Sunday, May 29, 2011

Install l7-filter module for Iptables

To use menuconfig:

yum install -y ncurses-devel
Download required packages
Download L7-filter kernel


Download L7-filter Protocol definitions

wget definitions/2009-05-28/l7-protocols-2009-05-28.tar.gz
Download Linux Iptables 1.4.0
Download Linux Kernel 2.6.26
Extract it:
tar xvf linux-2.6.26.tar.bz2
tar xvf netfilter-layer7-v2.19.tar.gz
Apply patch to Linux kernel source
cd linux-2.6.26
patch -p1 < ../netfilter-layer7-v2.19/kernel-2.6.25-layer7-2.19.patch

Apply patch & install iptables 1.4.0

tar -xvf iptables-1.4.0.tar.bz2
cd iptables-1.4.0
patch -p1 < ../netfilter-layer7-v2.19/iptables-1.4-for-kernel-2.6.20forward-layer7-2.19.patch
chmod +x extensions/.layer7-test
=== modified file 'extensions/libxt_sctp.c'


make KERNEL_DIR=~/linux-2.6.26
make install KERNEL_DIR=~/linux-2.6.26

Installing protocol definitions

tar -xvf l7-protocols-2008-04-23.tar.gz
cd l7-protocols-2008-04-23
mkdir /etc/l7-protocols
cp protocols/* /etc/l7-protocols

Compiling & installing new linux kernel

cd linux-2.6.26
make menuconfig

* "Network packet filtering framework(Netfilter)" (Networking → Networking option)
* "Netfilter connection tracking support" (... → Network packet filtering framework(Netfilter) → Core Netfilter Configuration)
* "Connection tracking flow accounting" (on the same screen)
* Finally, "Layer 7 match support"

make all
make modules_install
make install

Check GRUB setting

vim /etc/grub.conf

title CentOS (2.6.26)
        root (hd0,0)
        kernel /vmlinuz-2.6.26 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.26.img
title CentOS (2.6.18-53.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.18-53.el5.img

Finally, restart the system:
init 6

Test l7-filter
iptables -m layer7 --help

Thanks for reading
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more. 

Sunday, May 22, 2011

OpenCA tutorial

Install OpenCA tutorial

#yum install -y openssl-devel db4 db4-devel mysql-server mysql-devel perl-XML-Parser httpd
# rpm -Uvh openca-tools-1.3.0-1.el5.i386.rpm
# tar xvf openca-base-1.1.1.tar.gz
# cd openca-base-1.1.1
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database openca;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON *.* TO 'openca'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)

# mysql -u openca -p

./configure --prefix=/opt/openca \
                 --with-ca-organization="HBN CA Labs" \
                 --with-httpd-fs-prefix=/var/www \
                 --with-httpd-main-dir=pki \
                 --with-db-name=openca \
                 --with-db-host=localhost \
                 --with-db-user=openca \
                 --with-db-passwd=123456 \
                 --with-db-type=mysql \


make install-offline install-online

# service httpd restart

#cd /opt/openca/etc/openca
#vim access_control/node.xml.template
#vim access_control/ca.xml.template
#vim access_control/ra.xml.template
#vim config.xml
#cd /usr/sbin/
#ln -s /opt/openca/etc/init.d/openca openca

1 /opt/openca/lib/openca/perl_modules/perl5/OpenCA/

ERROR: Bareword "ERR_USER_STATUS_UNKNOWN" not allowed while "strict subs" in use at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/ line 373, line 275.


+ use constant ERR_USER_STATUS_UNKNOWN => [ 3100, "Could not determine user status" ];

2 /opt/openca/lib/openca/functions/initServer

 ERROR: Global symbol "$curr_user" requires explicit package name at /opt/openca/lib/openca/functions/initServer line 269, line 275.

 Added: variable declaration:

 - our (%AUTOCONF, $common_libs, $config, $users, $loginUser);

+ our (%AUTOCONF, $common_libs, $config, $curr_user, $users, $loginUser);

 ERROR:  syntax error at /opt/openca/lib/openca/functions/initServer line 753, near ");"


-  i18nGettext ( "OpenCA::User init error!" );

+ i18nGettext ( "OpenCA::User init error!" )

or Download at:
# cd /usr/sbin/
# ln -s /opt/openca/etc/init.d/openca openca
#openca start
Txt file:
Install OpenCA:

Initializate Root CA:

Initializate Sub CA:

Using to sign and encrypt email:

Using for SSL:

Or full:
Thanks for reading
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.  

Install Xposed Inspector and Frida on Genymotion

Today i had some work with android. So i need trace application. I found 2 nice tool can help me: Xposed Inspector and Frida. To setup ther...