre class="line-pre"># change apache site</pre>
<pre class="line-pre"><pre style="background-image: URL(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv88ftwRwkO8u4JnszfX7Q_z1pG0N7otMZPA305W4N2xQT58oGlQVQVQZoKIjd1gE3GAwsN2JmjLkgd_i-DSYjDF3_n_Noh6sJOS8jLtsJzuGL3iGzrMHFnC3qiLXdh3XkIagPFuNemEqJ/s320/codebg.gif); background: #f0f0f0; border: 1px dashed #CCCCCC; color: black; font-family: arial; font-size: 12px; height: auto; line-height: 20px; overflow: auto; padding: 0px; text-align: left; width: 99%;"><code style="color: black; word-wrap: normal;"> <Location /guacamole/>
Order allow,deny
Allow from all
ProxyPass ajp://hostname:8009/guacamole/ max=20 flushpackets=on
ProxyPassReverse ajp://hostname:8009/guacamole/
</Location> </code></pre>
</pre>
<pre class="line-pre"># change /etc/tomcat7/server.xml
<pre style="background-image: URL(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv88ftwRwkO8u4JnszfX7Q_z1pG0N7otMZPA305W4N2xQT58oGlQVQVQZoKIjd1gE3GAwsN2JmjLkgd_i-DSYjDF3_n_Noh6sJOS8jLtsJzuGL3iGzrMHFnC3qiLXdh3XkIagPFuNemEqJ/s320/codebg.gif); background: #f0f0f0; border: 1px dashed #CCCCCC; color: black; font-family: arial; font-size: 12px; height: auto; line-height: 20px; overflow: auto; padding: 0px; text-align: left; width: 99%;"><code style="color: black; word-wrap: normal;"> <Connector port="8009" protocol="AJP/1.3"
redirectPort="8443" proxyPort="443"
tomcatAuthentication="false" secure="true" />
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" /> </code></pre>
<pre class="line-pre"></pre>
<pre class="line-pre"></pre>
</pre>
sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-67320278818181475972014-11-23T20:51:00.000+01:002014-12-21T22:34:05.148+01:00openssl certificates self signedScript de création pour une AC auto-signée <br />
<br />
Il suffit de mettre un passwor et un nom pour l'ac<br />
<br />
NB : $(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;) -->génère un password de 25 caractères aplhnum aléatoire.<br />
<br />
Vous pouvez le changer et mettre ce que bon vous semble ! ;-))<br />
<br />
#-----------------------------------------------<br />
#!/bin/sh<br />
<br />
CertPath=/etc/ssl/localcerts<br />
mkdir -p $CertPath <br />
<br />
# Creation d'une autorite de certification<br />
<br />
ACpasswd=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)<br />
ACName=my-ca<br />
<br />
# subj parameters<br />
CInit="Fr"<br />
Cntry="France"<br />
CCity="Paris"<br />
Orgnt="My Organisation"<br />
OUdpt="IT Department"<br />
CNdpt="$ACName"<br />
Subj="/C=$CInit/ST=$Cntry/L=$CCity/O=$Orgnt/OU=$OUdpt/CN=$CNdpt"<br />
<br />
printf "\n\033[1;33mCréation de certificats auto-signés pour $ACName\033[0m\n"<br />
printf "\n\033[1;33mACName=$ACName\033[0m"<br />
printf "\n\033[1;33mACpasswd=$ACpasswd\033[0m\n"<br />
<br />
printf "\n\033[1;33mCInit=$CInit\033[0m\n"<br />
printf "\033[1;33mCntry=$Cntry\033[0m\n"<br />
printf "\033[1;33mCity=$CCity\033[0m\n"<br />
printf "\033[1;33mOrgnt=$Orgnt\033[0m\n"<br />
printf "\033[1;33mOUdpt=$OUdpt\033[0m\n"<br />
printf "\033[1;33mCNdpt=$CNdpt\033[0m\n"<br />
sleep 1<br />
<br />
# Suppresion des anciens fichiers si présents<br />
rm $CertPath/$ACName*<br />
<br />
# Sauvagarde des clés<br />
echo "ACName=$ACName" > $CertPath/$ACName"-key.txt"<br />
echo "ACpasswd=$ACpasswd" >> $CertPath/$ACName"-key.txt"<br />
<br />
# creation des certificats<br />
printf "\n\033[1;33mopenssl genrsa -out $CertPath/$ACName.key 2048\033[0m\n"<br />
openssl genrsa -out "$CertPath/$ACName.key" 2048 <br />
<br />
printf "\n\033[1;33mopenssl req -new -key $CertPath/$ACName.key -out $CertPath/$ACName.csr -passin pass:$ACpasswd -subj $Subj\033[0m\n"<br />
openssl req -new -key "$CertPath/$ACName.key" -out "$CertPath/$ACName.csr" -passin pass:$ACpasswd -subj "$Subj"<br />
<br />
printf "\n\033[1;33mopenssl x509 -req -days 365 -in $CertPath/$ACName.csr -out $CertPath/$ACName.crt -signkey $CertPath/$ACName.key\033[0m\n"<br />
openssl x509 -req -days 365 -in "$CertPath/$ACName.csr" -out "$CertPath/$ACName.crt" -signkey "$CertPath/$ACName.key"<br />
<br />
printf "\n\033[1;33mopenssl x509 -in $CertPath/$ACName.crt -text\033[0m\n"<br />
openssl x509 -in "$CertPath/$ACName.crt" -text<br />
<br />
printf "\n\033[1;33mopenssl rsa -in $CertPath/$ACName.key -passin pass:$ACpasswd -pubout -out $CertPath/$ACName.public.key\033[0m\n"<br />
openssl rsa -in "$CertPath/$ACName.key" -passin pass:$ACpasswd -pubout -out "$CertPath/$ACName.public.key"<br />
<br />
printf "\n\033[1;33mcat $CertPath/$ACName.key $CertPath/$ACName.crt > $CertPath/$ACName.pem\033[0m\n"<br />
cat $CertPath/$ACName.key $CertPath/$ACName.crt > $CertPath/$ACName.pem<br />
<br />
# echo "openssl x509 -req -days 3650 -signkey $CertPath/$ACName.key -out $CertPath/$ACName.crt"<br />
# openssl x509 -req -days 3650 -signkey $CertPath/$ACName.key -out $CertPath/$ACName.crt<br />
<br />
echo "openssl x509 -in $CertPath/$ACName.crt -text -noout"<br />
openssl x509 -in $CertPath/$ACName.crt -text -noout<br />
<br />
#--------------------------<br />
<br />
Script de création pour un certificat serveur autosigné via l'AC créée par le script précédent<br />
Les paramètres à renseigner sont<br />
<br />
ServerName-->nom du serveur (utile pour les paramètres subj)<br />
#-------------------------------------------------<br />
#!/bin/sh<br />
<br />
CertPath=/etc/ssl/localcerts<br />
<br />
# Nom de l'autorite de certification<br />
ACName=my-ca<br />
<br />
# server parameters<br />
ServerPassph=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)<br />
ServerExpKey=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)<br />
ServerPemKey=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)<br />
ServerName=myserver<br />
<br />
# subj parameters<br />
CInit="Fr"<br />
Cntry="France"<br />
CCity="Paris"<br />
Orgnt="my Organisation"<br />
OUdpt="IT Department"<br />
CNdpt="$ServerName"<br />
Subj="/C=$CInit/ST=$Cntry/L=$CCity/O=$Orgnt/OU=$OUdpt/CN=$CNdpt"<br />
<br />
printf "\n\033[1;33mCréation de certificats auto-signés pour $ServerName\033[0m\n"<br />
printf "\n\033[1;33mServerName=$ServerName\033[0m"<br />
printf "\n\033[1;33mServerPassph=$ServerPassph\033[0m\n"<br />
printf "\033[1;33mServerExpKey=$ServerExpKey\033[0m\n"<br />
printf "\033[1;33mServerPemKey=$ServerPemKey\033[0m\n"<br />
<br />
printf "\n\033[1;33mCInit=$CInit\033[0m\n"<br />
printf "\033[1;33mCntry=$Cntry\033[0m\n"<br />
printf "\033[1;33mCity=$CCity\033[0m\n"<br />
printf "\033[1;33mOrgnt=$Orgnt\033[0m\n"<br />
printf "\033[1;33mOUdpt=$OUdpt\033[0m\n"<br />
printf "\033[1;33mCNdpt=$CNdpt\033[0m\n"<br />
printf "\033[1;33mSubj=$Subj\033[0m\n"<br />
sleep 2<br />
<br />
# Suppresion des anciens fichiers si présents<br />
rm $CertPath/$ServerName*<br />
<br />
# Sauvagarde des clés<br />
echo "ServerName=$ServerName" > $CertPath/$ServerName"-key.txt"<br />
echo "ServerPassph=$ServerPassph" >>$CertPath/$ServerName"-key.txt"<br />
echo "ServerExpKey=$ServerExpKey" >>$CertPath/$ServerName"-key.txt"<br />
echo "ServerPemKey=$ServerPemKey" >>$CertPath/$ServerName"-key.txt"<br />
<br />
#Creation et signature du certificat serveur<br />
printf "\n\033[1;33mopenssl genrsa -des3 -out $CertPath/$ServerName.key -passout pass:$ServerPassph 2048 -subj $Subj\033[0m\n"<br />
openssl genrsa -des3 -out $CertPath/$ServerName.key -passout pass:$ServerPassph 2048 -subj "$Subj"<br />
<br />
printf "\n\033[1;33mopenssl req -new -key $CertPath/$ServerName.key -out $CertPath/$ServerName.csr -passin pass:$ServerPassph -subj $Subj\033[0m\n"<br />
openssl req -new -key $CertPath/$ServerName.key -out $CertPath/$ServerName.csr -passin pass:$ServerPassph -subj "$Subj"<br />
<br />
printf "\n\033[1;33mopenssl x509 -req -in $CertPath/$ServerName.csr -CA $CertPath/$ACName.crt -CAkey $CertPath/$ACName.key -CAcreateserial -out $CertPath/$ServerName.crt -days 3650\033[0m\n"<br />
openssl x509 -req -in $CertPath/$ServerName.csr -CA $CertPath/$ACName.crt -CAkey $CertPath/$ACName.key -CAcreateserial -out $CertPath/$ServerName.crt -days 3650<br />
<br />
printf "\n\033[1;33mopenssl rsa -in $CertPath/$ServerName.key -passin pass:$ServerPassph -out $CertPath/$ServerName.nopassphrase.key\033[0m\n"<br />
openssl rsa -in $CertPath/$ServerName.key -passin pass:$ServerPassph -out "$CertPath/$ServerName.nopassphrase.key"<br />
<br />
#--------------------------------------------<br />
<br />
Script de création d'un certificat utilisateur pour limiter les accès https<br />
<br />
#--------------------------------------------<br />
#!/bin/sh<br />
<br />
CertPath=/etc/ssl/localcerts<br />
<br />
# Nom de l'autorite de certification<br />
ACName=my-ca<br />
<br />
# user parameters<br />
UserPassph=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)<br />
UserExpKey=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)<br />
UserPemKey=$(< /dev/urandom tr -dc a-z-0-9-A-Z | head -c${1:-25};echo;)<br />
UserKey=myUserKey<br />
<br />
# subj parameters<br />
CInit="Fr"<br />
Cntry="France"<br />
CCity="Paris"<br />
Orgnt="my Organisation"<br />
OUdpt="IT Department"<br />
CNdpt="$UserKey"<br />
Subj="/C=$CInit/ST=$Cntry/L=$CCity/O=$Orgnt/OU=$OUdpt/CN=$CNdpt"<br />
<br />
printf "\n\033[1;33mCréation des certificats auto-signés pour $UserKey\033[0m\n"<br />
printf "\n\033[1;33mUserPassph=$UserPassph\033[0m"<br />
printf "\n\033[1;33mUserExpKey=$UserExpKey\033[0m"<br />
printf "\n\033[1;33mUserPemKey=$UserPemKey\033[0m"<br />
printf "\n\033[1;33mUserKey=$UserKey\033[0m\n"<br />
<br />
printf "\n\033[1;33mCInit=$CInit\033[0m\n"<br />
printf "\033[1;33mCntry=$Cntry\033[0m\n"<br />
printf "\033[1;33mCity=$CCity\033[0m\n"<br />
printf "\033[1;33mOrgnt=$Orgnt\033[0m\n"<br />
printf "\033[1;33mOUdpt=$OUdpt\033[0m\n"<br />
printf "\033[1;33mCNdpt=$CNdpt\033[0m\n"<br />
printf "\033[1;33mSubj=$Subj\033[0m\n"<br />
sleep 1<br />
<br />
# Suppresion des anciens fichiers si présents<br />
rm $CertPath/$UserKey*<br />
<br />
# Sauvagarde des clés<br />
echo "UserKey=$UserKey" > $CertPath/$UserKey"-key.txt"<br />
echo "UserPassph=$UserPassph" >>$CertPath/$UserKey"-key.txt"<br />
echo "UserExpKey=$UserExpKey" >>$CertPath/$UserKey"-key.txt"<br />
echo "UserPemKey=$UserPemKey" >>$CertPath/$UserKey"-key.txt"<br />
<br />
#Creation et signature du certificat user<br />
printf "\n\033[1;33mopenssl genrsa -des3 -out $CertPath/$UserKey.key -passout pass:$UserPassph 2048 -subj $Subj\033[0m\n"<br />
openssl genrsa -des3 -out $CertPath/$UserKey.key -passout pass:$UserPassph 2048 -subj "$Subj"<br />
<br />
printf "\n\033[1;33mopenssl req -new -key $CertPath/$UserKey.key -out $CertPath/$UserKey.csr -passin pass:$UserPassph -subj $Subj\033[0m\n"<br />
openssl req -new -key $CertPath/$UserKey.key -out $CertPath/$UserKey.csr -passin pass:$UserPassph -subj "$Subj"<br />
<br />
printf "\n\033[1;33mopenssl x509 -req -in $CertPath/$UserKey.csr -out $CertPath/$UserKey.crt -CA $CertPath/$ACName.crt -sha1 -CAkey $CertPath/$ACName.key -CAcreateserial -days 1825\033[0m\n"<br />
openssl x509 -req -in $CertPath/$UserKey.csr -out $CertPath/$UserKey.crt -CA $CertPath/$ACName.crt -sha1 -CAkey $CertPath/$ACName.key -CAcreateserial -days 1825<br />
<br />
printf "\n\033[1;33mopenssl pkcs12 -export -in $CertPath/$UserKey.crt -inkey $CertPath/$UserKey.key -name $UserKey.key -out $CertPath/$UserKey.p12 -name $UserKey certificate -passin pass:$UserPassph -passout pass:$UserPassph\033[0m\n"<br />
openssl pkcs12 -export -in $CertPath/$UserKey.crt -inkey $CertPath/$UserKey.key -name $UserKey -out $CertPath/$UserKey.p12 -name "$UserKey certificate" -passin pass:$UserPassph -passout pass:$UserPassph <br />
<br />
printf "\n\033[1;33mopenssl pkcs12 -in $CertPath/$UserKey.p12 -clcerts -nokeys -info -passin pass:$UserPassph\033[0m"<br />
openssl pkcs12 -in $CertPath/$UserKey.p12 -clcerts -nokeys -info -passin pass:$UserPassphsadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-40502717301892880912014-11-17T17:13:00.000+01:002014-11-17T17:13:14.168+01:00ssh-copy-id with diffrent port ssh-copy-id -i ~/.ssh/id_rsa.pub "user@host -p 2222"sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-35355000267792567582014-11-08T18:28:00.000+01:002014-11-08T18:28:57.493+01:00webvirtmgrHow to authorize webvirtmgr to connect remote host <br />
<br />
<br />
<br />
Create SSH private key and ssh config options (On system where WebVirtMgr is installed):<br />
<br />
$ sudo su - nginx -s /bin/bash<br />
<br />
$ ssh-keygen<br />
<br />
Generating public/private rsa key pair.<br />
<br />
Enter file in which to save the key (path-to-id-rsa-in-nginx-home): Just hit Enter here!<br />
<br />
$ touch ~/.ssh/config && echo -e "StrictHostKeyChecking=no\nUserKnownHostsFile=/dev/null" >> ~/.ssh/config<br />
<br />
$ chmod 0600 ~/.ssh/config<br />
<br />
Add webvirt user (on qemu-kvm/libvirt host server):<br />
<br />
$ sudo adduser webvirtmgr<br />
<br />
$ sudo passwd webvirtmgr<br />
<br />
Back to webvirtmgr host and copy public key to qemu-kvm/libvirt host server:<br />
<br />
$ sudo su - nginx -s /bin/bash<br />
<br />
$ ssh-copy-id webvirtmgr@qemu-kvm-libvirt-host<br />
<br />
Or if you changed the default SSH port use:<br />
<br />
$ ssh-copy-id -P YOUR_SSH_PORT webvirtmgr@qemu-kvm-libvirt-host<br />
<br />
Now you can test the connection by entering:<br />
<br />
$ ssh webvirtmgr@qemu-kvm-libvirt-host<br />
<br />
For a non-standard SSH port use:<br />
<br />
$ ssh -P YOUR_SSH_PORT webvirtmgr@qemu-kvm-libvirt-host<br />
<br />
You should connect without entering a password.<br />
<br />
Set up permissions to manage libvirt (on qemu-kvm/libvirt host server):<br />
<br />
On Ubuntu:<br />
<br />
$ sudo adduser webvirtmgr libvirtd<br />
<br />
#------------------------------------------------------------------------------------------------<br />
<br />
Create SSH public key in folder /var/www/.ssh/id_rsa:<br />
<br />
$ sudo ssh-keygen<br />
Enter file in which to save the key (/root/.ssh/id_rsa): /var/www/.ssh/id_rsa<br />
<br />
Change owner and permissions for folder /var/www/.ssh (Ubuntu: "www-data."; Fedora,CentOS: "apache."):<br />
<br />
$ sudo chmod -R 0600 /var/www/.ssh/config<br />
$ sudo chown -R apache:apache /var/www/.ssh<br />
<br />
Set up SSH public key (On libvirt Host Server)<br />
<br />
<br />
On remote serveur : create user for manager libvirt:<br />
<br />
$ sudo adduser webvirtmgr<br />
<br />
Copy /var/www/.ssh/id_rsa.pub to folder (on server) .ssh/authorized_keys user webvirtmgr:<br />
<br />
$ sudo mkdir /home/webvirtmgr/.ssh<br />
$ sudo chmod 700 /home/webvirtmgr/.ssh<br />
$ sudo cp /var/www/.ssh/id_rsa.pub /home/webvirtmgr/.ssh/authorized_keys<br />
$ sudo chmod 0600 /home/webvirtmgr/.ssh/authorized_keys<br />
$ sudo chown -R webvirtmgr:webvirtmgr /home/webvirtmgr/.ssh<br />
<br />
Set up permissions to manage libvirt<br />
<br />
Ubuntu:<br />
<br />
$ sudo adduser webvirtmgr libvirtd<br />
<br />
<br />
[Remote libvirt SSH access]<br />
Identity=unix-user:webvirtmgr<br />
Action=org.libvirt.unix.manage<br />
ResultAny=yes<br />
ResultInactive=yes<br />
ResultActive=yes<br />
sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-13873633870338069202014-07-23T08:33:00.002+02:002014-07-23T08:34:24.621+02:00VNC server on mintaptitude install x11vnc<br />
<br />
gedit /etc/mdm/Init/Default<br />
<br />
#insert before exit 0<br />
# <br />
<br />
if [ -z "$(pidof x11vnc)" ]; then nohup x11vnc -norc -forever -shared -autoport 5900 -avahi -env X11VNC_AVAHI_NAME=`hostname` -desktop "`hostname`'s Remote Desktop" -scale_cursor 0.5 -repeat -bg -o /var/log/x11vnc.log 2>/dev/null 1>&2; fi<br />
<br />
# cmde line putty <br />
<br />
-L 5999:192.168.1.xx:5900 <br />
<br />
# cnx to host --> 127.0.0.1:5999sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-2865242126168964442014-06-22T16:34:00.000+02:002014-06-22T16:34:38.364+02:00UBUNTU 14.04 logout : Logging out function disappeared?# command<br />
gsettings get org.gnome.desktop.lockdown disable-log-out <br />
<br />
# should be return "false"<br />
# if it's "true", then you need to set it to false to be able to log out, as user in terminal:<br />
<br />
gsettings set org.gnome.desktop.lockdown disable-log-out false<br />
<br />
<br />
sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-44683804731517654702014-04-04T17:29:00.002+02:002014-04-06T17:51:31.982+02:00SquidGard FATAL: Error db_open: No such file or directory<br />
<br />
cd /var/lib/squidguard/db<br />
rsync -arpogvt rsync://ftp.ut-capitole.fr/blacklist .<br />
mv -fv dest/* .<br />
rm -rf /var/lib/squidguard/db/dest/<br />
chown -R proxy:proxy /var/lib/squidguard/<br />
<br />
# verify<br />
squidGuard -d<br />
<br />
# that's all !<br />
sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-71469181206029267222014-04-04T15:25:00.000+02:002014-12-07T08:22:52.307+01:00KVM and virsh essential commandLVM KVM to Virtualbox<br />
#----------------------------------------------------------------<br />
<pre><code>dd if=/dev/Volume01/Disk of=/tmp/image.raw
qemu-img convert -O vdi /tmp/image.raw test.vdi
rm /tmp/image.raw</code></pre>
<pre><code>#--------------------- </code></pre>
<br />
# change @MAC <br />
<br />
virsh edit <vm name=""><br />
<br />
# Copy VM script bash<br />
#--------------------------------------------------------------------------------------------------------------------------------------------<br />
#!/bin/bash<br />
<br />
activevm="$1"<br />
targetpath=/home/kvm<br />
remote=edouard<br />
localvmsource=$(virsh dumpxml $activevm | grep 'source dev=' | cut -d "'" -f2)<br />
remotevmd=$(ssh root@$remote "virsh dumpxml $activevm | grep 'source dev=' ")<br />
remotevmdest=$(echo "$remotevmd" | grep 'source dev=' | cut -d "'" -f2)<br />
<br />
lvmsize=$(lvs | sed -n "/$activevm/s/ \+/ /gp" | head -n1 | cut -f 5 -d ' ' | sed -e 's/,/./g' -e 's/.$//' | awk '{print int($1+0.5)}')G<br />
VMActive=$(virsh list | grep $1 | wc -l)<br />
<br />
echo "Sauvegarde de $activevm, localvmsource=$localvmsourc$localvmsource, lvmsize=$lvmsize, VMActive=$VMActive"<br />
echo "sur $remote remotevmdest=$remotevmdest"<br />
<br />
if [ "$VMActive" -gt 0 ]<br />
then<br />
virsh shutdown $activevm<br />
<br />
while [ "$VMActive" -gt 0 ]<br />
do<br />
VMActive=$(virsh list | grep $1 | wc -l)<br />
echo "Waiting shutdown $activevm..."<br />
sleep 5<br />
done<br />
fi<br />
<br />
echo "copy de la vm......."<br />
echo "dd bs=4M if=$localvmsource | pv -s $lvmsize | dd of=$localvmsource.backup"<br />
dd bs=4M if=$localvmsource | pv -s $lvmsize | dd of=$localvmsource.backup<br />
<br />
echo "."<br />
echo "Restart VM : $activevm"<br />
virsh start $activevm<br />
<br />
echo "."<br />
echo "virsh list --all"<br />
virsh list --all<br />
<br />
echo "."<br />
echo "Copy lvm to bzip2..."<br />
echo "dd if=/dev/lvm-kvm/$activevm.backup | pv -s $lvmsize | bzip2 -cf | dd of=$targetpath/$activevm.bz2 conv=noerror"<br />
dd if=/dev/lvm-kvm/$activevm.backup | pv -s $lvmsize | bzip2 -cf | dd of=$targetpath/$activevm.bz2 conv=noerror<br />
<br />
echo "."<br />
if ping -c 1 $remote &> /dev/null # copy on remote if active/exist<br />
then<br />
echo "Copy sur $remote"<br />
echo "dd if=$localvmsource bs=512K | pv -s $lvmsize | ssh root@$remote 'dd bs=512K of=$remotevmdest' "<br />
sleep 2;<br />
dd if=$localvmsource bs=512K | pv -s $lvmsize | ssh root@$remote "dd bs=512K of=$remotevmdest"<br />
fi<br />
#--------------------------------------------------------------------------------------------------------------------------------------------<br />
<br />
# problème de perfs dans une VM KVM<br />
ethtool -K [interface] gro off tso off</vm>sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-46747758938271232442014-03-21T14:55:00.003+01:002014-12-10T06:20:05.887+01:00Apache secure ssl# see recent<br />
<a href="http://sadar-ssi.blogspot.fr/2014/11/debian-7-apache-2222-patch-proxy-ssh.html" target="_blank">http://sadar-ssi.blogspot.fr/2014/11/debian-7-apache-2222-patch-proxy-ssh.html</a><br />
<br />
# secure apache2 source https://www.argure.nl/index.php/forward-secrecy-in-apache-on-debian-wheezy-or-how-to-ace-the-ssltest-with-a-perfect-100/<br />
#-------------------------------------------------------------------------------------<br />
Once you’ve got your certificate installed (or while waiting for one), lets get to configuring apache2, starting with the default ssl configuration:<br />
# cd /etc/apache2<br />
# <b>nano mods-available/ssl.conf</b><br />
<br />
Find this line on line 60:<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5<br />
Replace it with:<br />
SSLCipherSuite AES256+EECDH:AES256+EDH:!aNULL<br />
<br />
Find this line on line 73:<br />
#SSLHonorCipherOrder On<br />
Uncomment it:<br />
SSLHonorCipherOrder On<br />
<br />
Find this line on line 78:<br />
SSLProtocol all<br />
Replace it with:<br />
SSLProtocol all -SSLv3<br />
<br />
If you plan to run multiple virtual hosts on the same IP address (for instance, hosting both example.tld and anotherexample.tld on the same ivp4), find this line on line 86:<br />
#SSLStrictSNIVHostCheck On<br />
And uncomment it:<br />
SSLStrictSNIVHostCheck On<br />
<br />
Next up, if you place files in /srv like I do, we need to allow access:<br />
# nano apache2.conf<br />
<br />
Find this block on line 170:<br />
#<directory srv=""><br />
# Options Indexes FollowSymLinks<br />
# AllowOverride None<br />
# Require all granted<br />
#</directory><br />
And uncomment it:<br />
<directory srv=""><br />
Options Indexes FollowSymLinks<br />
AllowOverride None<br />
Require all granted<br />
</directory><br />
<br />
By default apache2 sends inode info in the etag headers. This is a potential security flaw, so lets remove them:<br />
# <b>nano conf-available/etag.conf</b><br />
<br />
And add:<br />
FileETag MTime Size<br />
<br />
Next up, if your Certificate Authority uses intermediate certs, apache2 needs to know about them so they can be sent to the client. Some CA’s have a chain of intermediate certs, in which case you need to concatenate them in a single .pem file. You should not include the root CA, as this causes additional overhead and is useless, since those certificates should sit on the client machine.<br />
<br />
Some CA’s (like StartSSL), have also started offering certificates using the SHA-2 algorithm rather than SHA-1 which should be avoided. SHA-512 is ideal in my opinion, but SHA-256 is also good and is much more common. The alternatives like SHA-384 and SHA-224 are very rare.<br />
<br />
I personally use StartSSL with Class 2 validation and that is what will be assumed. Your certificate authority likely has a guide on where to find the intermediate certificates.<br />
<br />
#Get the intermediate certificate:<br />
<b>cd /etc/ssl/localcerts<br />
wget https://startssl.com/certs/class2/sha2/pem/sub.class2.server.sha2.ca.pem</b><br />
<br />
#Now lets include the intermediate certificate, along with some other configuration directives for mod_ssl.<br />
cd /etc/apache2<br />
<b>nano conf-available/ssl-custom.conf</b><br />
<br />
#Add the following line:<br />
SSLCertificateChainFile /etc/ssl/localcerts/sub.class2.server.sha2.ca.pem<br />
<br />
#apache2 now also supports OCSP stapling, which is a good thing since it reduces tcp overhead, and also protects the #client’s privacy as it doesn’t send requests to your CA, so lets add these lines as well:<br />
<br />
SSLUseStapling On<br />
SSLStaplingCache "shmcb:/cache/stapling_cache(128000)"<br />
<br />
(Note, OCSP stapling won’t actually work if your CA uses an intermediate certificate like with StartSSL, but it is a good idea to enable regardless as increased deployment will lead to further development of this method.)<br />
<br />
Earlier we patched apache2 and generated a custom DH pool, so let’s include that as well by adding:<br />
SSLDHParametersFile /etc/ssl/dh4096.pem<br />
<br />
Some browsers (*cough IE*) have not followed standards for a long time and keeps an SSL session open longer than is needed, which increases server load, so lets stop that behaviour by adding these lines:<br />
<br />
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0<br />
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown<br />
<br />
Finally, if you rewrite plain HTTP to HTTPS (and I recommend this, and is assumed later), you will want to send a HSTS header to clients. This tells a client to always use HTTPS for requests to your server, and not even try HTTP. This is faster for the client, and reduces load on your server somewhat. Do this by adding:<br />
<ifmodule mod_headers.c=""><br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
</ifmodule><br />
<br />
Close and save ssl-custom.conf. There are also some small security tweaks which are in apache2 but are disabled by default. Luckily, they are easily enabled:<br />
nano conf-available/security.conf<br />
<br />
First, take a look at this block, starting at line 55:<br />
#<directorymatch svn=""><br />
# Require all denied<br />
#</directorymatch><br />
<br />
If you use subversion to manage your websites, uncomment that block. I personally use git, so I uncommented it and changed ‘svn’ to ‘git’, resulting in:<br />
<directorymatch git=""><br />
Require all denied<br />
</directorymatch><br />
<br />
Next, find this line on line 64:<br />
#Header set X-Content-Type-Options: "nosniff"<br />
Uncomment it:<br />
Header set X-Content-Type-Options: "nosniff"<br />
<br />
And this line on line 71:<br />
#Header set X-Frame-Options: "sameorigin"<br />
Uncomment that one as well:<br />
Header set X-Frame-Options: "sameorigin"<br />
<br />
Lastly, this header was present in apache2.2 but was removed in 2.4 for a reason I don’t know about. It tells the XSS filter in modern browsers to completely block access to a page if it detects a cross site scripting attack. I personally like to add it:<br />
Header set X-XSS-Protection: "1; mode=block"<br />
<br />
#Close and save. Next, we will need to enable the modules<br />
<b>a2enmod ssl headers</b><br />
<br />
#And enable the configurations we just made:<br />
<b>a2enconf etag.conf ssl-custom.conf </b><br />
<br />
# proxy modules<br />
<b>a2enmod proxy_connect proxy_http proxy_html mod_auth_digest proxy_wstunnel.load rewrite.load xml2enc.load</b><br />
<br />
#Disable the ‘default’ site:<br />
<b>a2dissite 000-default</b><br />
<br />
Create dir for virtualhost<br />
<br />
mkdir -p /var/log/apache2/sadar /srv/sadar<br />
touch /var/log/apache2/sadar/access.log /var/log/apache2/sadar/error.log<br />
chown -R root:adm /var/log/apache2/sadar<br />
<br />
touch /srv/sadar/index.html <br />
chown -R www-data:www-data /srv/sadar<br />
<br />
Next up, lets make a configuration <br />
<br />
nano /etc/apache2/sites-available/sadar.conf<br />
<br />
#----------------------------------------------------------------------------- sadar.conf -------------------------------------<br />
<ifmodule mod_ssl.c=""><br />
<virtualhost _default_:80=""><br />
ServerName sadar<br />
ServerAdmin sadar@sadar-ssi.org<br />
Redirect permanent / https://sadar/<br />
HostnameLookups On<br />
</virtualhost><br />
<br />
<virtualhost _default_:443=""><br />
ServerName sadar<br />
ServerAdmin sadar@sadar-ssi.org<br />
ServerSignature off<br />
<br />
DocumentRoot /srv/sadar<br />
<br />
LogLevel info ssl:warn<br />
ErrorLog ${APACHE_LOG_DIR}/sadar/error.log<br />
CustomLog ${APACHE_LOG_DIR}/sadar/access.log combined<br />
<br />
SSLEngine on<br />
SSLproxyengine on<br />
SSLCertificateFile /etc/ssl/localcerts/sadar-certificate.crt<br />
SSLCertificateKeyFile /etc/ssl/localcerts/sadar-certificate.key<br />
SSLVerifyClient none<br />
<br />
<directory><br />
Options FollowSymLinks<br />
AllowOverride None<br />
</directory><br />
<br />
<directory sadar="" srv=""><br />
Options Indexes FollowSymLinks MultiViews<br />
AllowOverride None<br />
Order allow,deny<br />
allow from all<br />
</directory><br />
<br />
HostnameLookups On<br />
Proxyrequests On<br />
ProxyVia full<br />
<br />
AllowCONNECT 22<br />
<br />
<proxy><br />
Order deny,allow<br />
Deny from all<br />
</proxy><br />
<br />
<proxy my-host-ssh=""><br />
Order deny,allow<br />
Allow from all<br />
</proxy> <br />
<br />
</virtualhost><br />
</ifmodule><br />
<br />
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet<br />
<br />
#---------------------------------------------------------------------------- sadar.conf -------------------------------------<br />
<br />
# activate site<br />
a2ensite sadar<br />
<br />
#restart apache<br />
service apache2 restart<br />
<br />
# into ./ssh/config<br />
Host my-remote-ssh<br />
Hostname my-host-ssh<br />
Port 22<br />
DynamicForward *:11999<br />
IdentityFile ./private-keys/remote-ssh.ppk<br />
ProxyCommand proxytunnel -v -p my-local-proxy:80 --passfile=proxy/auth -r my-remote-proxy:443 -d %h:%p -H "User-Agent: Yaaaaaaaaa" -Xsadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-42344484170041944372014-03-04T14:02:00.002+01:002014-12-14T21:14:01.409+01:00virtualbox essentials commands# start vm<br />
VMName=template<br />
vboxheadless --startvm $VMName & sleep 2; tail -f $(cat .config/VirtualBox/VirtualBox.xml|grep "SystemProperties defaultMachineFolder"| cut -d'=' -f2 | cut -d' ' -f1 | sed -e 's/\"//g')/$VMName/Logs/VBox.log | ccze<br />
<br />
#poweroff vm<br />
VMName=template<br />
vboxmanage controlvm $VMName poweroff <br />
<br />
# list active vm<br />
vboxmanage list runningvms<br />
<br />
# list all vm<br />
vboxmanage list vms<br />
<br />
# change nic bridget to nat<br />
VMName=template<br />
vboxmanage modifyvm $VMName --nic1 nat ; vboxmanage showvminfo $VMName| grep -i nic<br />
vboxmanage controlvm $VMName nic1 nat ; vboxmanage showvminfo $VMName| grep -i nic<br />
<br />
# add port forwarding rule<br />
VMName=template<br />
vboxmanage modifyvm $VMName --natpf1 "ssh,tcp,127.0.0.1,2222,,22" ; vboxmanage showvminfo $VMName| grep -i nic<br />
vboxmanage controlvm $VMName natpf1 "ssh,tcp,127.0.0.1,2222,,22" ; vboxmanage showvminfo $VMName| grep -i nic<br />
<br />
#------ change UUID don't work !!! --------------------------------------------------------------<br />
# list hdd<br />
<span style="color: maroon;">vboxmanage list hdds</span> <br />
<br />
# show vm info<br />
vboxmanage showvminfo my-vm --details <br />
<br />
# show hd info<br />
vboxmanage showhdinfo /path-to-vm/my-vm.vdi<br />
<br />
# detach controler<br />
vboxmanage storageattach my-vm --storagectl "SATA" --port 0 --device 0 --medium none<br />
<br />
#close medim disk<br />
vboxmanage closemedium disk /path-to-vm/my-vm.vdi<br />
<br />
# reattach the disk<br />
vboxmanage storageattach my-vm --storagectl "SATA" --port 0 --device 0 --type hdd --medium /path-to-vm/my-vm.vdi<br />
<br />
VMName=my-vm<br />
VMNameDiskPath=/path-to-vm/disk.vdi<br />
vboxmanage storageattach $VMName --storagectl "SATA" --port 0 --device 0 --medium none<br />
vboxmanage closemedium disk $VMNameDiskPath<br />
vboxmanage storageattach $VMName --storagectl "SATA" --port 0 --device 0 --type hdd --medium $VMNameDiskPath<br />
<br />
# <b>Nat forwarding tunnelling dynamic port</b><br />
#----------------------------------------- ./.ssh/config<br />
Host *<br />
ForwardX11 yes<br />
KeepAlive yes<br />
ServerAliveInterval 15<br />
ServerAliveCountMax 3<br />
<br />
Host homvdsk<br />
Hostname myhostname.com<br />
Port 443<br />
ProxyCommand /usr/bin/corkscrew myproxy 80 %h %p ~/.ssh/auth<br />
DynamicForward <b>*:10998</b><br />
<br />
<br />
vboxmanage controlvm $VMName natpf1 "proxy,tcp,,10999,,10998" ; vboxmanage showvminfo $VMName| grep -i nic<br />
<br />
<br />
# delete port forwarding rule<br />
VMName=template<br />
vboxmanage modifyvm $VMName --natpf1 delete ssh ; vboxmanage showvminfo $VMName| grep -i nic<br />
vboxmanage controlvm $VMName natpf1 delete ssh ; vboxmanage showvminfo $VMName| grep -i nic<br />
<br />
# clone vm <br />
VMSource=template<br />
VMTarget=clonedvm<br />
vboxmanage clonevm $VMSource --name $VMTarget --register --mode all ; vboxmanage list vms<br />
<br />
# delete vm (all files)<br />
VMName=template<br />
vboxmanage unregistervm $VMName --delete<br />
<br />
# use lvm volume<br />
VBoxManage internalcommands createrawvmdk -filename /path/to/file.vmdk -rawdisk /dev/volumegroup/logicalvolume<br />
<br />sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-44591293363562746482014-01-31T17:10:00.000+01:002014-01-31T17:11:00.964+01:00NFS export & error read-only error on client# For example /etc/export<br />
<br />
/mnt/vol01 192.168.1.0/24(ro,sync,no_subtree_check)<br />
/mnt/vol01/dir1 192.168.1.0/24(ro,sync,no_subtree_check)<br />
<br />
/mnt/vol01/inet/btorrent 192.168.1.0/24(rw,sync,no_subtree_check,all_squash)<br />
/mnt/vol01/dir1/dir2 torrenthost(rw,sync,no_subtree_check,all_squash)<br />
<br />
# mount torrenthost <br />
mount -t nfs nfsserver:/mnt/vol01/inet/btorrent /mnt/share.nfs/btorrent<br />
mount -t nfs nfsserver:/mnt/vol01/dir1/dir2 /mnt/share.nfs/dir2<br />
<br />
touch /mnt/share.nfs/dir2/xx --> read-only...;-//<br />
<br />
# Change /etc/export<br />
/mnt/vol01 192.168.1.0/24(ro,sync,no_subtree_check,fsid=0)<br />
/mnt/vol01/dir1 192.168.1.0/24(ro,sync,no_subtree_check,fsid=1)<br />
<br />
/mnt/vol01/inet/btorrent 192.168.1.0/24(rw,sync,no_subtree_check,all_squash,fsid=2)<br />
/mnt/vol01/dir1/dir2 torrenthost(rw,sync,no_subtree_check,all_squash,fsid=3)<br />
<br />
et voilà !!!sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-85597041332987022112014-01-28T22:44:00.000+01:002014-01-29T14:38:53.176+01:00perl CPAN#cpan prerequis<br />
aptitude install build-essential libterm-readline-gnu-perl<br />
<br />
#cpan mini<br />
cpan install Bundle::CPAN<br />
<br />
#Install all dependencies<br />
<br />
o conf prerequisites_policy follow<br />
o conf commit<br />
<br />
sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-55023124005158510962014-01-21T22:18:00.001+01:002019-10-01T11:12:21.254+02:00ssh tunneling, rebond, proxytunnel, reverse proxy, rdp tunneling# ssh over https via proxy see<br />
<a href="http://sadar-ssi.blogspot.fr/2014/11/debian-7-apache-2222-patch-proxy-ssh.html" target="_blank">http://sadar-ssi.blogspot.fr/2014/11/debian-7-apache-2222-patch-proxy-ssh.html</a><br />
<br />
# <b>accès ssh via proxy http sortant proxy https entrant (merci https !! ;-))</b><br />
# <b>ssh access through </b><b>outcoming </b><b>http proxy --> incoming https proxy (Thx https !! ;-))</b><br />
<br />
export PrxyServ=name or ip server proxy<br />
export PrxyPort =port server http<br />
<br />
ssh user@targetsrv -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=remote-proxy-server-address:443 --dest=%h:%p -X'<br />
<br />
# <b>accès RDP via un tunnel ssh par un proxy http sortant et proxy https entrant</b><br />
<b># ssh tunnel RDP </b><b>through </b><b>outcoming </b><b>http proxy --> incoming https proxy </b><br />
<b><br /></b>
<span style="background-color: white; font-family: "Trebuchet MS", Verdana, Arial, Helvetica, sans-serif; font-size: 13.3333px;">ssh -v -NL 2222:localhost:2222 user@linuxserver -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=</span>remote-proxy-server-address<span style="background-color: white; font-family: "Trebuchet MS", Verdana, Arial, Helvetica, sans-serif; font-size: 13.3333px;">:443 --dest=%h:%p -X' 'ssh -v -fNL 2222:@ip_windows:3389 </span><span style="background-color: white; font-family: "Trebuchet MS", Verdana, Arial, Helvetica, sans-serif; font-size: 13.3333px;">linuxserver</span><span style="background-color: white; font-family: "Trebuchet MS", Verdana, Arial, Helvetica, sans-serif; font-size: 13.3333px;">'</span><br />
<span style="background-color: white; font-family: "Trebuchet MS", Verdana, Arial, Helvetica, sans-serif; font-size: 13.3333px;"><br /></span>
# Depuis une ligne de commande windows<br />
mstsc /span /admin /noconsentprompt /v:localhost:2222<br />
<div>
<br /></div>
<div>
# et hop !</div>
<br />
# <b>X11 forwarding via un tunnel ssh, proxy http sortant et proxy https entrant </b><br />
# <b>X11 forwarding </b><b>through ssh tunneling</b><b> </b><b>outcoming </b><b>http proxy --> incoming https proxy </b><br />
<br />
# set env<br />
<br />
export DISPLAY=localhost:0.0<br />
export PrxyServ=name or ip server proxy<br />
export PrxyPort =port server http<br />
<br />
ssh -Y user@targetsrv -o 'ProxyCommand=proxytunnel -z --proxy=$PrxyServ:$PrxyPort --remproxy=remote-proxy-server-address:443 --dest=%h:%p -X'<br />
<br />
#<br />
#-------------------------------- VNC ----------------------------------------------------------------<br />
# installer le serveur vnc (celui qui fonctionne hein !)<br />
<br />
aptitude install x11vnc<br />
<br />
# si le serveur X11vnc n'est pas lancé en tant que deamon, il faudra au préalable se connecter sur le serveur en ssh pour <br />
# 1 - voir les process qui fonctionnent pour récupérer les paramètres derrière le <b>"-auth"</b><br />
<br />
ps wwwwaux | grep -v grep | grep auth<br />
<br />
root 1167 0.4 2.2 358532 69440 tty7 Ssl+ août27 6:02 /usr/bin/X -core :0 -seat seat0 <b>-auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch</b><br />
loli 2310 0.0 0.4 341996 12764 ? Sl août27 0:00 /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1<br />
<br />
<br />
<br />
# 2- puis sur le poste distant, lancer le process x11vnc avec les paramètres suivants<br />
<br />
x11vnc -geometry 1024x768 -ncache 10 -localhost -display :0 -auth /var/run/lightdm/root/:0 -o /var/log/x11vnc.log -repeat -norc -forever -shared<br />
<br />
<br />
# puis établir (si ce n'est fait) via une connexion <br />
<br />
ssh -N -C -L 5900:pc-vnc:5900 mysrv<br />
<br />
# depuis la vm lancer<br />
vncviewer 127.0.0.1:5900<br />
<br />
#-------------------------------- rsync via proxy socks ----------------------------------------------<br />
# 1) établir la connexion vers le serveur distant en montant un port dynamique...<br />
<br />
ssh -D*:10998 jessievdsk<br />
<br />
# 2) <br />
rsync --ignore-errors --force --human-readable --progress --partial --bwlimit=80 -hav /mnt/share/jessie -e "ssh -o 'ProxyCommand nc -x localhost:10998 rmtsrv 22'" root@rmtsvr:/mnt/vol3To/virtualbox/disk/jessie<br />
<br />
#-----------------------------------------------------------------------------------------------------<br />
# Authentification par clef publique / clef privé <br />
# dans /etc/ssh/sshd_config<br />
# vérifier les valeurs suivantes PubkeyAuthentication yes et RSAAuthentication yes<br />
# et changer PasswordAuthentication yes par PasswordAuthentication no<br />
<br />
#change hostname<br />
nano /etc/hostname<br />
<br />
#change hostname <br />
hostname -F /etc/hostname<br />
<br />
# How to generate new host keys on an existing server (duplicate a vm for example)<br />
rm -rf /etc/ssh/ssh_host_*<br />
ssh-keygen -A<br />
dpkg-reconfigure openssh-server<br />
service ssh restart<br />
<br />
#To change the passphrase on your default DSA key:<br />
ssh-keygen -p -f /root/olwen/private.04.ppk<br />
<br />
<br />
#-------------------------------- Flush DNS W7 -------------------------------------------------------<br />
<br />
# Flush DNS W7<br />
ipconfig /flushdnssadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-30853098539231141802014-01-18T21:28:00.000+01:002014-01-18T21:28:53.425+01:00idle3-toolsaptitude install idle3-tools smartmontools gsmartcontrol<br />
<br />
#consultation<br />
idle3ctl -d /dev/sda /dev/sdb<br />
<br />
#disable timer <br />
idle3ctl -g /dev/sda /dev/sdb<br />
<br />
sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-60752321467961184342014-01-18T21:17:00.000+01:002016-03-15T21:45:14.336+01:00KVM / libvirt# verifier si processur compatible...<br />
egrep -c '(vmx|svm)' /proc/cpuinfo<br />
<br />
# installer les packages coté serveur<br />
aptitude install kvm qemu-kvm libvirt-bin virtinst colord bridge-utils virt-manager<br />
<br />
#---creating bridge https://wiki.debian.org/BridgeNetworkConnections<br />
<br />
#First step to creating the bridge network<br />
brctl addbr br0<br />
<br />
# The name br0 is totally up to you, this is just an example name that I’ve chosen for the wiki article. <br />
# Anyway, now that you have your bridge device, you have to add the interfaces that are gonna be bridged. You # can cross-check the enumeration of your ethernet devices with (eth0, eth1, etc. is common): <br />
<br />
ip addr show<br />
<br />
#Add both the interface with the second computer, and the interface that leads to the existing network. Do it #with this command:<br />
<br />
brctl addif br0 eth0 <br />
<br />
# Configuring bridging in /etc/network/interfaces<br />
# The loopback network interface<br />
<br />
auto lo<br />
iface lo inet loopback<br />
<br />
auto br0<br />
iface br0 inet static<br />
<br />
bridge_ports eth0<br />
address 192.168.1.3<br />
netmask 255.255.255.0<br />
gateway 192.168.1.254<br />
<br />
dns-nameservers 192.168.1.1<br />
dns-search home.lan<br />
<br />
bridge_fd 9<br />
bridge_hello 2<br />
bridge_maxage 12<br />
bridge_stp off<br />
<br />
#------------------------------------------------------<br />
# create bridge <br />
#!/bin/bash<br />#----------<br /><br />cd /etc/libvirt/qemu/networks<br /><br />echo '<network>' > /etc/libvirt/qemu/networks/bridge.xml<br />echo ' <name>bridge</name>' >> /etc/libvirt/qemu/networks/bridge.xml<br />echo ' <forward mode="bridge">' >> /etc/libvirt/qemu/networks/bridge.xml<br />echo ' <bridge name="br0">' >> /etc/libvirt/qemu/networks/bridge.xml<br />echo '</bridge></forward></network>' >> /etc/libvirt/qemu/networks/bridge.xml<br /><br />virsh net-define bridge.xml<br /><br />systemctl restart libvirtd.service; systemctl status libvirtd.service<br /><br /><br />
<br />
#pol-edit defaut<br />
nano -w /etc/libvirt/storage/default.xml <br />
service libvirt-bin restart<br />
<br />
#Changing the libvirt-guests service parameters to allow for the graceful shutdown of guests<br />
# source https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/sect-gracefully-shut-down-guests-libvirt.html<br />
<br />
nano /etc/default/libvirt-guests<br />
# Number of seconds we're willing to wait for a guest to shut down. If parallel<br />
# shutdown is enabled, this timeout applies as a timeout for shutting down all<br />
# guests on a single URI defined in the variable URIS. If this is 0, then there<br />
# is no time out (use with caution, as guests might not respond to a shutdown<br />
# request). The default value is 300 seconds (5 minutes).<br />
SHUTDOWN_TIMEOUT=45<br />
<br />
#ou<br />
#howto fix default storage pool location for virt-manager (and libvirt)<br />
<br />
virsh<br />
<br />
pool-destroy default<br />
pool-undefine default<br />
pool-define-as --name default --type dir --target /storage/local/images <br />
pool-autostart default<br />
pool-build default<br />
pool-start default<br />
pool-destroy local<br />
pool-undefine local<br />
pool-define-as --name local-iso --type dir --target /storage/local/iso <br />
pool-autostart local-iso<br />
pool-build local-iso<br />
pool-start local-iso<br />
quit<br />
<br />
<br />
#virsh editor (bashrc)<br />
EDITOR=/usr/bin/nano<br />
export EDITOR<br />
<br />
<br />
http://wiki.deimos.fr/KVM_:_Mise_en_place_de_KVM#System_performances<br />
/etc/rc.local<br />
# KSM<br />
echo 1 > /sys/kernel/mm/ksm/run<br />
<br />
/etc/sysctl.conf<br />
# Swapiness<br />
vm.swappiness = 0<br />
<br />
#For security and performances issues, you should disable ipv6 <br />
#on bridged interfaces by adding those 3 lines :<br />
net.bridge.bridge-nf-call-ip6tables = 0<br />
net.bridge.bridge-nf-call-iptables = 0<br />
net.bridge.bridge-nf-call-arptables = 0<br />
<br />
#If you want to always enable VirtIO, to get maximum performances, load those modules :<br />
/etc/modules<br />
virtio_blk<br />
virtio_pci<br />
virtio_net<br />
<br />
#provisionner une VM debian<br />
iso=/path-to-iso/debian-7.3.0-amd64-netinst.iso<br />
path=/mnt/vol1To/vm<br />
name=testing<br />
virt-install --ram=256 --name=$name --disk path=$path/$name/$name.img,bus=virtio,size=4 --cdrom=$iso --hvm --vnc --noautoconsole --accelerate --network=bridge:br0,model=virtio<br />
<br />
# Detacher l'image ISO<br />
<br />
<br />
#provisionner W7<br />
iso=/mnt/leonard/vol3To/08000.distrib/zz_os.softs/msw/Microsoft/PlateForms/Windows.7/distrib/W7.Ultimate.64.sp1.iso<br />
<br />
virt-install --ram=2024 --name=W7 --disk path=/mnt/vm/kvm/W7/W7.img,bus=virtio,size=4 -cdrom=$iso --hvm --vnc --noautoconsole --os-type windows --os-variant win7 --accelerate<br />
<br />
#cloner une VM<br />
virt-clone --original=testing --auto-clone<br />
<br />
#voir les VM<br />
virsh list --all<br />
<br />
#répertoire contenant les confs<br />
/etc/libvirt/qemu<br />
<br />
# problème de perf dans une VM...<br />
ethtool -K [interface] gro off tso off<br />
<br />
LVM KVM to Virtualbox<br />
#----------------------------------------------------------------<br />
<pre><code>dd if=/dev/Volume01/Disk of=/tmp/image.raw
qemu-img convert -O vdi /tmp/image.raw test.vdi
rm /tmp/image.raw</code></pre>
<pre><code>#--------------------- </code></pre>
sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-17258887417820178732014-01-18T21:16:00.005+01:002014-01-18T21:16:52.475+01:00keyboardsetxkbmap fr<br />
<br />
kbdrate -r 30 -d 250sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-58624152286976287252013-12-21T00:33:00.001+01:002014-03-04T15:08:57.111+01:00create usb bootaptitude install mbr dosfstools mtools syslinux-common<br />
<br />
<a href="http://www.cbp.ens-lyon.fr/emmanuel.quemener/dokuwiki/doku.php?id=wheezy4usb"></a><br />
<a href="http://unix.stackexchange.com/questions/25401/how-to-create-a-bootable-usb-stick-with-debian-squeeze"></a><br />
<br />
# Pour la version 64 bits<br />
wget http://ftp.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/hd-media/boot.img.gz<br />
# Pour la version 32 bits<br />
wget http://ftp.debian.org/debian/dists/wheezy/main/installer-i386/current/images/hd-media/boot.img.gz<br />
<br />
Décompresser là :<br />
<br />
gunzip boot.img.gz<br />
<br />
Insérer la clé USB destinataire :<br />
<br />
veiller à ce qu'elle ne se monte pas automatiquement et la démonter au besoin<br />
repérer le périphérique, par exemple /dev/sdb<br />
<br />
Copier bit à bit le bootstrap sur la clé :<br />
<br />
dd if=boot.img of=/dev/sdb bs=512<br />
<br />
Récupérer la signature MD5 de la clé et du bootstrap pour vérifier :<br />
<br />
md5sum /dev/sdb<br />
md5sum boot.img<br />
<br />
Monter la clé :<br />
<br />
mkdir /tmp/USB<br />
sudo mount /dev/sdb /tmp/USB<br />
<br />
Récupérer l'image NetInst en amd64 ou en i386de la Debian<br />
<br />
# pour architecture 64 bits<br />
wget http://cdimage.debian.org/debian-cd/7.1.0/amd64/iso-cd/debian-7.1.0-amd64-netinst.iso<br />
# pour architecture 32 bits<br />
wget http://cdimage.debian.org/debian-cd/7.1.0/i386/iso-cd/debian-7.1.0-i386-netinst.iso<br />
<br />
La copier sur la clé :<br />
<br />
# pour architecture 64 bits<br />
sudo cp debian-7.1.0-amd64-netinst.iso /tmp/USB<br />
# pour architecture 32 bits<br />
sudo cp debian-7.1.0-i386-netinst.iso /tmp/USB<br />
<br />
Installer les pilotes non libres BNX2 et BNX2X :<br />
<br />
sudo apt-get install firmware-bnx2x firmware-bnx2<br />
<br />
Copier les pilotes sur la clé USB :<br />
<br />
sudo cp /lib/firmware/bnx* /tmp/USB<br />
<br />
Démonter la clé : tout est prêt pour l'installation :<br />
<br />
sudo umount /tmp/USB<br />
<br />
<br />
sinon voir l'excellent outil easy2boot (fin de la prise de tête :-)) tuto sur http://www.lecadelo.fr/easy2boot-une-trousse-a-outils-de-poche/sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-46473518527837421252013-10-10T12:51:00.000+02:002013-10-10T12:52:28.276+02:00Excel 2003 VBA Project lost passwordThere is another (somewhat easier) solution, without the size problems. I used this approach today (on a 2003 XLS file, using Excel 2007) and was successful.<br />
<br />
Backup the xls file<br />
Using a HEX editor, locate the DPB=... part<br />
Change the DPB=... string to DPx=...<br />
Open the xls file in Excel<br />
Open the VBA editor (ALT+F11)<br />
the magic: Excel discovers an invalid key (DPx) and asks whether you want to continue loading the project (basically ignoring the protection)<br />
You will be able to overwrite the password, so change it to something you can remember<br />
Save the xls file*<br />
Close and reopen the document and work your VBA magic!<br />
<br />
*NOTE: Be sure that you have changed the password to a new value, otherwise the next time you open the spreadsheet Excel will report errors (Unexpected Error), then when you access the list of VBA modules you will now see the names of the source modules but receive another error when trying to open forms/code/etc. To remedy this, go back to the VBA Project Properties and set the password to a new value. Save and re-open the Excel document and you should be good to go!<br />
<br />
<br />
source : <a href="http://stackoverflow.com/questions/1026483/is-there-a-way-to-crack-the-password-on-an-excel-vba-project" target="_blank">http://stackoverflow.com/questions/1026483/is-there-a-way-to-crack-the-password-on-an-excel-vba-project</a>sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-67716398266029567822013-09-20T17:58:00.003+02:002013-09-20T17:58:57.679+02:00X11 Forwarding Fails When IPv6 is Disabled [Resolved] So, I put the following lines in remote host’s /etc/ssh/sshd_config file.<br />
<br />
$ cat /etc/ssh/sshd_config<br />
<br />
………………………………<br />
<br />
# Workaround to have X forwarding work when ipv6 is disabled<br />
# http://ubuntuforums.org/showthread.php?t=1649657<br />
AddressFamily inetsadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-12695954301482530132013-09-15T20:23:00.000+02:002013-09-15T20:23:07.747+02:00howto fix default storage pool location for virt-manager (and libvirt)/usr/bin/virt-manager<br />
<br />
pool-destroy default<br />
pool-undefine default<br />
pool-define-as --name default --type dir --target /storage/local/images <br />
pool-autostart default<br />
pool-build default<br />
pool-start default<br />
pool-destroy local<br />
pool-undefine local<br />
pool-define-as --name local-iso --type dir --target /storage/local/iso <br />
pool-autostart local-iso<br />
pool-build local-iso<br />
pool-start local-iso<br />
quitsadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0tag:blogger.com,1999:blog-4927772676177811048.post-62611595912306166922013-09-15T11:21:00.002+02:002013-09-15T11:21:15.351+02:00Cygwin: bash HereWindows Registry Editor Version 5.00<br />
<br />
[HKEY_CLASSES_ROOT\Directory\Background\shell\cmd\command]<br />
@="c:\\cygwin\\bin\\bash.exe --login -i -c \"cd \\\"`cygpath -u '%V'`\\\";bash\""<br />
<br />
[HKEY_CLASSES_ROOT\Directory\shell\cmd\command]<br />
@="c:\\cygwin\\bin\\bash.exe --login -i -c \"cd \\\"`cygpath -u '%V'`\\\";bash\""<br />
<br />
For those of you who like regedit, here’s the same thing unescaped:<br />
<br />
HKEY_CLASSES_ROOT\Directory\Background\shell\cmd\command<br />
c:\cygwin\bin\bash.exe --login -i -c "cd \"`cygpath -u '%V'`\";bash"<br />
<br />
HKEY_CLASSES_ROOT\Directory\shell\cmd\command<br />
c:\cygwin\bin\bash.exe --login -i -c "cd \"`cygpath -u '%V'`\";bash"<br />
<br />
sadar.ssihttp://www.blogger.com/profile/06291138318975211217noreply@blogger.com0