Just remove the content of /var/lib/apt/lists directory:
sudo rm /var/lib/apt/lists/*then run:
sudo apt-get update
Linux & Unix (Ubuntu,Debian,RedHat,Centos)
Principles of Network and System Administration,
What is network and systemadministration?,
Applying technology in an environment,
The human role in systems,
Ethical issues,
Is systemadministration a discipline?,
the challenges of systemadministration,
Common practice and good practice,
Bugs and emergent phenomena ,
Themeta principles of systemadministration ,
Knowledge is a jigsaw puzzle,
To the student ,
Some road-maps
Xen Installation Step 1
.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
wget http://au1.mirror.crc.id.au/repo/el6/x86_64/xen-4.2.5-9.el6.x86_64.rpm wget http://au1.mirror.crc.id.au/repo/el6/x86_64/xen-doc-4.2.5-9.el6.x86_64.rpm wget http://au1.mirror.crc.id.au/repo/el6/x86_64/xen-debuginfo-4.2.5-9.el6.x86_64.rpm wget http://au1.mirror.crc.id.au/repo/el6/x86_64/xen-devel-4.2.5-9.el6.x86_64.rpm wget http://au1.mirror.crc.id.au/repo/el6/x86_64/xen-hypervisor-4.2.5-9.el6.x86_64.rpm wget http://au1.mirror.crc.id.au/repo/el6/x86_64/xen-libs-4.2.5-9.el6.x86_64.rpm wget http://au1.mirror.crc.id.au/repo/el6/x86_64/xen-licenses-4.2.5-9.el6.x86_64.rpm wget http://au1.mirror.crc.id.au/repo/el6/x86_64/xen-ocaml-4.2.5-9.el6.x86_64.rpm wget http://au1.mirror.crc.id.au/repo/el6/x86_64/xen-ocaml-devel-4.2.5-9.el6.x86_64.rpm wget http://au1.mirror.crc.id.au/repo/el6/x86_64/xen-runtime-4.2.5-9.el6.x86_64.rpm wget http://au1.mirror.crc.id.au/repo/el6/x86_64/kernel-xen-3.14.33-1.el6xen.x86_64.rpm wget http://au1.mirror.crc.id.au/repo/el6/x86_64/kernel-xen-firmware-3.14.33-1.el6xen.x86_64.rpm |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
rpm -ivh --nodeps xen-4.2.5-9.el6.x86_64.rpm xen-doc-4.2.5-9.el6.x86_64.rpm xen-hypervisor-4.2.5-9.el6.x86_64.rpm xen-libs-4.2.5-9.el6.x86_64.rpm xen-licenses-4.2.5-9.el6.x86_64.rpm xen-runtime-4.2.5-9.el6.x86_64.rpm rpm -ivh --nodeps xen-debuginfo-4.2.5-9.el6.x86_64.rpm xen-devel-4.2.5-9.el6.x86_64.rpm xen-ocaml-4.2.5-9.el6.x86_64.rpm xen-ocaml-devel-4.2.5-9.el6.x86_64.rpm rpm -ivh --nodeps --force kernel-xen-3.14.33-1.el6xen.x86_64.rpm kernel-xen-firmware-3.14.33-1.el6xen.x86_64.rpm depmod: WARNING: could not open /lib/modules/3.14.33-1.el6xen.x86_64/modules.order: No such file or directory depmod: WARNING: could not open /lib/modules/3.14.33-1.el6xen.x86_64/modules.builtin: No such file or directory depmod: WARNING: could not open /var/tmp/initramfs.XexgLv/lib/modules/3.14.33-1.el6xen.x86_64/modules.order: No such file or directory depmod: WARNING: could not open /var/tmp/initramfs.XexgLv/lib/modules/3.14.33-1.el6xen.x86_64/modules.builtin: No such file or directory mv /usr/lib64/python2.6/site-packages/xen /usr/lib64/python2.7/site-packages mv /usr/lib64/python2.6/site-packages/xen-3.0-py2.6.egg-info /usr/lib64/python2.7/site-packages cd /usr/lib64 ln -s libpython2.7.so.1.0 libpython2.6.so.1.0 ln -s liblzma.so.5.0.99 liblzma.so.0 ln -s libgnutls.so.28.20.4 libgnutls.so.26 edit /etc/default/grub : GRUB_DEFAULT="CentOS Linux, with Xen hypervisor" grub2-mkconfig --output=/boot/grub2/grub.cfg chkconfig --level 2345 xend on systemctl stop NetworkManager systemctl disable NetworkManager Create a network initialization script (replacing eth0,a.b.c.d and e.f.g.h with your adapater,IP address and gateway address): ################################################# /etc/xen/scripts/xenbr0.sh #!/bin/bash brctl addbr xenbr0 ip addr flush eno1 ip addr add xx.210.xx.109/24 broadcast xx.xx.254.255 dev xenbr0 ifconfig xenbr0 up ip route add default via xx.xx.254.1 brctl addif xenbr0 eno1 ######################################################## yum install libvirt python-virtinst libvirt-daemon-xen ######################################################### vnc network giving error for the XEN network. 1. new virtual network created . 2. network interface came here than added (+) Bridge . em0 XENbridge clicked. |
Crontab Kill kernel thread and virus
|
1 2 3 4 5 6 7 8 9 10 |
#now*/5 * * * * killall -9 kthread #now*/1 * * * * killall -9 kthreadd #now*/12 * * * * killall -9 named #now*/1 * * * * find /tmp/ -name 'pnscan' -exec rm {} \; #now*/3 * * * * killall -9 proftpd #now*/5 * * * * ufw delete deny 7778 && ufw deny 7778 #now* * * * * rm /lib/httpd /lib/httpd.pid /lib/httpds #*/13 * * * * killall -9 chronyd # http://fedoraproject.org/wiki/How_to_edit_iptables_rules # How to delete - rules at iptables |
Virtual network security configuration
Only local access VM network creating
ALL OF the interfaces, `ROUTED` not `NAT`
no internet only routed net.
NAT is unsecure network, because server can reachable from internet.
So the best one is the NOT _ NAT
Virtual machine disc conversion command line example
|
1 2 |
# Disk Conversion root@s:/backups/# qemu-img convert -O raw vm-102-disk-1.qcow2 test.img |
openvpn and generating keys, and without removing old keys
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
OK, for anyone finding this in the future, you need to create your certificates and sign them appropriately. Here are the commands for linux: //Generate a private key openssl genrsa -des3 -out server.key 1024 //Generate Certificate signing request openssl req -new -key server.key -out server.csr //Sign certificate with private key openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt //Remove password requirement (needed for example) cp server.key server.key.secure openssl rsa -in server.key.secure -out server.key //Generate dhparam file openssl dhparam -out dh512.pem 512 Once you've done that, you need to change the filenames in server.cpp and client.cpp. server.cpp context_.use_certificate_chain_file("server.crt"); context_.use_private_key_file("server.key", boost::asio::ssl::context::pem); context_.use_tmp_dh_file("dh512.pem"); client.cpp ctx.load_verify_file("server.crt"); Then it should all work! ---------------------------------------------------------- Secure Socket Layer (SSL) or Transport Security Layer (TSL) Java Introduction: See JavaTM Secure Socket Extension (JSSE) Simple Examples: SimpleServer: SimpleServer.java SimpleClient: SimpleClient.java Running the Examples: Server: java SimpleServer <port> oducsc Client: java -Djavax.net.ssl.trustStore=wahabPublicStore SimpleClient <host> <port> Key Stores: The Server requires a file called: wahabPrivateStore while the Client requires a file called: wahabPublicStore (the password used in the following is: oducsc). Generating wahabPrivateStore: % keytool -genkey -alias wahabkey -keystore wahabPrivateStore ....answer the questions...... Generating wahabPublicStore: % keytool -export -alias wahabkey -keystore wahabPrivateStore -file wahab.cert % keytool -import -alias wahabkey -keystore wahabPublicStore -file wahab.cert C Generating the certificates needed by the examples To create the root CA: % openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem (cp random.pem ~/.rnd) % openssl x509 -req -in rootreq.pem -sha1 -extfile myopenssl.cnf \ -extensions v3_ca -signkey rootkey.pem -out rootcert.pem (cp /usr/local/ssl/openssl.cnf myopenssl.cnf) % cat rootcert.pem rootkey.pem > root.pem % openssl x509 -subject -issuer -noout -in root.pem To create the server CA and sign it with the root CA: % openssl req -newkey rsa:1024 -sha1 -keyout serverCAkey.pem -out serverCAreq.pem % openssl x509 -req -in serverCAreq.pem -sha1 -extfile myopenssl.cnf \ -extensions v3_ca -CA root.pem -CAkey root.pem -CAcreateserial \ -out serverCAcert.pem % cat serverCAcert.pem serverCAkey.pem rootcert.pem > serverCA.pem % openssl x509 -subject -issuer -noout -in serverCA.pem To create the server's certificate and sign it with the server CA: % openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem % openssl x509 -req -in serverreq.pem -sha1 -extfile myopenssl.cnf \ -extensions usr_cert -CA serverCA.pem -CAkey serverCA.pem -CAcreateserial \ -out servercert.pem % cat servercert.pem serverkey.pem serverCAcert.pem rootcert.pem > server.pem % openssl x509 -subject -issuer -noout -in server.pem To create the client certificate and sign it with the root CA: % openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem % openssl x509 -req -in clientreq.pem -sha1 -extfile myopenssl.cnf \ -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial \ -out clientcert.pem % cat clientcert.pem clientkey.pem rootcert.pem > client.pem % openssl x509 -subject -issuer -noout -in client.pem To create the dh512.pem dh1024.pem: % openssl dhparam -check -text -5 512 -out dh512.pem % openssl dhparam -check -text -5 1024 -outdh1024.pem ---------------- As Ency says, provided you've created your own CA, you simply create another key for the new user. Before any more gets typed, when you set up openVPN you did create your own CA, as recommended, didn't you? Edit: OK, then cd easy-rsa . ./vars ./build-key newclient I also have some notes somewhere about making a CRL, which allows you to revoke old certificates, and pointing openVPN at the crl, but I can't immediately find them. |
Make dir if not exist in bash
if [ ! -d directory ]; then
mkdir directory
fi
if you dont have sub directories you need to use "-p" option
mkdir -p /dxx/xx/xx/xx/e/3/3/5/DIRECTORY
if [[ ! -e $dir ]]; then
mkdir $dir
elif [[ ! -d $dir ]]; then
echo "$dir already exists but is not a directory"
fi