Le blog de Jean David TECHER, un Réunionnais à Saint-Priest/Lyon

Aller au contenu | Aller au menu | Aller à la recherche


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 >

mardi 15 septembre 2015

Liens en français pour iptables et compagnie

Parfois celà ne fait pas de mal de revoir ses classiques
  1. http://olivieraj.free.fr/fr/linux/information/firewall/firewall.html
  2. http://linbox.free.fr/passerelle_simple/chapitres.php?chapitre=13

dimanche 13 septembre 2015

Haproxy 1.5.14 - Static build

  1. Commands I used to build haproxy are shown below (I added instructions for zlib. All commands are taken from https://gist.github.com/codingtony/24fab751202dff4d547c. I am not the original author of all those commands. Kudo to this author to share his knowledge)
    DIR=$PWD
    
    #Compile static version of libressl
    export STATICLIBSSL=/tmp/staticlibssl
    wget http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.3.tar.gz
    tar xvzf libressl-2.2.3.tar.gz 
    cd libressl-2.2.3
    ./configure --prefix=$STATICLIBSSL --enable-shared=no
    make
    make install && cd $DIR
    
    export STATICLIBPCRE=/tmp/staticlibpcre
    wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.37.tar.bz2
    tar xvjf pcre-8.37.tar.bz2 
    cd pcre-8.37
    ./configure --prefix=$STATICLIBPCRE --enable-shared=no --enable-utf8 --enable-jit
    make
    make install
    cd $DIR
    
    
    export ZLIB=/tmp/staticzlib
    wget http://zlib.net/zlib-1.2.8.tar.gz
    tar xvzf zlib-1.2.8.tar.gz
    cd zlib-1.2.8
    ./configure --prefix=$ZLIB --static
    make
    make install
    cd $DIR
    
    wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.14.tar.gz
    tar xvzf haproxy-1.5.14.tar.gz
    cd haproxy-1.5.14
    
    make TARGET=linux26 CPU=native ARCH=i686 USE_PCRE_JIT=1 USE_STATIC_PCRE=1 USE_OPENSSL=1 \
    PCRE_LIB=$STATICLIBPCRE/lib PCRE_INC=$STATICLIBPCRE/include \
    SSL_INC=$STATICLIBSSL/include SSL_LIB=$STATICLIBSSL/lib ADDLIB="-ldl -lrt" \
    USE_ZLIB=1 ZLIB_INC=$ZLIB/include/ ZLIB_LIB=$ZLIB/lib USE_LIBCRYPT=1
    
    strip haproxy
    
  2. To check everything is fine
    root@olivia:~/tmp_haproxy_build# ./haproxy-1.5.14/haproxy -vv
    HA-Proxy version 1.5.14 2015/07/02
    Copyright 2000-2015 Willy Tarreau 
    
    Build options :
      TARGET  = linux26
      CPU     = native
      CC      = gcc
      CFLAGS  = -m32 -march=i686 -O2 -march=native -g -fno-strict-aliasing
      OPTIONS = USE_LIBCRYPT=1 USE_ZLIB=1 USE_OPENSSL=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1
    
    Default settings :
      maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
    
    Encrypted password support via crypt(3): yes
    Built with zlib version : 1.2.8
    Compression algorithms supported : identity, deflate, gzip
    Built with OpenSSL version : LibreSSL 2.2.3
    Running on OpenSSL version : LibreSSL 2.2.3
    OpenSSL library supports TLS extensions : yes
    OpenSSL library supports SNI : yes
    OpenSSL library supports prefer-server-ciphers : yes
    Built with PCRE version : 8.37 2015-04-28
    PCRE library supports JIT : yes
    
    Available polling systems :
          epoll : pref=300,  test result OK
           poll : pref=200,  test result OK
         select : pref=150,  test result OK
    Total: 3 (3 usable), will use epoll.
    

samedi 18 juin 2011

[SSH] Sé débarasser de .ssh/known_hosts pour " WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"

1. LE PROBLEME

Tous les admins connaissent cet infâme situation lors d'une connexion en SSH (vraiment casse-couille)
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
c0:69:25:fb:24:a6:6f:3f:01:77:69:27:a3:5f:83:e1
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:26
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks
Permission denied (publickey,password).

2. LA SOLUTION

Ajouter ces deux lignes dans le fichier /etc/ssh/ssh_config
Host *
.....
.....
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null
:)

SOURCE: http://linuxcommando.blogspot.com/2008/10/how-to-disable-ssh-host-key-checking.html

lundi 9 mai 2011

[Samba+OpenLDAP] Migration de Samba 3.0.28a à Samba 3.5.8

C'est le genre de migration qu'on fait de manièe brutale et sans prendre de gant :) Pour les paquets, j'ai ajouté les paquets qui me manquaient
apt-get install  libldap2-dev libkrb5-dev uuid-dev libpam0g-dev zlib1g-dev libkrb5-dev libkrb53 libpam-krb5 libcomerr2 libkrb5-22-heimdal \
libpam-krb5-migrate-heimdal heimdal-dev heimdal-kcm libkadm5clnt7-heimdal libkeyutils-dev keyutils
On télécharge
cd samba-3.5.8/source3/

sed -i "s:COMPAT_H:AP_COMPAT_H:g" include/config.h.in

./configure --cache-file=./config.cache --with-fhs --enable-shared --enable-static --disable-pie --prefix=/usr \
--sysconfdir=/etc --libdir=/etc/samba --with-privatedir=/etc/samba --with-piddir=/var/run/samba --localstatedir=/var \
--with-rootsbindir=/sbin --with-pammodulesdir=/lib/security --with-pam --with-syslog --with-utmp --with-readline --with-pam_smbpass \
--with-libsmbclient --with-winbind --with-shared-modules=idmap_rid,idmap_ad --with-automount --with-ldap --with-ads --with-dnsupdate\
 --with-cifsmount --with-acl-support --with-quotas

make

echo "/etc/samba/" >> /etc/ld.so.conf.d/samba.conf

ldconfig
Voilà pour le moment. Je complèterais ce billet plus tard.