Posts

OpenVPN is an SSL based VPN. There are other VPN solutions such as IPsec, etc. but OpenVPN provides a cost effective alternative. I like OpenVPN as it support two-way authentication, i.e. both the client and server authenticate using certificates. To install OpeVPN on CentOS we need a number of cryptographic libraries. The simplest way is to use the DAG/RPMForge repository.

Set-up the RPMForge repository [1], as this contains the packages necessary for the installation and the instructions are provided below. The instructions below are just to document this specific installation and therefore this blog post is not to be misinterpreted as a best practises guide. The instructions are adapted from the OpenVPN website [2], but this blog post is intended more as a quick and dirty guide to getting OpenVPN running on CentOS 5.7. Additionally the set-up and configuration of the client is considered beyond the scope of this blog post.

OSSEC is an open source host-based IDS that performs log analysis, and is able to correlate and analyse logs for a number of Linux (and Windows, but that is outside the scope of this blog post) servers. The software architecture of OSSEC and the use of agents, lends OSSEC to flexible deployment and management [1].

Set-up the Atomic repository that already has the appropriate OSSEC packages and install them would be the easiest way. However I have a strong dislike for the use of the /var partition (most system administrators, hmm… well at-least I have always, set this up as a separate partition for ease of management and security reasons) as an install location, esp. when it has been specified as a “noexec” partition.

CentOS 5.7 uses an older version of libpcap (0.9.4), but Snort’s Data Acquisition Library (daq) needs a newer version of libpcap (>=1.0.0). The latter is not an issue with the CentOS 6.0. Vishesh Kumar [1] provides an excellent instructions to getting Snort 2.9 to run on RHEL 5 (http://www.linuxmantra.com/2010/10/install-snort-29-on-rhel-5.html). The purpose of this post is not to duplicate his efforts, but to extend it slightly to include instructions for a complete Snort set-up.

Running some experiment on a VM server I rapidly ran out of patience having to wait for commands to run, and/or switching back and forth using Ctrl+Z, bg, and fg. My thoughts went back to Nick Black who had introduced me to Gnu Screen several years back, alas I has forgotten the short-cuts, Thankfully Google and the man page came to the rescue.

Since the VM server was a CentOS 6.0 box, with minimal install, I had to install Gnu Screen using;

I had to recently rebuild my Mac Book Pro (gasp!), and decided to upgrade to Lion.  The whole process was relatively painless. Files were copied back from backups, and updated from my SVN repositories, however I had troubles installing the appropriate Mac port package for the APACite classes.

sudo port install texlive-bibtex-extra

The latter yielded errors, which were logged in

/opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_perl_p5-text-bibtex/p5.12-text-bibtex/main.log

Since the dependency p5.12-text-bibtex could not be installed, examination of the log file provided the following clues; error: ‘main’ must return ‘int’

While compiling a LaTeX document, a blank template of my PhD thesis to be exact, when I got the following error “! LaTeX Error: File `apacite.sty’ not found.” Again a quick search for Mac ports indicated that the texlive-bibtex-extra package was required. It was quickly installed using;

sudo port install texlive-bibtex-extra

Subsequent compile yielded more errors, this time it was “! Undefined control sequence. \abstract”. This was solved using the texlive-latex-extra package, installed using;

Evernote is a great tool. I absolutely love it. The only con, is that it’s nto available natively for Linux. So I have to run it under the Windows Emulator or wine. The installation is fairly simple.

1. wget http://evernote.s3.amazonaws.com/win4/public/Evernote_4.5.0.5229.exe
2. wine Evernote_4.5.0.5229.exe

Obviously not running natively there is a slight performance lag. This may be attributed to my 5 year old laptop. Although it’s still usable, the slow synchronization soon becomes tiresome. Fortunately there is a Linux native client called NeverNote[2].

It’s pretty easy to set-up Cisco serial console connectivity on Ubuntu 10.04. The usual way is to use minicom. The serial ports usually called COM1-4 usually have the following address range;

1. COM1 - 3E8
2. COM2 - 2F8
3. COM3 - 3E8
4. COM4 - 2E8

To complete the setup first determine the address used for COM1 (or whichever serial port you wish to use) on your machine  query the kernel buffer ring using the dmesg command, then install and configure the minicom, modem emulation tool.

KeePass is a very popular password management software. One of my client uses this for their systems and I was given a copy of their database. Since I mostly use linux when I am working, I needed a way to get this working on Ubuntu 10.04. Instructions are widely available, but again for my benefit, I have documented them here as step-by-step guide for myself. At the time of this blog post the 2.x version of KeePass was 2.16