Sunday, May 29, 2011

Install l7-filter module for Iptables

Preparing:
To use menuconfig:

yum install -y ncurses-devel
Download required packages
Download L7-filter kernel

wget http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.19.tar.gz

Download L7-filter Protocol definitions

wget http://sourceforge.net/projects/l7-filter/files/Protocol definitions/2009-05-28/l7-protocols-2009-05-28.tar.gz
Download Linux Iptables 1.4.0
wget http://www.netfilter.org/projects/iptables/files/iptables-1.4.0.tar.bz2
Download Linux Kernel 2.6.26
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.tar.bz2
Extract it:
tar xvf linux-2.6.26.tar.bz2
tar xvf netfilter-layer7-v2.19.tar.gz
Apply patch to Linux kernel source
cd linux-2.6.26
patch -p1 < ../netfilter-layer7-v2.19/kernel-2.6.25-layer7-2.19.patch

Apply patch & install iptables 1.4.0

tar -xvf iptables-1.4.0.tar.bz2
cd iptables-1.4.0
patch -p1 < ../netfilter-layer7-v2.19/iptables-1.4-for-kernel-2.6.20forward-layer7-2.19.patch
chmod +x extensions/.layer7-test
=== modified file 'extensions/libxt_sctp.c'

 #include
 #include
 #include
+#include

 #include
make KERNEL_DIR=~/linux-2.6.26
make install KERNEL_DIR=~/linux-2.6.26

Installing protocol definitions

tar -xvf l7-protocols-2008-04-23.tar.gz
cd l7-protocols-2008-04-23
mkdir /etc/l7-protocols
cp protocols/* /etc/l7-protocols

Compiling & installing new linux kernel

cd linux-2.6.26
make menuconfig

* "Network packet filtering framework(Netfilter)" (Networking → Networking option)
* "Netfilter connection tracking support" (... → Network packet filtering framework(Netfilter) → Core Netfilter Configuration)
* "Connection tracking flow accounting" (on the same screen)
* Finally, "Layer 7 match support"

make all
make modules_install
make install

Check GRUB setting

vim /etc/grub.conf


default=0
timeout=3
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.26)
        root (hd0,0)
        kernel /vmlinuz-2.6.26 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.26.img
title CentOS (2.6.18-53.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-53.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.18-53.el5.img

Finally, restart the system:
init 6

Test l7-filter
iptables -m layer7 --help



Txt: http://www.mediafire.com/?qd3wqtxhqfe829a
------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more. 

Sunday, May 22, 2011

OpenCA tutorial

Install OpenCA tutorial

#yum install -y openssl-devel db4 db4-devel mysql-server mysql-devel perl-XML-Parser httpd
# rpm -Uvh openca-tools-1.3.0-1.el5.i386.rpm
# tar xvf openca-base-1.1.1.tar.gz
# cd openca-base-1.1.1
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.


mysql> create database openca;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON *.* TO 'openca'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)

# mysql -u openca -p

./configure --prefix=/opt/openca \
                 --with-ca-organization="HBN CA Labs" \
                 --with-httpd-fs-prefix=/var/www \
                 --with-httpd-main-dir=pki \
                 --with-db-name=openca \
                 --with-db-host=localhost \
                 --with-db-user=openca \
                 --with-db-passwd=123456 \
                 --with-db-type=mysql \
                 --with-service-mail-account="namhb@hbn.local"

make

make install-offline install-online

# service httpd restart


#cd /opt/openca/etc/openca
#vim access_control/node.xml.template
#vim access_control/ca.xml.template
#vim access_control/ra.xml.template
    
 
            mod_ssl
            .*
           
.*
            .*
            0
            .*
            0
 
 
#vim config.xml
       
      
          dataexchange_device_up
          /tmp/openca
       
       
          dataexchange_device_down
          /tmp/openca
       
       
          dataexchange_device_local
          /tmp/openca_local
  
       
#cd /usr/sbin/
#ln -s /opt/openca/etc/init.d/openca openca



1 /opt/openca/lib/openca/perl_modules/perl5/OpenCA/User.pm

ERROR: Bareword "ERR_USER_STATUS_UNKNOWN" not allowed while "strict subs" in use at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/User.pm line 373, line 275.

Added:

+ use constant ERR_USER_STATUS_UNKNOWN => [ 3100, "Could not determine user status" ];

2 /opt/openca/lib/openca/functions/initServer

 ERROR: Global symbol "$curr_user" requires explicit package name at /opt/openca/lib/openca/functions/initServer line 269, line 275.

 Added: variable declaration:

 - our (%AUTOCONF, $common_libs, $config, $users, $loginUser);

+ our (%AUTOCONF, $common_libs, $config, $curr_user, $users, $loginUser);


 ERROR:  syntax error at /opt/openca/lib/openca/functions/initServer line 753, near ");"

Canged:

-  i18nGettext ( "OpenCA::User init error!" );

+ i18nGettext ( "OpenCA::User init error!" )

or Download at: http://ftp.openca.org/openca-base/fixes/v1.1.1/err_user_unknown/
# cd /usr/sbin/
# ln -s /opt/openca/etc/init.d/openca openca
#openca start
Txt file: http://www.mediafire.com/?09pj4ubuyad8dpl
Videos:
Install OpenCA:




Initializate Root CA:



Initializate Sub CA:



Using to sign and encrypt email:



Using for SSL:



Or full: http://www.mediafire.com/?o9xe45ohr9t1id9
------------------------------------------------------------
Thanks for reading
--------------------------------------------------------------------------
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.  

Install Xposed Inspector and Frida on Genymotion

Today i had some work with android. So i need trace application. I found 2 nice tool can help me: Xposed Inspector and Frida. To setup ther...