Tuesday 11 March 2014

Replace VI with VIM on Debian 7

Make sure you can access internet before attempting this.
  • Open the terminal
  • apt-get install vim
  • sudo vi /etc/vim/vimrc
Uncomment the "syntax on" line to enable color coding that vim comes with. This will replace vi with vim, if you edit a file with say "vi .bashrc" it should show you color coded text instead of just black and white.

Thursday 20 February 2014

Configuring and Deploying DNS servers (primary, secondary, root and cache on centos 6.5) - Part 3 - Root and Cache

Configuration on Root DNS Server:

The root zone maintains information regarding top-level domains. Root-zone servers for internet top-level domains are already deployed. With this you can create your own internet naming scheme, which is usually done in intranets who have their own top-level domains
  • Install bind packages
    • yum install bind bind-utils bind-chroot bind-libs
  • Edit named.conf
    • vi /etc/named.conf
listen-on port 53 { 192.168.12.4; }; //change this to your ip address
*remove the allow-query line
*optional remove recursion line

 zone "." IN {
        type master;
        file "root.net";
      };



  • Create and edit root.net
    • vi /var/named/root.net
 $TTL 86400
@    IN    SOA    root.msm.net.    admin.root.msm.net. (
            535 ; serial
            3H ; refresh
            15M ; retry
            1W ; expiry
            1D ) ; minimum
@                IN    NS    root.msm.net.
root.msm.net.    999999        IN    A    192.168.12.4 //root servers ip and fqdn
msm.net.            IN    NS    ns.msm.net. //primary server's fqdn and zone name
12.168.192.in-addr.arpa        IN    NS     ns.msm.net. // reverse zone named and fqdn of primary dns server
ns.msm.net.            IN    A    192.168.12.2 //fqdn and ip of primary dns server, you can also add similar entries for secondary dns below



  • Open Firwalls
    • iptables -I INPUT -p tcp --dport 53 -j ACCEPT
    • iptables -I INPUT -p udp --dport 53 -j ACCEPT 
  •  edit resolv.conf
    • vi /etc/resolv.conf
search msm.net
nameserver 192.168.12.4 //resolve to its own ip address just to check if server is functioning



  • Start named daemon
    • service named start
  • Query some records that are stored in primary server's database
    • nslookup
      • cache.msm.net 

 Configuration on Cache DNS server:

when DNS(bind named) is installed, by default it configures the machine as a caching server. All we have to do is change the file-name in named.conf and create a file accordingly to point towards our own root DNS server.

  • Install bind packages
    • yum install bind bind-utils bind-chroot bind-libs 
  •  Edit named.conf
    • vi /etc/named.conf

listen-on port 53 { 192.168.12.5; }; //change this to your ip address
*Remove the allow-query line
*Remove dnssec-lookaside auto;
*DON'T remove the recursion line. Of all the servers, this is the only one that must do recursion

 zone "." IN {
        type hint;
        file "file.ca";
      };


*Remove include "/etc/named.root.key";

  • Create and edit file.ca
    • vi /var/named/file.ca
  .        999999    IN    NS    root.msm.net. \\fqdn of root dns server
root.msm.net.    999999        A    192.168.12.4 \\fqdn and ip address of root dns server


  • Open Firwalls
    • iptables -I INPUT -p tcp --dport 53 -j ACCEPT
    • iptables -I INPUT -p udp --dport 53 -j ACCEPT 
  •  edit resolv.conf
    • vi /etc/resolv.conf
search msm.net
nameserver 192.168.12.5 //resolve to its own ip address


  • Start named daemon
    • service named start
  • Query some records that are stored in primary server's database
    • nslookup
      • cache.msm.net
 If this is successful then change the /etc/resolv.conf in all the DNS servers to point to caching server IP address to reduce the load on Primary/Secondary and distribute it towards cache.

Prefer a Video Walkthrough?



Check this wiki page for more information on what's being done
http://en.wikipedia.org/wiki/Alternative_DNS_root

 That's all folks.
 Enjoy.

Wednesday 5 February 2014

How to install Avidemux on Centos6

  • Create and edit /etc/yum.repos.d/naulinux-school.repo
add these lines

[naulinux-school]
name=NauLinux School
baseurl=http://downloads.naulinux.ru/pub/NauLinux/6.2/$basearch/sites/School/RPMS/
enabled=0
gpgcheck=1
gpgkey=http://downloads.naulinux.ru/pub/NauLinux/RPM-GPG-KEY-linux-ink


  • Run this command and it will install it
    • yum --enablerepo=naulinux-school install avidemux
ENJOY! 


SOURCE:
https://www.centos.org/forums/viewtopic.php?f=13&t=2491&sid=53e0d3877a6af3ea5f267d2754098cbf&start=10

Tuesday 4 February 2014

Configuring and Deploying DNS servers (primary, secondary, root and cache on centos 6.5) - Part 2 - Secondary DNS

This walk-through assumes that you have initial deployment of Primary DNS server. Look at my previous post for that.

Configuration on Primary DNS server:

  • edit /etc/named.conf
add the allow transfer statement in your zone declaration(both forward and reverse)

 zone "msm.net" {
        type master;
        file "msm.net.db";
        allow-transfer { 192.168.12.3; };
};

zone "12.168.192.in-addr.arpa" {
        type master;
        file "msm.net.rev.db";
        allow-transfer { 192.168.12.3; };
};

  •  Allow firewall to communicate on tcp/udp port 53
    • iptables -I INPUT -p tcp --dport 53 -j ACCEPT
    • iptables -I INPUT -p udp --dport 53 -j ACCEPT
  • Restart the named deamon
    • service named restart

Configuration on Secondary DNS server:

Make sure you have internet access.
  • Install Bind packages
    • yum install bind bind-utils bind-chroot bind-libs
  • edit /etc/named.conf
 listen-on port 53 { 192.168.12.3; }; //Ip address of the machine
*Remove the allow-query line
*Optional: remove recursion statement and the "." zone to disable recursion and caching.

 zone "msm.net" { //your forward zone statement, same as primary
        type slave; //slave sets this server as slave
        file "msm.net.db"; //the file name that you created in primary
        masters { 192.168.12.2; }; //this is telling the server that this ip is my primary dns's ip
        allow-transfer { none; };
};

zone "12.168.192.in-addr.arpa" { //reverse lookup zone statement, same as primary
        type slave; //this sets this server as a slave of this reverse zone
        file "msm.net.rev.db";  //the file name that you created in primary for reverse  zone
        masters { 192.168.12.2; }; //primary server's ip address
        allow-transfer { none; };
};




  • Add exception in SELINUX
    •  setsebool -P named_write_master_zones 1
  • make name the owner of /var/named directory
    • chown named:named /var/named
  • Start the named daemon
    • service named start
  • Check logs if everything went well. It should say zone loaded and file transfered
    • tail -30 /var/log/messages
 named[21296]: transfer of 'msm.net/IN' from 192.168.12.2#53: Transfer completed: 1 messages, 7 records, 206 bytes, 0.001 secs (206000 bytes/sec)


If everything went fine then you should see your zone files under /var/named automatically transferred by starting the named daemon, this transfer of file is called a zone transfer.

Prefer a video walk-through? have a look...

Sunday 2 February 2014

Configuring and Deploying DNS servers (primary, secondary, root and cache on centos 6.5) - Part 1 - Primary DNS

Make sure you have connection to the internet before you attempt this.

  • Install BIND packages that provides DNS service
    •  yum install bind bind-utils bind-chroot bind-libs
  • Edit the main file /etc/named.conf

listen-on port 53 { 192.168.12.2; }; //change this to your ip address
*Remove the allow-query line
zone "msm.net" IN { //chnage msm.net to your zone
        type master;
        file "msm.net.db"; //you can name it anything
};

zone "12.168.192.in-addr.arpa" IN { //this is for reverse lookup the zone will be                                                       //different for different ip address
        type master;
        file "12.168.192.rev.zone.db";
};


*Optional: remove the "." zone to disable caching.

  • Now create the "msm.net.db" file in /var/named and edit it (forward lookup)
    • vi 'msm.net.db'
$TTL 86400
@       IN   SOA  ns.msm.net.   nameserver.ns.msm.net. (
                        535 ; serial
                        3H ; refresh
                        15M ; retry
                        1W ; expiry
                        1D ) ; minimum
@                       IN      NS    ns.msm.net. //change this to match your domain
ns                      IN      A       192.168.12.2 //these are the dns records
slave                   IN      A       192.168.12.3
root                    IN      A       192.168.12.4
cache                   IN      A       192.168.12.5


  •  Now create "12.168.192.rev.zone.db" and edit it
    • vi '12.168.192.rev.zone.db'
 $TTL 86400
@       IN   SOA  ns.msm.net.   nameserver.ns.msm.net. (
                        2009092300 ; serial
                        2880 ; refresh
                        14400 ; retry
                        3600000 ; expiry
                        86400  ; minimum

);

//change the values according to your records and domain name
@               IN      NS    ns.msm.net.
2               IN      PTR     ns.msm.net.
3               IN      PTR     slave.msm.net.
4               IN      PTR     root.msm.net.
5               IN      PTR     cache.msm.net.



  • Open the firewall ports
    • iptables -I INPUT -p tcp --dport 53 -j ACCEPT
    • iptables -I INPUT -p udp --dport 53 -j ACCEPT
  •  Start the named daemon
    • service named start
 *NOTE: if you get this error "Generating /etc/rndc.key:" then try to open another ssh window and give some user input, try issuing some command while it is saying this error, or open the VM GUI and open the web browser. Comment if you could not resolve this error.


  • check logs if your server started properly
    • tail -30 /var/log/messages
  • Edit /etc/resolve.conf to tell the system to resolve DNS queries locally through our newly created primary server
    • vi /etc/resolve.conf
search msm.net
nameserver 192.168.12.2


  • check your deployment using nslookup
    • nslookup
      • ns.msm.net
      • 192.168.12.2
Let me know in the comments if there are any issues. 

Prefer a video walk-through?
Here is a video I made of my deployment.




Wednesday 29 January 2014

Create isolated network on Virtual Machine Manager - Centos 6.5

Since most of the Linux administration practice is done in a virtual environment, I thought I should create a video about it, as I am aware that some students at my college struggle with it in their labs. Please let me know if I missed anything or did not explain anything clearly.

Thanks,




Saturday 11 January 2014

ASUS RT N16 + OpenWRT + nodogsplash = WiFi Hotspot (For beginners)



 
1.                  Make sure you are directly connected to the router through a cable
·         Take an ethernet cable from your ASUS modem and plug it into your pc/laptop

2.                   Now access your modem by going into the browser and typing: 192.168.1.1
·         Go to administration tab and click on Firmware upgrade/update
NOTE: Please use internet explorer for all of these configurations. There are some issues reported in other browsers.
       
3.                   You will have to load a DD-WRT basic image first to load the openWRT image. You cannot directly load openWRT image for some reason I dont know of
4.                   Once the image is downloaded just click on browse on the ASUS firmware upgrade page and browse to the DDWRT image and upload it

5.                   router will restart and it will ask you to set a root username and password. Just set anything, you won't be using ddwrt for very long.

6.                   Now download the working openWRT image for RTN16 from here: http://downloads.openwrt.org/barrier_breaker/14.07/brcm47xx/mips74k/
·         Download the image named "openwrt-brcm47xx-mips74k-squashfs.trx"

7.                   Now access your routers website again: 192.168.1.1

8.                   Go to Administration -> Firmware Upgrade/Update

9.                   Browse to the squash.trx image and upload it. Router will restart by itself.

10.               OpenWRT does not come with the a Web User Interface, and using it is pretty much optional.
We will be installing a WEB UI just to make things easier.

11.               Open a command prompt sessions (cmd, can be opened by searching for cmd in start menu)

12.               type : telnet 192.168.1.1

13.               Now you should be connected to your router.

14.               Now take an ethernet cable from your Rogers modem and plug it into the WAN port at the back of your ASUS router(This should give your router internet access)

15.              Type these commands in the terminal
·         opkg update
·         opkg install luci
·         opkg upgrade libuci uci libc opkg busybox base-files dnsmasq libiptc dropbear mtd wl libgcc ppp wlc

16.              Now install NodogSplash
·         opkg install nodogsplash

17.              Configure uhtppd daemon to work on port 8080 (so you can access luci even when you are not authorized to go the internet)
·         vi /etc/config/uhttpd
·         replace line "list listen_http                       0.0.0.0:80" with "list listen_http 0.0.0.0:8080"

18.              Configure nodogsplash
·         There is a lot of options with nodogsplash, I did not change much except that I modified the redirect URL, so if the client gets the splash page and he/she authenticates, instead of going to the website they wanted to go, it will redirect them to the URL I want them to go, then they can server all the internet they want.
·         vi /etc/nodogsplash/nodogsplash.conf
·         you can change the value of "RedirectURL" to the website if you want to the redirection, otherwise leave it.
·         One thing you must do is add port 8080 to firewall rule. Look for "for administration from the GatewayInterface.  If not,  # comment these out."
·         add below port 443 this line "FirewallRule allow tcp port 8080"

19.              Start uhttpd and nodogsplash daemon
·         /etc/init.d/uhttpd enable
·         /etc/init.d/uhttpd start
·         /etc/init.d/nodogsplash enable
·         /etc/init.d/nodogsplash start

20.              Open your web browser and type "192.168.1.1:8080"

21.              Go to Network > WiFi and click on enable.

22.              Now if you connect through wifi you will get the default splash page that comes with nodogsplash. If you dont get it then restart the nodogsplash service by /etc/init.d/nodogsplash stop
            /etc/init.d/nodogsplash start

If you want to modify the splash page, which you most like would want to, then you can do so by vi /etc/nodogsplash/htdocs/splash.html
you can write your own html code there.
Let me know in the comments bar for any questions.
Enjoy!

My SOURCES:
http://www.youtube.com/watch?v=nw4bo4rXGgQ
https://projectfirewall4.wordpress.com/2012/02/01/installing-openwrt-firmware-on-asus-rt-n16-router/#comment-21
http://www.dd-wrt.com/wiki/index.php/Asus_RT-N16#How_to_restore_to_factory_firmware
http://wiki.openwrt.org/doc/howto/wireless.hotspot.nodogsplash
http://wiki.openwrt.org/doc/uci/uhttpd

Virtual Machine doesn't start, stuck at "PCI2.10 PnP PMM"

Another day another problem, I was setting up a lab environment, after creating a Virtual Machine using Virtual Machine Manager, My machine ...