luni, 23 aprilie 2018

Avoid errors when install SharePoint 2016

Error in process of Prerequisite installation

Most of errors apears when Prerequisite is not done well or when you manual install some package which require preconfiguration made by prerequisite software (prerequisiteinstaller.exe) .

So ... DONT manual install Server AppFabric, Cumulative Update 7 for AppFrabic 1.1 and WCF Data Services,use prerequisiteinstaller.exe to do it.

1. First step when u do offline installing. Download packages or use this powershell script https://www.mondor.ro/stuff/Download-SP2016-prerechizite.ps1.

Links to download:

Microsoft SQL Server 2012 SP1 Native Client
Microsoft ODBC Driver 11 for SQL Server
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Identity Extensions
Windows Server AppFabric 1.1
Cumulative Update 7 for Microsoft AppFabric 1.1 for Windows Server
Microsoft Information Protection and Control Client
Microsoft WCF Data Services 5.6
Visual C++ Redistributable Package for Visual Studio 2015
Another visual C++ Redistributable Package for Visual Studio 2013/2012
.NET framework 4.6



2. DONT manual install Server AppFabric, Cumulative Update 7 for AppFrabic 1.1 and WCF Data Services, use prerequisiteinstaller.exe like:

prerequisiteinstaller.exe /AppFabric:C:\path-to-downloaded-files\WindowsServerAppFabricSetup_x64.exe

prerequisiteinstaller.exe /WCFDataServices:C:\path-to-downloaded-files\WcfDataServices.exe /quiet

Than install Patch for AppFabric 1.1 

3. Reboot
4. Continue Normal install Sharepoint 2016

Good Luck!

luni, 2 aprilie 2018

Add External SMTP Server for Nagios Notifications

On Centos 6/7

yum install mailx

locate commands.cfg

/usr/local/nagios/etc/objects/commands.cfg

Edit

vi /usr/local/nagios/etc/objects/commands.cfg

and change notify-host-by-email and notify-service-by-email into this:

# 'notify-host-by-email' command definition
define command{
        command_name    notify-host-by-email
        command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mailx -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" -S smtp-auth=login -S smtp="server.mondor.ro:25" -S from="nagios@mondor.ro" -S smtp-auth-user="nagios@mondor.ro" -S smtp-auth-password="password" $CONTACTEMAIL$
        }

# 'notify-service-by-email' command definition
define command{
        command_name    notify-service-by-email
        command_line    /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mailx -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" -S smtp-auth=login -S smtp="server.mondor.ro:25" -S from="nagios@mondor.ro" -S smtp-auth-user="nagios@mondor.ro" -S smtp-auth-password="password" $CONTACTEMAIL$
        }

vineri, 24 noiembrie 2017

Perfect Installer Secured OpenVPN 2.3.3 - 2.4.4 - from source

Hi there, inspired from source - https://github.com/Angristan/OpenVPN-install
Tested on Centos 7.x and working fine here a script, put the name openvpn-installer.sh

Before runing this script save your firewall rules and reapply after running this and append new rules need to openvpn.

openvpn-installer.sh

#!/bin/bash
# v3
# OPENVPN (also suported clients <= 2.3.3)
# PORT:  1149 tcp/udp
# CIPHER: AES-128-CBC
# CERTIFICATE: RSA
# RSA_SIZE: 4096
# CERT_HASH: sha384
# DH_TYPE: DH
# DH_SIZE: 4096
# CC_ENC: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
# TLS_SIG: tls-auth
# HMAC_AUTH: SHA384
# COMPRESSION: lz0

#Detect root user
if [[ "$EUID" -ne 0 ]]; then
echo "Sorry, you need to run this as root"
exit 1
fi

#Detect TUN
if [[ ! -e /dev/net/tun ]]; then
echo "TUN is not available"
exit 2
fi

#Detect CENTOS
if [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
        OS=centos
        IPTABLES='/etc/sysconfig/iptables'
        SYSCTL='/etc/sysctl.conf'
else
        echo "Looks like you aren't running this installer on CentOS system"
        exit 4
fi

# Detect Server IP.
IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
if [[ "$IP" = "" ]]; then
        IP=$(wget -qO- ipv4.icanhazip.com)
fi
# Detect Network Interface
NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)

#echo $IP
#echo $NIC

if [[ -e /etc/openvpn/server3.conf ]]; then
while :
do
clear
echo ""
echo "Looks like OpenVPN is already installed"
echo ""
echo "What do you want to do?"
echo "   1) Exit"
read -p "Select an option [1]: " option
case $option in
1) exit;;
esac
done
else
clear
echo "Welcome to the secure OpenVPN installer"
echo ""
# OpenVPN setup
echo ""
echo "Port for OpenVPN"
PORT="1194"
#Default UDP 1194
#echo $PORT
echo ""
echo "What protocol for OpenVPN?"
echo "   1) UDP (recommended)"
PROTOCOL="1"
#echo $PROTOCOL
echo ""
echo "DNS to use with the VPN?"
echo "   1) Google (Anycast: worldwide)"
DNS="1"
#echo $DNS
echo ""
echo "Choose which compression algorithm you want to use:"
echo "   1) LZ0 (use for OpenVPN 2.3 compatibility)"
COMPRESSION="lzo"
#echo $COMPRESSION
echo ""
echo "The encryption in OpenVPN."
echo "Only use AES-CBC for OpenVPN 2.3 compatibilty"
echo "   1) AES-128-CBC"
CIPHER="cipher AES-128-CBC"
#echo $CIPHER
echo ""
echo "Kind of certificate to use"
echo "RSA for OpenVPN 2.3 compatibilty"
echo "   1) RSA"
CERT_TYPE="1"
#echo $CERT_TYPE
echo ""
echo "Choose which RSA key size you want to use:"
echo "   1) 4096 bits"
RSA_SIZE="4096"
#echo $RSA_SIZE
echo ""
echo "Choose which hash algorithm you want to use for the certificate:"
echo "   1) SHA-384 (recommended)"
CERT_HASH="sha384"
#echo $CERT_HASH
echo ""
echo "Choose what kind of Diffie-Hellman key you want to use."
echo "Use DH for OpenVPN 2.3 compatibilty"
echo "   1) DH"
DH_TYPE="1"
#echo $DH_TYPE
echo""
echo "Choose which DH key size you want to use"
echo "   1) 4096 bits"
DH_SIZE="4096"
#echo $DH_SIZE
echo ""
echo "Choose which cipher you want to use for the control channel:"
    echo "   1) ECDHE-RSA-AES-256-GCM-SHA384 (recommended)"
CC_ENC="TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
#echo $CC_ENC
echo ""
echo "Do you want to use tls-crypt or tls-auth?"
echo "They both encrypt and authenticate all control channel packets with a key."
echo "tls-crypt is more advanced and secure than tls-auth, but it's an OpenVPN 2.4 feature."
echo "   1) tls-auth (use only for OpenVPN 2.3 client compatibility)"
TLS_SIG="1"
#echo $TLS_SIG
echo""
echo "Choose which message digest algorithm you want to use for the data channel packets"
echo "and the tls-auth/tls-crypt control channel packets:"
echo "   2) SHA-384 (recommended)"
HMAC_AUTH="SHA384"
#echo $HMAC_AUTH
echo ""
echo "Finally, 1 client certificate and configuration will be add by default: firstuser"
CLIENT="firstuser"
#echo $CLIENT
echo ""
echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now"
read -n1 -r -p "Press any key to continue..."

if [[ "$OS" = 'centos' ]]; then
yum install epel-release -y
        yum --enablerepo=epel -y install openvpn
yum --enablerepo=epel -y install htop
        yum install iptables iptables-services openssl wget ca-certificates curl mlocate net-tools policycoreutils-python redhat-lsb-core -y
# Install iptables service
if [[ ! -e /etc/systemd/system/iptables.service ]]; then
    mkdir /etc/iptables
iptables-save > /etc/sysconfig/iptables
echo "#!/bin/sh
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT" > /etc/iptables/flush-iptables.sh
chmod +x /etc/iptables/flush-iptables.sh
echo "[Unit]
Description=Packet Filtering Framework
DefaultDependencies=no
Before=network-pre.target
Wants=network-pre.target
[Service]
Type=oneshot
ExecStart=/sbin/iptables-restore /etc/sysconfig/iptables
ExecReload=/sbin/iptables-restore /etc/sysconfig/iptables
ExecStop=/etc/iptables/flush-iptables.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
systemctl daemon-reload
systemctl enable iptables.service
# Disable firewalld to allow iptables to start upon reboot
systemctl disable firewalld
fi

fi

#To remember we use tls-auth when generating a new client conf
echo $TLS_SIG > /etc/openvpn/TLS_SIG

# Find out if the machine uses nogroup or nobody for the permissionless group
if grep -qs "^nogroup:" /etc/group; then
NOGROUP=nogroup
else
NOGROUP=nobody
fi

# An old version of easy-rsa was available by default in some openvpn packages
if [[ -d /etc/openvpn/easy-rsa/ ]]; then
rm -rf /etc/openvpn/easy-rsa/
fi
# Get easy-rsa
cd ~/
wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.3/EasyRSA-3.0.3.tgz
    tar -xzvf EasyRSA-3.0.3.tgz
    mv /root/EasyRSA-3.0.3 /root/easy-rsa
    mv /root/easy-rsa /etc/openvpn/easy-rsa
chown -R root:root /etc/openvpn/easy-rsa/
rm -rf EasyRSA-3.0.3.tgz
    rm -rf easy-rsa
cd /etc/openvpn/easy-rsa/

if [[ $CERT_TYPE == "1" ]]; then
echo "set_var EASYRSA_KEY_SIZE $RSA_SIZE" > vars
fi
echo 'set_var EASYRSA_DIGEST "'$CERT_HASH'"' >> vars
# Create the PKI, set up the CA, the DH params and the server + client certificates
/etc/openvpn/easy-rsa/easyrsa init-pki
/etc/openvpn/easy-rsa/easyrsa --batch build-ca nopass
openssl dhparam -out dhv3.pem $DH_SIZE
/etc/openvpn/easy-rsa/easyrsa build-server-full server nopass
EASYRSA_CRL_DAYS=3650 /etc/openvpn/easy-rsa/easyrsa gen-crl
if [[ $TLS_SIG == "1" ]]; then
openvpn --genkey --secret /etc/openvpn/tls-auth.key
fi
# Move all the generated files
cp /etc/openvpn/easy-rsa/pki/ca.crt /etc/openvpn/easy-rsa/pki/private/ca.key /etc/openvpn/easy-rsa/pki/issued/server.crt /etc/openvpn/easy-rsa/pki/private/server.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn
if [[ $DH_TYPE == "1" ]]; then
    cp /etc/openvpn/easy-rsa/dhv3.pem /etc/openvpn
fi
# Make cert revocation list readable for non-root
chmod 644 /etc/openvpn/crl.pem

# Generate server3.conf
echo "port $PORT" > /etc/openvpn/server3.conf
if [[ "$PROTOCOL" = '1' ]]; then
echo "proto udp" >> /etc/openvpn/server3.conf
fi
echo "dev tun
user nobody
group $NOGROUP
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server3.conf
# DNS resolvers
#Google
echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server3.conf
echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server3.conf
echo 'push "redirect-gateway def1 bypass-dhcp" '>> /etc/openvpn/server3.conf
echo "crl-verify crl.pem
ca ca.crt
cert server.crt
key server.key" >> /etc/openvpn/server3.conf
if [[ $TLS_SIG == "1" ]]; then
echo "tls-auth tls-auth.key 0" >> /etc/openvpn/server3.conf
fi
if [[ $DH_TYPE == "1" ]]; then
echo "dh dhv3.pem" >> /etc/openvpn/server3.conf
fi
echo "auth $HMAC_AUTH
$CIPHER
ncp-disable
tls-server
tls-version-min 1.2
tls-cipher $CC_ENC" >> /etc/openvpn/server3.conf

if [[  $COMPRESSION == "lzo"  ]]; then
echo "compress $COMPRESSION" >> /etc/openvpn/server3.conf
fi

echo "status openvpn3.log
verb 3" >> /etc/openvpn/server3.conf

# Enable net.ipv4.ip_forward for the system
sed -i '/\<net.ipv4.ip_forward\>/c\net.ipv4.ip_forward=1' $SYSCTL
if ! grep -q "\<net.ipv4.ip_forward\>" $SYSCTL; then
echo 'net.ipv4.ip_forward=1' >> $SYSCTL
fi
# Avoid an unneeded reboot
echo 1 > /proc/sys/net/ipv4/ip_forward
# Set NAT for the VPN subnet
iptables -I INPUT -p udp --dport $PORT -j ACCEPT
iptables -t nat -A POSTROUTING -o $NIC -s 10.8.0.0/24 -j MASQUERADE
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# Save persitent iptables rules
iptables-save > $IPTABLES

if iptables -L -n | grep -qE 'REJECT|DROP'; then
# If iptables has at least one REJECT rule, we asume this is needed.
if [[ "$PROTOCOL" = '1' ]]; then
iptables -I INPUT -p udp --dport $PORT -j ACCEPT
fi
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
if [[ "$PROTOCOL" = '1' ]]; then
sed -i "1 a\iptables -I INPUT -p udp --dport $PORT -j ACCEPT" $RCLOCAL
fi
sed -i "1 a\iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT" $RCLOCAL
sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL
fi
# If SELinux is enabled and a custom port was selected, we need this
if hash sestatus 2>/dev/null; then
if sestatus | grep "Current mode" | grep -qs "enforcing"; then
if [[ "$PORT" != '1194' ]]; then
# semanage isn't available in CentOS 6 by default
if ! hash semanage 2>/dev/null; then
yum install policycoreutils-python -y
fi
if [[ "$PROTOCOL" = '1' ]]; then
semanage port -a -t openvpn_port_t -p udp $PORT
fi
fi
fi
fi
# And finally, restart OpenVPN
if [[ "$OS" = 'centos' ]];  then
    #Workaround to avoid rewriting the entire script for Arch
sed -i 's|/etc/openvpn/server|/etc/openvpn|' /usr/lib/systemd/system/openvpn-server@.service
sed -i 's|%i.conf|server3.conf|' /usr/lib/systemd/system/openvpn-server@.service
systemctl daemon-reload
systemctl restart openvpn-server@openvpn.service
systemctl enable openvpn-server@openvpn.service
else
systemctl restart openvpn@server.service
systemctl enable openvpn@server.service
fi
# Try to detect a NATed connection and ask about it to potential LowEndSpirit/Scaleway users
EXTERNALIP=$(wget -qO- ipv4.icanhazip.com)
#echo $EXTERNALIP

# client-template.txt is created so we have a template to add further users later
echo "client" > /etc/openvpn/client-template.txt
if [[ "$PROTOCOL" = '1' ]]; then
echo "proto udp" >> /etc/openvpn/client-template.txt
fi
echo "remote $IP $PORT
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth $HMAC_AUTH
auth-nocache
$CIPHER
tls-client
tls-version-min 1.2
tls-cipher $CC_ENC" >> /etc/openvpn/client-template.txt

if [[ $COMPRESSION == "lzo"  ]]; then
echo "compress $COMPRESSION" >> /etc/openvpn/client-template.txt
fi

echo "setenv opt block-outside-dns
verb 3" >> /etc/openvpn/client-template.txt

echo ""
echo "Finished!"
echo ""
fi
exit 0;

To create users use:

createuser.sh

#!/bin/bash
#
# Generates the custom client.ovpn
homeDir="/root"
#echo $2 > /root/parola
cd /etc/openvpn/easy-rsa/
./easyrsa build-client-full $1 nopass
#</root/parola
cp /etc/openvpn/client-template.txt $homeDir/$1.v3.ovpn
echo "<ca>" >> $homeDir/$1.v3.ovpn
cat /etc/openvpn/easy-rsa/pki/ca.crt >> $homeDir/$1.v3.ovpn
echo "</ca>" >> $homeDir/$1.v3.ovpn
echo "<cert>" >> $homeDir/$1.v3.ovpn
cat /etc/openvpn/easy-rsa/pki/issued/$1.crt >> $homeDir/$1.v3.ovpn
echo "</cert>" >> $homeDir/$1.v3.ovpn
echo "<key>" >> $homeDir/$1.v3.ovpn
cat /etc/openvpn/easy-rsa/pki/private/$1.key >> $homeDir/$1.v3.ovpn
echo "</key>" >> $homeDir/$1.v3.ovpn
#We verify if we used tls-crypt or tls-auth during the installation
TLS_SIG=$(cat /etc/openvpn/TLS_SIG)
if [[ $TLS_SIG == "1" ]]; then
echo "key-direction 1" >> $homeDir/$1.v3.ovpn
echo "<tls-auth>" >> $homeDir/$1.v3.ovpn
cat /etc/openvpn/tls-auth.key >> $homeDir/$1.v3.ovpn
echo "</tls-auth>" >> $homeDir/$1.v3.ovpn
fi
echo ""
echo "Client $CLIENT added, certs available at $homeDir/$1.v3.ovpn"
exit

Put script in /root
And use it like EX: ./createuser.sh user

To revoke user do like this:
In console  give command

tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '

to find out numbers of certificates,

results will looks like

1
2
3

use

tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "2"p

to associate number 2 ( at the end of command bettwen "" - "2"p ) with the user which u want to revoke

U find out which one u need... and in console

cd /etc/openvpn/easy-rsa/
./easyrsa --batch revoke user
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
rm -rf pki/reqs/user.req
rm -rf pki/private/user.key
rm -rf pki/issued/user.crt
rm -rf /etc/openvpn/crl.pem
cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
chmod 644 /etc/openvpn/crl.pem

Thats it


joi, 1 septembrie 2016

How to connect Oracle Server to Mysql - dg4odbc

Connect - oracle to mysql

linux console:

. /home/oracle/.bash_profile

Verify version dg4odbc - 64bits or 32

file $ORACLE_HOME/bin/dg4odbc

from http://unixODBC.org download last version

cd ~/Downloads
wget ftp://ftp.unixodbc.org/pub/unixODBC/unixODBC-2.3.4.tar.gz
tar -zxvf unixODBC-2.3.4.tar.gz
cd unixODBC-2.3.4
export CFLAGS="-m64"
./configure --prefix=/usr/local/unixODBC
make
make install


cd ~/Downloads
wget http://dev.mysql.com/get/mysql57-community-release-el6-7.noarch.rpm
yum localinstall mysql57-community-release-el6-7.noarch.rpm

Verify if repository got installed
yum repolist enabled | grep "mysql.*-community.*"

yum install mysql-connector-odbc-setup.x86_64
At warning message Retrieving key - type Y

update index for search on your server linux

updatedb

search
locate libmyodbc5w.so

At results should apear /usr/lib64/libmyodbc5w.so ( Driver Mysql for odbc)

at profile file from user oracle

vi /home/oracle/.bash_profile

export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib:/usr/local/unixODBC/lib:/usr/lib64:/u01/app/oracle/product/12.1.0/db_1/hs/lib
export ODBCINI=/usr/local/unixODBC/etc/odbc.ini
export ODBCSYSINI=/usr/local/unixODBC/etc
export NLS_LANG=ROMANIAN_ROMANIA.AL32UTF8

vi /usr/local/unixODBC/etc/odbcinst.ini

append or add

[PostgreSQL]
Description=ODBC for PostgreSQL
Driver=/usr/lib/psqlodbc.so
Setup=/usr/lib/libodbcpsqlS.so
Driver64=/usr/lib64/psqlodbc.so
Setup64=/usr/lib64/libodbcpsqlS.so
FileUsage=1
UsageCount=3

[MySQL]
Description=ODBC for MySQL
Driver=/usr/lib/libmyodbc5.so
Setup=/usr/lib/libodbcmyS.so
Driver64=/usr/lib64/libmyodbc5.so
Setup64=/usr/lib64/libodbcmyS.so
FileUsage=1
UsageCount=3

[MySQL ODBC 5.3 Unicode Driver]
Driver=/usr/lib64/libmyodbc5w.so
SETUP=/usr/lib64/libmyodbc5S.so
UsageCount=1

[MySQL ODBC 5.3 ANSI Driver]
Driver=/usr/lib64/libmyodbc5a.so
SETUP=/usr/lib64/libmyodbc5S.so
UsageCount=1

vi /usr/local/unixODBC/etc/odbc.ini

append or add

[SQLSERVER1]
Driver          = /usr/lib64/libmyodbc5w.so
PORT            = 3306
SERVER          = 192.168.0.33
USER            = user
PASSWORD        = password
Database        = database_name
Option          = 3
QuotedId        = Yes
EnableQuotedIdentifiers         = 1


We need to edit

vi /u01/app/oracle/product/12.1.0/db_1/hs/admin/initSQLSERVER1.ora
add

HS_FDS_CONNECT_INFO = SQLSERVER1
HS_FDS_TRACE_LEVEL = OFF
HS_FDS_SHAREABLE_NAME = /usr/local/unixODBC/lib/libodbc.so
HS_FDS_SUPPORT_STATISTICS=FALSE
set ODBCINI=/usr/local/unixODBC/etc/odbc.ini
HS_LANGUAGE=AMERICAN_AMERICA.WE8ISO8859P15


vi /u01/app/oracle/product/12.1.0/db_1/network/admin/tnsnames.ora
add

SQLSERVER1 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST =localhost)(PORT = 1521))
    (CONNECT_DATA =
#      (SERVER = DEDICATED)
      (SERVICE_NAME = SQLSERVER1)
    )
    (HS=OK)
  )



vi /u01/app/oracle/product/12.1.0/db_1/network/admin/listener.ora
add

SID_LIST_LISTENER=
  (SID_LIST=
    (SID_DESC=
      (SID_NAME=SQLSERVER1)
      (ORACLE_HOME=/u01/app/oracle/product/12.1.0/db_1)
      (PROGRAM=dg4odbc)
      (ENVS=LD_LIBRARY_PATH=/u01/app/oracle/product/12.1.0/db_1/lib:/lib:/usr/lib:/usr/local/unixODBC/lib:/usr/lib64:/u01/app/oracle/product/12.1.0/db_1/hs/lib)
    )
  )


We can verify if we can connect to mysql from our server with unixodbc

cd /usr/local/unixODBC/bin
./isql -v SQLSERVER1

SQL console should apear -  we make our test with a select statement and if something apear, than we are good to go.

quit

To be able accessing from oracle instance:



su oracle
. /home/oracle/.bash_profile

lsnrctl stop
lsnrctl start
lsnrctl status

sqlplus / as sysdba

Create dblink for mysql
CREATE PUBLIC DATABASE LINK SQLSERVER1 CONNECT TO "user" IDENTIFIED BY "password" USING 'SQLSERVER1';

and we test with a select statment

select * from "users"@SQLSERVER1;

( If we want to drop ddblink, use: DROP PUBLIC DATABASE LINK SQLSERVER1; )

vineri, 25 martie 2016

Setup hostname and FQDN on CentOS 7

Step 1: Edit /etc/hosts file

vi /etc/hosts
192.168.56.101 mondor.freeddns.org mondor

Step 2: Edit /etc/hostname

vi /etc/hostname
mondor

Alternatively - hostnamectl --static set-hostname mondor

if FQDN is not taking effect
systemctl restart systemd-hostnamed

Step 3: Check

[root@host ~]# hostname
[root@host ~]# mondor
[root@host ~]# hostname -f
[root@host ~]# mondor.freeddns.org

duminică, 28 februarie 2016

Configure Socks 5 - Dante on Ubuntu

apt-get install gcc+ make build-essential curl autoconf automake libtool autotools-dev dpkg-dev fakeroot
apt-get install dpkg debconf debhelper lintian

wget http://www.inet.no/dante/files/dante-1.4.1.tar.gz
tar -xvf dante-1.4.1.tar.gz
cd dante-1.4.1
mkdir /home/dante
./configure --prefix=/home/dante

if u missing
PAM:               Disabled, security/pam_appl.h missing
apt-get install libpam0g-dev
and rerun the configure command

Libwrap:           Disabled, tcpd.h missing
apt-get install libwrap0 libwrap0-dev
and rerun the configure command

BSD Auth:          Disabled, usable bsd_auth.h not found
apt-get install python-dev
and rerun the configure command

make
make install
The binary will be in /home/dante/sbin/sockd (yes it appears to be called sockd now).

/home/dante/sbin/sockd -v
Dante v1.4.1. Copyright (c) 1997 - 2014 Inferno Nettverk A/S, Norway

vi /home/dante/danted.conf

logoutput: /var/log/socks.log

internal: eth0 port = 1080
external: eth0

method: username
user.privileged: root
user.notprivileged: nobody

client pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}


client block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}

pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}

block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}
#dante-server configuration

Save

Launch danted. -f specifies the configuration file and -D makes it run in the background:
/home/dante/sbin/sockd -f /home/dante/danted.conf -D

Check if it is running:
netstat -tulp

To stop dante:
pkill sockd

Create user who need to login and who will not have shell access.
useradd -s /sbin/nologin phil
passwd phil


Make scripts for starting and stoping dante.

vi /home/dante/start-dante.sh
#!/bin/bash
sleep 10
/home/dante/sbin/sockd -f /home/dante/danted.conf -D

Save
chmod +x /home/dante/start-dante.sh   ( to make executable )

vi /home/dante/stop-dante.sh
#!/bin/bash
/usr/bin/pkill sockd

Save
chmod +x /home/dante/stop-dante.sh   ( to make executable )

Setup to run at boot
crontab -e
@reboot /home/dante/start-dante.sh > /dev/null 2>&1   ( You may have to increase the sleep time, if it does not work. )

vineri, 26 februarie 2016

AWS - EC2 - Change PEM Key

Before starting, save on your instance the key-first-one.pem ( orginal pem file which you get it at configure of the instance first time )

1. From the AWS EC2 Console -> Key Pairs and generate a new key pair (eg: keynew.pem);
Download the generated pem key, and chmod it to 0666

2. Use the new pem key to generate a public key
 $ ssh-keygen -y

 When prompted, enter the path to keynew.pem ( /path/to/keynew.pem ) . This will generate on console not in file
 Touch keynew.pub and paste his content form generated process.

 Tip: Edit keynew.pub and append the key's name so you can identify it easier in the next steps.
 Just append a single space, then a tag/name for the key

3. Add the new public key to your instance

   $ cat /path/to/keynew.pub | ssh -i /path/to/key-firstone.pem user@ip-private-from-aws "cat >> .ssh/authorized_keys"

4. Test the new key by logging in and removing the old/original key

 $ ssh -i /path/to/keynew.pem user@ip-private-from-aws

 $ nano ~/.ssh/authorized_keys

 Find the line containing the "original name" key and remove it.