• About

blog.alam.rocks

blog.alam.rocks

Tag Archives: ubuntu

cloud-init: Automatically import your public SSH keys into LXD Instances

10 Friday Jan 2020

Posted by Fakrul Alam in Education, My Work, Tutorial

≈ Leave a comment

Tags

automation, cloud-init, lxc, lxc profile, lxd, SSH, ssh-key, ubuntu, YAML

While provisioning LXD instance; we can define post deployment task using cloud-init. This will help us to import your public SSH keys, add new user, update packages and install new packages if required. To do that we use lxc profile.

First check what lxc profile you have. There should be one default profile.

# lxc profile list

Copy default profile and create new one

# lxc profile copy default production

Edit newly created profile

# lxc profile edit production

Use the following configuration. This is YAML file and for better formatting please download it from here

Continue reading →

recover corrupt /etc/sudoers file over SSH

10 Friday Jan 2020

Posted by Fakrul Alam in Education, My Work

≈ Leave a comment

Tags

SSH, sudo su, ubuntu

Recently I have faced issue where I mistakenly edit the file under /etc/sudoers.d/. When ever I am trying to sudo; I am getting following error:

fakrul@fakrul-server01:~/.config$ sudo su
>>> /etc/sudoers.d/fakrul_sudo: syntax error near line 1 <<<
sudo: parse error in /etc/sudoers.d/fakrul_sudo near line 1
sudo: no valid sudoers sources found, quitting
sudo: unable to initialise policy plugin

Unfortunately I don’t have any other sudo user. I have googled and got a solution.

Steps:

1. Open two ssh sessions to the target server.

2. In the first session, get the PID of bash by running:
fakrul@fakrul-server01:~/.config$ echo $$
5886

3. In the second session, start the authentication agent with:

pkttyagent --process (pid from step 2)

4. Back in the first session, run:

fakrul@fakrul-server01:~/.config$ pkexec rm /etc/sudoers.d/fakrul_sudo

5. In the second session, you will get the password prompt. “fakrul_sudo” file will be removed in the first session. In same way you can add new file.

Screen Shot 2020-01-10 at 1.49.10 pm.png

 

mitmproxy : intercept, inspect, modify and replay

20 Tuesday Sep 2016

Posted by Fakrul Alam in My Work

≈ Leave a comment

Tags

mitmproxy, ubuntu

https://mitmproxy.org/ is CLI based An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed. Installation easy. For Ubuntu do the following:

sudo apt-get install python-pip python-dev libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev
sudo pip install mitmproxy

Run mitmproxy

fakrul@console ~> mitmproxy

It will run on port 8080. Now fire up your browser and point it the proxy. You can use it for both http & https. You will get the all the session details.

mitmproxy

OpenVPN in Ubuntu 14.04

15 Thursday Sep 2016

Posted by Fakrul Alam in My Work

≈ 1 Comment

Tags

OpenVPN, Security, ubuntu, VPN

The quickest way to install OpenVPN in Ubuntu 14.04:

1. Download the initial script:

$ wget https://git.io/vpn -O openvpn-install.sh

2. Run the command

$ sudo bash openvpn-install.sh

You need to define the external IP address on which you will run the service

a.External IP address on which you will run the service

b. Port No

c. DNS you want to use

To get the public IP you can try the following command:

dig TXT +short o-o.myaddr.l.google.com @ns1.google.com

It will create necessary certificates and also create the first client.

That is all. Your OpenVPN server has been configured and ready to use. You can see added firewall rules /etc/rc.local file:

$ cat /etc/rc.local
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to 202.125.97.10

Type the following command start the OpenVPN service:

$ sudo /etc/init.d/openvpn start

The client certificate will be stored in the home directory.

fakrul-apnic.ovpn

To connect from MacOSX, you can use TunnelBlick which is available at https://tunnelblick.net

screen-shot-2016-09-15-at-4-52-37-pm

To add new client run the openvpn-install.sh script. Choose option 1 to add new client and certificate will be store in home folder.

Install and Configure SNMP on Ubuntu

20 Wednesday Nov 2013

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

SNMP, ubuntu

This guide describe how to install and configure SNMP on Ubuntu.

1.Installation

root@netflow:/# sudo apt-get install snmpd

2. Configuration
Move existing /etc/snmp/snmpd.conf configuration file to /etc/snmp/snmpd.conf.org

root@netflow:/# mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org

Create a new /etc/snmp/snmpd.conf file:

# Configure Read-Only community and restrict who can connect
rocommunity COPUBLIC 103.12.179.0/24
rocommunity COPUBLIC 127.0.0.1

# Information about this host
sysLocation bdHUB Dhaka Bangladesh
sysContact noc@bdhub.com

# Which OSI layers are active in this host
# (Application + End-to-End layers)
sysServices 72

Make snmpd use the newly created file and make it listen to all interfaces:

Edit /etc/default/snmpd

root@netflow:/# vi /etc/default/snmpd

Change from:

# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1’

To:

# snmpd options (use syslog, close stdin/out/err).
#SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1’
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf’

and restart snmpd

root@netflow:/# /etc/init.d/snmpd restart

3. Test
Check SNMP is running

root@netflow:/# sudo netstat -ulnp | grep 161
udp 0 0 0.0.0.0:161 0.0.0.0:* 28676/snmpd

Check the snmpstatus output

root@netflow:/# snmpstatus -c ‘COPUBLIC’ -v2c 103.12.179.12

← Older posts

Social

  • View rapappu’s profile on Twitter
  • View fakrulalam’s profile on LinkedIn
  • View fakrul’s profile on GitHub
  • View FakrulAlamPappu’s profile on Google+
  • View fakrulalam’s profile on Flickr

Twitter Updates

  • #sydeny #summer https://t.co/4FhMTbgG1g 1 week ago
  • RT @protocoljournal: The August 2022 issue of IPJ is ready. Head over to protocoljournal.org for your copy! https://t.co/c0dfwBQAuu 3 weeks ago
  • RT @teamcymru: Take The first step toward clarity, visibility, and reducing external asset related risks With our free Attack Surface Asses… 3 weeks ago
  • RT @akanygren: Have you been working with tech for years and want an overview of #IPv6? I've been working on an open source "Inessential I… 1 month ago
  • blog.lastpass.com/2022/11/notice… 2 months ago
  • #bdnog15 CfP is now open bdnog.org/bdnog15/cfp.php #bdnog #bangladesh #nog #networkoperatorsgroup 2 months ago
  • RT @Cloudflare: Today we’re introducing Cloudflare Radar’s route leak data and API so that anyone can get information about route leaks acr… 2 months ago
  • Battling Zimbabwe fall short as Bangladesh win in chaotic final-over finish espncricinfo.com/series/icc-men… #t20 #worldcup #bangladeh 3 months ago
  • RT @vince2_: With the team @Free_1337, we have developed a Netflow/IPFIX collector and visualizer. It is available at https://t.co/6XtpOtm9… 6 months ago
  • RT @openbsdnow: Effective Shell effective-shell.com 7 months ago
  • RT @nocontextfooty: https://t.co/PU0JeRSrbD 7 months ago
  • smallstep.com/blog/if-openss… 7 months ago
  • github.com/tldr-pages/tldr 9 months ago
  • How to properly interpret a traceroute or MTR | APNIC Blog blog.apnic.net/2022/03/28/how… 9 months ago
  • #dayandnight #Newcastle #beachlife https://t.co/LaKATcEsFY 10 months ago
Follow @rapappu

Tags

antismap antivirus automation Azure bangladesh BASH BASH Script BDCERT bgp bind ccsp centos CentOS mirror CERT CISA cisco Cyber Security ddos dhaka dhakacom DNS DNSSEC GSM intrusion detectoin system Intrusion prevention system ips IPv6 ISACA junos linux Looking Glass lxc lxc profile lxd mailqueue mailscanner Mail Server mailwatch Meraki mikrotik monitor mpls MPLS L3 VPN mysql My Work network network management nginx NSD observium OpenVPN perl PHP ping postfix Proxy PTA python RANCID Reading RPKI Shell Script sms sms server SNMP SSH Tutorial ubuntu Ubuntu Mirror Server Virtual Box vispan vmware websvn Youtube hack খামাখা

Blog at WordPress.com.

  • Follow Following
    • blog.alam.rocks
    • Join 27 other followers
    • Already have a WordPress.com account? Log in now.
    • blog.alam.rocks
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...