CentOS 7.- Using FirewallD instead of IPtables ..changes, changes and more changes. 
Wednesday, July 30, 2014, 05:47 PM - - Linux Notes
Posted by Administrator

Presentation

Firewalld is the new userland interface in RHEL 7. It replaces the iptables interface and connects to the netfilter kernel code. It mainly improves the security rules management by allowing configuration changes without stopping the current connections.

To know if Firewalld is running, type:

# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Tue 2014-06-17 11:14:49 CEST; 5 days ago
   ...

or alternatively:

# firewall-cmd --state
running

Note: If Firewalld is not running, the command displays not running.

If you’ve got several network interfaces in IPv4, you will have to activate ip_forwarding.
To do that, paste the following line in the /etc/sysctl.conf file:

net.ipv4.ip_forward=1

Then, activate the configuration:

# sysctl -p

Although Firewalld is the RHEL 7 way to deal with firewalls and provides many improvements, iptables can still be used.

Zone management

Also, a new concept of zone appears : all network interfaces can be located in the same default zone or divided into different ones according to the levels of trust defined.

To get the default zone, type:

# firewall-cmd --get-default-zone
public

To get the list of zones where you’ve got network interfaces assigned to, type:

# firewall-cmd --get-active-zones
public
interfaces: eth0

To get the list of all the available zones, type:

# firewall-cmd --get-zones
block dmz drop external home internal public trusted work

To get all the details about the public zone, type:

# firewall-cmd --zone=public --list-all
public (default, active)
  interfaces: eth0
  sources: 
  services: dhcpv6-client ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules:

To change the default zone to home permanently, type:

# firewall-cmd --set-default-zone=home
success

Network interfaces can be assigned to a zone in a temporary (until the next reboot or reload) or permanent way.

To assign the eth0 network interface temporary to the internal zone, type:

# firewall-cmd --zone=internal --change-interface=eth0
success

To assign the eth0 network interface permanently to the internal zone (a file called internal.xml is created in the /etc/firewalld/zones directory), type:

# firewall-cmd --permanent --zone=internal --change-interface=eth0
success

To know which zone is associated with the eth0 interface, type:

# firewall-cmd --get-zone-of-interface=eth0
internal

Service management

After assigning each network interface to a zone, it is now possible to add services to each zone.
To allow the http service permanently in the internal zone, type:

# firewall-cmd --permanent --zone=internal --add-service=http
success
# firewall-cmd --reload

Note1: Type –remove-service=http to deny the http service.
Note2: The firewall-cmd –reload command is necessary to activate the change. Contrary to the –complete-reload option, current connections are not stopped.

To get the list of services in the default zone, type:

# firewall-cmd --list-services
dhcpv6-client ssh

Note: To get the list of the services in a particular zone, add the –zone= option.

Service firewall configuration

With the Firewalld package, the firewall configuration of the main services (ftp, httpd, etc) comes in the /usr/lib/firewalld/services directory. But it is still possible to add new ones in the /etc/firewalld/services directory. Also, if files exist at both locations for the same service, the file in the /etc/firewalld/services directory takes precedence.

For example, it is the case of the HAProxy service. There is no firewall configuration associated.
Create the /etc/firewalld/services/haproxy.xml and paste the following lines:

<?xml version="1.0" encoding="utf-8"?>
<service>
 <short>HAProxy</short>
 <description>HAProxy load-balancer</description>
 <port protocol="tcp" port="80"/>
</service>

Assign the correct SELinux context and file permissions to the haproxy.xml file:

# cd /etc/firewalld/services
# restorecon haproxy.xml
# chmod 640 haproxy.xml

Add the HAProxy service to the default zone permanently and reload the firewall configuration:

# firewall-cmd --permanent --add-service=haproxy
# firewall-cmd --reload

Port management

Port management follows the same model as service management.

To allow the 443/tcp port temporary in the internal zone, type:

# firewall-cmd --zone=internal --add-port=443/tcp
success
# firewall-cmd --reload

Note: type –remove-port=443/tcp to deny the port.

To get the list of ports open in the internal zone, type:

# firewall-cmd --zone=internal --list-ports
443/tcp

Masquerading

If your firewall is your network gateway and you don’t want everybody to know your internal addresses, you can set up two zones, one called internal, the other external, and configure masquerading on the external zone. This way, all packets will get your firewall ip address as source address.

To set up masquerading on the external zone, type:

# firewall-cmd --zone=external --add-masquerade

Note1: To remove masquerading, use the –remove-masquerade option.
Note2: To know if masquerading is active in a zone, use the –query-masquerade option.

Port forwarding

In addition to the masquerading, you can want to use port forwarding.
If you want all packets intended for port 22 to be now forwarded to port 3753, type:

# firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=3753

Note1: To remove port forwarding, use the –remove-forward-port option.
Note2: To know if port forwarding is active in a zone, use the –query-forward-port option.
Also, if you want to define the destination ip address, type:

# firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=3753:toaddr=10.0.0.1

Direct rules

It is still possible to set specific rules by using the direct mode (here to open the tcp port 9000) that by-passes the Firewalld interface:

# firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 9000 -j ACCEPT
success
# firewall-cmd --reload

Note: This last example has been borrowed from Khosro Taraghi’s blog.

To display all the direct rules added, type:

# firewall-cmd --direct --get-all-rules

Sources: RHEL7 Security Guide, wiki Fedora project.



All credit to:
http://www.certdepot.net/rhel7-get-started-firewalld/

..thanks guys :)

[ view entry ] ( 1886 views )   |  print article
JS cookies for everyone!! 
Friday, July 11, 2014, 06:50 PM - - Misc. Notes
Posted by Administrator
Javascript functions for cookies 2.0


var cookie = {
	put: function(name, value, expire) {
		var expires = "";

		if (expire) {
			var date = new Date();
			date.setTime(date.getTime() + (expire * 24 * 60 * 60 * 1000));
			expires = "; expires=" + date.toGMTString();
		}

		document.cookie = name +"="+ value + expires + "; path=/";
	},

	get: function(name) {
		var nameEQ = name + "=";
		var ca = document.cookie.split(';');

		for(var j=0; j < ca.length; j++) {
			var c = ca[j];

			while (c.charAt(0) == ' ')
				c = c.substring(1,c.length);

			if (c.indexOf(nameEQ) == 0)
				return c.substring(nameEQ.length,c.length);
		}

		return null;
	},

	delete: function(name) {
		this.put(name, '', -1);
	}
};



[ view entry ] ( 1573 views )   |  print article
MySQL – Generating Row Number for Each Row Using Variables in Query. (Ranking query results) 
Wednesday, July 2, 2014, 10:10 PM - - MySQL Notes
Posted by Administrator
Ranking field for result sets.

MySQL does not have any system function like SQL Server’s row_number () to generate the row number for each row. However, it can be generated using the variable in the SELECT statement.

The following table has five rows.

CREATE TABLE mysql_testing(db_names VARCHAR(100));
INSERT INTO mysql_testing
SELECT 'SQL Server' UNION ALL
SELECT 'MySQL' UNION ALL
SELECT 'Oracle' UNION ALL
SELECT 'MongoDB' UNION ALL
SELECT 'PostGreSQL';


Now you can generate the row number using a variable in two methods

Method 1 : Set a variable and use it in a SELECT statement
SET @row_number:=0;
SELECT @row_number:=@row_number+1 AS row_number,db_names FROM mysql_testing
ORDER BY db_names;


Method 2 : Use a variable as a table and cross join it with the source table

SELECT @row_number:=@row_number+1 AS rank,db_names FROM mysql_testing,
(SELECT @row_number:=0) AS t 
ORDER BY db_names;


Both the above methods return the following result

row_number db_names
1 MongoDB
2 MySQL
3 Oracle
4 PostGreSQL
5 SQL Server

//source (as of 6-2-2014)
http://blog.sqlauthority.com/2014/03/08 ... -variable/

//my 2 cents -ac
select @rn := @rn+1 AS RANK,t1.* from (

 select * from Franchises limit 500

) t1, (SELECT @rn:=0) t2;";




[ view entry ] ( 1597 views )   |  print article
GPG Basic Tasks 
Monday, June 30, 2014, 11:20 AM - - Linux Notes
Posted by Administrator
//encrypting a message
gpg -r "destination_email@example.net" --encrypt --armor
"message"
enter+ctrl+d

//decrypting a message
gpg --decrypt
"armored message"
ctrl+d

//importing public/private keys
gpg --import "key-name"

//listing keys
gpg -k
gpg -K

//create new key pair
gpg --gen-key 


[acool@localhost ~]$ date
Fri Apr 12 12:44:41 PM PDT 2024
[acool@localhost ~]$
[acool@localhost ~]$ gpg --list-keys
...


[ view entry ] ( 1903 views )   |  print article
MySQL SSL Setup 
Sunday, May 11, 2014, 11:45 PM - - MySQL Notes
Posted by Administrator
//Server and client "Common Name" in certificates must be different than CA's :
http://stackoverflow.com/questions/2045 ... 4#23599624

1.- generate CA key and certificate(2 commands create 2 files)
openssl genrsa 2048 >ca.key //creates ca.key
openssl req -new -x509 -nodes -days 3600 -key 'ca.key' > 'ca.crt' //creates certificate


2.- generate server key and signed certificate(2 commands create 3 files)
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout 'server.key' > server.csr' //create key and csr
openssl x509 -req -in 'server.csr' -days 3600 -CA 'ca.crt' -CAkey 'ca.key' -set_serial 01 > 'server.crt' //creates certificate


3.- generate client key and certificate (2 commands create 3 files)
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout 'client.key' > 'client.csr' //creates key and csr
openssl x509 -req -in 'client.csr' -days 3600 -CA 'ca.crt' -CAkey 'ca.key' -set_serial 01 > 'client.crt'


4.- create SSL user:
GRANT ALL PRIVILEGES ON *.* TO 'ssluser'@'%' IDENTIFIED BY 'secret-passwd' REQUIRE SSL;


5.- update my.cnf

[mysqld]
ssl-ca		= "ca.crt"
ssl-cert	= "server.crt"
ssl-key		= "server.key"

[client]
ssl-ca=ca.crt
ssl-cert=client.crt
ssl-key=client.key



//MySQL workbench, use: ca.key, client.crt and client.key without password:
openssl rsa -in client.key -out client-nopasswd.key


[ view entry ] ( 7356 views )   |  print article
Nginx: Setting Up HTTP authentication 
Friday, May 9, 2014, 12:22 AM - - Nginx Notes
Posted by Administrator
Prompting users for a password before accessing a page.

Place the following two entries in nginx configuration file:

auth_basic "Restricted";                                
auth_basic_user_file /var/www/mywebsite.com/.htpasswd;

Eg:
  location / {
      root   /var/www/mywebsite.com;
      index  index.html index.htm;
      auth_basic "Restricted";                                #For Basic Auth
      auth_basic_user_file /var/www/mywebsite.com/.htpasswd;  #For Basic Auth
  }


The .htpasswd must contain:
username:password

Generate the password with this command:
[root@IBM ~]#printf "USERNAME:$(openssl passwd -crypt PASSWORD)\n" >> htpasswd


[ view entry ] ( 1382 views )   |  print article
ASA (8.0): Natting inside hosts using outside interface (NAT overload in router lingo) 
Sunday, April 6, 2014, 10:15 PM - - Cisco Notes
Posted by Administrator
All hosts in 192.168.1.0/24 will be seen with source 172.16.1.192 in the internet. May also be known as PAT.
interface Ethernet0
 nameif outside
 security-level 0
 ip address 172.16.1.192 255.255.255.0

interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0 

global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0

//bonus: configure dns client in asa
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 8.8.8.8


[ view entry ] ( 1407 views )   |  print article
Minicom: Connecting to Cisco router console port 
Sunday, April 6, 2014, 04:42 PM - - Cisco Notes
Posted by Administrator
1)yum install minicom

2)dmesg|grep ttyp //see what serial ports are available

2)minicom -s //configuration mode

3)select "Serial port setup" option

4)select "A" and enter desired serial port

5)select "E" and specify "C" and "Q" options (9600 8N1)

6)make sure "F" is YES and "G" is NO (hardware flow control only),on previous screen

7)save setup as CISCO

8)run it: [root@localhost ~]# minicom CISCO

======================================================================
2/2016

For step 2 /dev/ttyS0 worked (that's a zero), and NO Hardware Flow control made pressing enter work, restarted AP and I notice messages were appearing on screen, but hitting enter will not have any results, changing Hardware Flow Control to NO fixed it.

/dev/ttyUSB0 also worked :)

[ view entry ] ( 1353 views )   |  print article
Slicing a Javascript array. 
Friday, April 4, 2014, 09:47 PM - - Misc. Notes
Posted by Administrator
array=['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r'];
console.log(array.slice(0,3));
console.log(array.slice(3,6));
console.log(array.slice(6,9));
console.log(array.slice(9,12));

The above outputs:
["a", "b", "c"]
["d", "e", "f"]
["g", "h", "i"]
["j", "k", "l"]


Same output with PHP:
$input = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r');
print_r(array_slice($input,0,3));
print_r(array_slice($input,3,3));
print_r(array_slice($input,6,3));
print_r(array_slice($input,9,3));

//output

Array
(
    [0] => a
    [1] => b
    [2] => c
)
Array
(
    [0] => d
    [1] => e
    [2] => f
)
Array
(
    [0] => g
    [1] => h
    [2] => i
)
Array
(
    [0] => j
    [1] => k
    [2] => l
)




Misc stuff,

js:
array=['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r'];

var Page=1;//page to display
var itemsPage=3;//items per page

var totalItems=array.length;
var totalPages=Math.ceil(totalItems/itemsPage);
var a=(Page-1)*itemsPage;
var b=a+itemsPage;
console.log(array.slice(a,b));//items


js:printing links. TESTED OK!
function coolpaging(item_count, limit, curpage, span)
{
   let cur_page = Number(curpage);
   let page_count = Math.ceil(item_count/limit);
   let current_range = [((cur_page-span) < 1 ? 1 : cur_page-span), ((cur_page+span) > page_count ? page_count : cur_page+span)];

   // First and Last pages
   let first_page = (cur_page > (span+1)) ? '<a href="' + '1' + '">1</a>' + ((cur_page < (span+3) )? ', ' : ' ... ') : '';
   let last_page = (cur_page < (page_count-span)) ? (cur_page > (page_count-(span+2)) ? ', ' : ' ... ') + '<a href="'+ page_count + '">'+page_count+'</a>' : '';

   // Previous and next page
   let previous_page = (cur_page > 1) ? '<a href="'+ (cur_page-1)+'">Previous</a> | ' : '';
   let next_page = (cur_page < page_count) ? ' | <a href="'+ (cur_page+1)+'">Next</a>' : '';

   let pages = [];

   // Display pages that are in range
   for (let x=current_range[0];x <= current_range[1]; ++x)
     pages.push('<a href="'+ x+'">'+((x == cur_page) ? '<strong>'+x+'</strong>' : x)+'</a>');

   if (page_count > 1)
     return '<p class="entpagination">'+ previous_page+first_page+ pages.join(",")+last_page+next_page+'</p>';

   return '';
}


php:
$array=array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s');

$Page=2;//page to display
$itemsPage=3;//items per page

$totalItems=sizeof($array);
$totalPages=ceil($totalItems/$itemsPage);
$a=($Page-1)*$itemsPage;
var_dump(array_slice($array,$a,$itemsPage));//items

//printing links
function paginationLinks($item_count, $limit, $cur_page, $link,$span)
{
       $page_count = ceil($item_count/$limit);
       $current_range = array(($cur_page-$span < 1 ? 1 : $cur_page-$span), ($cur_page+$span > $page_count ? $page_count : $cur_page+$span));

       // First and Last pages
       $first_page = $cur_page > ($span+1) ? '<a href="'.sprintf($link, '1').'">1</a>'.($cur_page < ($span+3) ? ', ' : ' ... ') : null;
       $last_page = $cur_page < $page_count-$span ? ($cur_page > $page_count-($span+2) ? ', ' : ' ... ').'<a href="'.sprintf($link, $page_count).'">'.$page_count.'</a>' : null;

       // Previous and next page
       $previous_page = $cur_page > 1 ? '<a href="'.sprintf($link, ($cur_page-1)).'">Previous</a> | ' : null;
       $next_page = $cur_page < $page_count ? ' | <a href="'.sprintf($link, ($cur_page+1)).'">Next</a>' : null;

       // Display pages that are in range
       for ($x=$current_range[0];$x <= $current_range[1]; ++$x)
               $pages[] = '<a href="'.sprintf($link, $x).'">'.($x == $cur_page ? '<strong>'.$x.'</strong>' : $x).'</a>';

       if ($page_count > 1)
               return '<p class="pagination"><strong>Pages:</strong> '.$previous_page.$first_page.implode(', ', $pages).$last_page.$next_page.'</p>';
}
echo paginationLinks(
   400,//total amount of item/rows/whatever,
   10,//limit of items per page
   $_GET['p'],//current page number
   '?p=%d',//url
   5//items on each side of current page

);

//links function:
//http://css-tricks.com/snippets/php/pagination-function/


paginationLinks function sample output:

Pages: Previous | 1 ... 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40 | Next



[ view entry ] ( 1436 views )   |  print article
jQuery - Append a Value to an INPUT, keeping it a Comma Delimited list 
Tuesday, March 4, 2014, 05:55 PM - - Misc. Notes
Posted by Administrator

$('#attachment-uuids').val(function(i,val) { 
     return val + (!val ? '' : ', ') + '66666';
});


as of 3/4/2014 :)
http://stackoverflow.com/questions/4339 ... mited-list

[ view entry ] ( 1300 views )   |  print article

<<First <Back | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | Next> Last>>


2024 By Angel Cool