CA management - tinyca

TinyCA is a program with a simple graphical user interface that makes managing a small CA (Certification Authority) easy.  TinyCA works as a frontend for openssl and can deal with several independent CAs.
With TinyCA you can create and manage x509 and S/MIME server and client certificates.  You can choose between RSA and DSA keys, as well as between different digest algorithms.
The certificates can be exported as PEM, DER, TXT and PKCS#12 or as a convenient archive containing both key and certificate.  Certificates can be revoked by adding them to a certificate revocation list.

Juniper screen OS debug transaction flow

Capturing Debug flow basic:

Cl db

Set ff src-ip x.x.x.x dst-ip y.y.y.y

Set ff src-ip y.y.y.y dst-ip x.x.x.x

(where

x.x.x.x== client ip which is accessing the server y.y.y.y==public ip of server i.e VIP ip of the server)

debug flow basic

(Then initiate the concerned traffic from source x.x.x.x to y.y.y.y)

Get db str

Undebug all

Cl db

Capturing snoop detail

Cl db

Snoop filter ip src-ip x.x.x.x dst-ip y.y.y.y direction both Snoop detail len 1514 Snoop (and then press `y?)

(Then initiate the concerned traffic from source x.x.x.x to y.y.y.y)

Get db str

Snoop off

RHEL6 disable ipv6

Edit /etc/sysconfig/network
Change the following:
NETWORKING_IPV6=yes to NETWORKING_IPV6=no

Add a new file /etc/modprobe.d/ECS.conf containing
alias net-pf-10 off
alias ipv6 off

Stop the ipv6tables service
service ip6tables stop

Disable the ipv6tables service
chkconfig ip6tables off

After these changes, IPv6 will be disabled after the next reboot of your system.

verify ipv6 is disable
lsmod | grep ipv6
ifconfig

netstat

ref.: http://linuxnet.ch/groups/linuxnet/revisions/5b3a1/6/

use esxcli kill stunk vm in ESXi 4.1

Find world ID
# esxcli vms vm list
Soft kill vm
#esxcli vms vm kill -w 81238123 -t soft     <---here 81238123 is world ID

Delete comment using grep

grep -v ^\# myfile.conf | grep . > nocommentfile.conf

Samba join domain win2008 + squid authentication with ntlm_auth

Step:

1. upgrade samba to 3.5 (for win2008)
2. edit /etc/samba/smb.conf
3. edit /etc/krb5.conf
4. edit /etc/pam.d/system-auth
5. add winbind option in /etc/nsswitch.conf
6. config iptables to allow 139,445,389 port, or allow all for testing
7. change selinux to permissive or disable just for testing
8. setup time, ensure no more than 5 min different with your DC 
9. startup smb, winbind, oddjobd
10. join domain
11. test with wbinfo, kinit, ntlm_auth, check if your linux host appear in AD\computer ou
12. edit /etc/squid/squid.conf
13. make sure squid group have permission to access /var/lib/samba/winbindd_privilege folder
14. Startup squid
15. client pc proxy config
16. client pc edit group policy, change Network security: LAN Manager authentication level:Send LM & NTLM - use NTLMv2 
17. client pc test to access internet with user authentication

For detail please check here:

EtherChannel config

==========PAgP Config:=============
Switch(config)# interface type mod/num
Switch(config-if)# channel-protocol pagp
Switch(config-if)# channel-group number mode {on | {{auto | desirable} [non-silent]}}

Example:
Switch(config)# port-channel load-balance src-dst-port
Switch(config)# interface range gig 3/1 – 4
Switch(config-if)# channel-protocol pagp
Switch(config-if)# channel-group 1 mode desirable non-silent
================================

=========LACP Config==============
Switch(config)# lacp system-priority priority
Switch(config)# interface type mod/num
Switch(config-if)# channel-protocol lacp
Switch(config-if)# channel-group number mode {on | passive | active}
Switch(config-if)# lacp port-priority priority

Example:
Switch(config)# lacp system-priority 100
Switch(config)# interface range gig 2/1 – 4 , gig 3/1 – 4
Switch(config-if)# channel-protocol lacp
Switch(config-if)# channel-group 1 mode active
Switch(config-if)# lacp port-priority 100
Switch(config-if)# exit
Switch(config)# interface range gig 2/5 – 8 , gig 3/5 – 8
Switch(config-if)# channel-protocol lacp
Switch(config-if)# channel-group 1 mode active
=================================

Desktop enhancement - Macubuntu

Free accounting system - Features | GnuCash

Many many icons - NounProject

NounProject

Extending LVM disks in Linux using Vmware virtual disks

Here is the current file system. It needs another 3Gb on the LogVol00 filesystem. The Linux system is a VMware virtual system with Virtual disks.

[root@dbvrac1 ~]# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
9127580 6692828 1971088 78% /
/dev/sda1 101086 12651 83216 14% /boot
none 596544 0 596544 0% /dev/shm

The partitions are as follows

[root@dbvrac1 ~]# sfdisk -s
/dev/sda: 10485760
/dev/sdb: 10485760
/dev/sdc: 10485760
/dev/sdd: 10485760
/dev/sde: 10485760
/dev/sdf: 10485760

First the Vmware virtual disks needs to increase. 13Gb is the new size. Shutdown the Vmware guest and resize the disk on the Vmware host:

# vmware-vdiskmanager -x 13GB dbvrac1.vmdk
Using log file /tmp/vmware-root/vdiskmanager.log
The old geometry C/H/S of the disk is: 1305/255/63
The new geometry C/H/S of the disk is: 1697/255/63
Disk expansion completed successfully.

Start up the Vmware guest again.
This has added space on the /dev/sda partition. This can be seen by running sfdisk -s again:

[root@dbvrac1 ~]# sfdisk -s
/dev/sda: 13631488
/dev/sdb: 10485760
/dev/sdc: 10485760
/dev/sdd: 10485760
/dev/sde: 10485760
/dev/sdf: 10485760

To use the space, a partition first has to be created on /dev/sda

[root@dbvrac1 ~]# ls -al /dev/sda*
brw-rw---- 1 root disk 8, 0 Jun 29 2009 /dev/sda
brw-rw---- 1 root disk 8, 1 Jun 29 2009 /dev/sda1
brw-rw---- 1 root disk 8, 2 Jun 29 2009 /dev/sda2

The new partition will be /dev/sda3.

[root@dbvrac1 /]# fdisk /dev/sda

Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 3
First cylinder (1306-1697, default 1306):
Using default value 1306
Last cylinder or +size or +sizeM or +sizeK (1306-1697, default 1697):
Using default value 1697

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

Validate that the new partition has been created

[root@dbvrac1 ~]# ls -al /dev/sda*
brw-rw---- 1 root disk 8, 0 Jun 29 2009 /dev/sda
brw-rw---- 1 root disk 8, 1 Jun 29 2009 /dev/sda1
brw-rw---- 1 root disk 8, 2 Jun 29 2009 /dev/sda2
brw-rw---- 1 root disk 8, 2 Jun 29 2009 /dev/sda3

/dev/sda3 is the new partition.
Reboot to load the new partition into the kernel.

Create a physical volume for LVM:

[root@dbvrac1 ~]# pvcreate /dev/sda3
Physical volume "/dev/sda3" successfully created

Add the new physical volume to the volume group:

[root@dbvrac1 ~]# vgextend VolGroup00 /dev/sda3
Volume group "VolGroup00" successfully extended

Extend the logical volume over the new space in the volume group.
Find out how much more space can be added:

[root@dbvrac1 ~]# vgdisplay
--- Volume group ---
VG Name VolGroup00
System ID
Format lvm2
Metadata Areas 2
Metadata Sequence No 4
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 2
Max PV 0
Cur PV 2
Act PV 2
VG Size 12.88 GB
PE Size 32.00 MB
Total PE 412
Alloc PE / Size 315 / 9.84 GB
Free PE / Size 97 / 3.03 GB
VG UUID 7yenoW-lzsd-xK8a-j2Vj-qgty-TFXK-L0lhTL

There is 3.03Gb available.
Extend the volume:

[root@dbvrac1 ~]# lvextend -L+3.03G /dev/VolGroup00/LogVol00
Rounding up size to full physical extent 3.03 GB
Extending logical volume LogVol00 to 11.88 GB
Logical volume LogVol00 successfully resized

Resize the filesystem:

[root@dbvrac1 ~]# resize2fs /dev/VolGroup00/LogVol00
resize2fs 1.35 (28-Feb-2004)
/dev/VolGroup00/LogVol00 is mounted; can't resize a mounted filesystem!

Cannot use resize2fs as it is online. Use ext2online instead.

[root@dbvrac1 ~]# ext2online /dev/VolGroup00/LogVol00
ext2online v1.1.18 - 2001/03/18 for EXT2FS 0.5b

Check file system:

[root@dbvrac1 ~]# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
12256820 6695112 4940796 58% /
/dev/sda1 101086 12651 83216 14% /boot
none 596544 0 596544 0% /dev/shm

ref.: Extending LVM disks in Linux using Vmware virtual disks - Dbvisit Community

vmware esx update command

0.1. Suppose ssh is ready; patch is download from http://www.vmware.com/patch/download/

0.2 Upload patch file to esx server with scp or using viclient browse datastore and upload

1. Enter maintain mode
ESX:
vimsh -n -e /hostsvc/maintenance_mode_enter
ESXi:
vim-cmd /hostsvc/maintenance_mode_enter

2. Execute update
esxcli software vib intall -d /path/to/patch/esxi_update_patch.zip

3. Exit maintenance mode
ESX:
vimsh -n -e /hostsvc/maintenance_mode_exit
ESXi:
vim-cmd /hostsvc/maintenance_mode_exit

4. System reboot

Using Local Group Policy Editor for security issue

ref.: http://www.techrepublic.com/blog/10things/10-ways-to-tweak-windows-7-using-the-local-group-policy-editor/1014

Improve VMware Console Mouse Experience with Windows Server 2008

ref.: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1011709
ref.: http://vm-pro.com/improve-vmware-console-mouse-experience-with-windows-server-2008/

vmware-vmrc example

Directly connect to ESX

vmware-vmrc -h 192.168.1.123 -m "[datastore1] rayvm/rayvm.vmx"

or

vmware-vmrc -h 192.168.1.123 -u "administrator" -p "yourpassword" -m "[datastore1] rayvm/rayvm.vmx"

Directly connect to VMware Server

vmware-vmrc.exe -h 192.168.1.246:8333 -m "[datastore1] rayvm/rayvm.vmx"

VM migrate with vSphere client

ref:http://blog.infinity.idv.tw/

Creating a DVD Slideshow Using Imagination

The name of the program is Imagination which is available in repository
Export video format: VOB, FLV, 3GP, OGV