Configure Layer 3 EtherChannel between Cisco Router and Switch

Router:

interface Port-channel1

ip address 10.4.4.2 255.255.255.252

!

interface GigabitEthernet0/0/0

no ip address

channel-group 1

no shutdown

!

interface GigabitEthernet0/0/1

no ip address

channel-group 1

no shutdown

Switch:

interface Port-channel1

no switchport

ip address 10.4.4.1 255.255.255.252

!

interface GigabitEthernet1/0/3

no switchport

no ip address

channel-group 1 mode on

no shutdown

!

interface GigabitEthernet2/0/3

no switchport

no ip address

channel-group 1 mode on

no shutdown

(Note: Reference of this post is http://firewalltipss.blogspot.in/2011/07/configure-layer-3-port-channel.html )

Linux Cheat Sheet

COMMAND INPUT

The colors designate the actual Linux command in blue, while the user input (file, numeric value, etc) is red. 

Basic Operation

#hostame - Displays the hostname and/or FQDN of the system 

#uname -a - Displays the hostname and detailed kernel version 

#cat /etc/redhat-release - Displays the version of Linux installed Example: 

#cat /proc/cpuinfo - Displays information about the CPU(s) 

#df -h - Displays the partitions, their sizes details, and mount points 

#free - Displays detail about the system memory and usage 

#lsof - Displays all open files 

#lsof -nPi:22 - Displays any open files which use port 22 

#locate httpd.conf - Displays the full path to any file named httpd.conf 

#updatedb - Rebuilds index of files for search using the locate utility 

Copy, Move, Delete

#cp file1.txt file2.txt - Copies file1.txt to file2.txt 

#mv old.txt new.txt - Renames a file called old.txt to new.txt 

#rm file1.txt - Deletes file1.txt 

#mkdir httpds - Creates a new directory called httpds 

#cp -R httpd httpds - Recursively copies all files from directory httpd to httpds 

#cp -PR httpd httpds - Recursively copies all files from directory httpd to httpds and retains all permission settings 

#rm -rf httpd - Recursively deletes folder httpd and all contents 

#chkconfig --list - Displays all services and their state (start or stop) at each runlevel 

#chkconfig --level 35 httpd on - Sets httpd to start on runlevels 35 when machine is booted 

#service httpd start - Immediately starts Apache 

File Attributes

#chown apache virtualhosts.txt - Changes ownership of the virtualhosts.txt file to user apache 

#chgrp apache virtualhosts.txt - Changes membership of the virtualhosts.txt file to group apache 

#chmod a+x sniffer.pl - Allows the sniffer.pl file to be executed 

CHMOD

7 rwx read, write, execute 
6 rw- read, write 
5 r-x read, execute 
4 r-- read 
3 -wx write, execute 
2 -w- write 
1 --x execute 
0 --- no permissions 

#chmod 777 passwords.txt - Allows read, write, and execute on the file passwords.txt to anyone 

#chmod 000 passwords.txt - Blocks read, write, and execute on the file passwords.txt to anyone 

Yum

#yum update -y - Updates all packages without prompting 

#yum install iptraf - Installs a package named iptraf 

#yum whatprovides */iostat - Searches all repositories and returns RPMs that provide the program iostat 

#yum update samba - updates a package named samba 

RPM

#rpm -q http - Displays the version of daemon http (apache) 

#rpm -qa | grep bind - Displays all packages installed with the word bind. Example: 


#rpm -qa | grep bind 
bind-chroot-9.3.6-16.P1.el5 
system-config-bind-4.0.3-4.el5.centos 
bind-utils-9.3.6-16.P1.el5 
bind-9.3.6-16.P1.el5 
bind-libs-9.3.6-16.P1.el5 
ypbind-1.19-12.el5 

#rpm -ivh proftpd - Interactively installs proftpd 

#rpm -Uvh proftpd - Interactive upgrades named proftpd 

#rpm -e proftpd - Removes package proftpd 

#rpm --rebuilddb - Rebuilds a corrupt RPM database 

Compressed files

#unzip package.zip - Unzips the file package.zip 

#tar -zvxf stunnel.tar.gz - Decompressed a gzip file named stunnel.tar.gz 

Networking

#ifup eth0 - Enables network interface eth0 

#ifdown eth0 - Disables network interface eth0 

#vi /etc/sysconfig/network-scripts/ifcfg-eth0 - Uses vi to edit network settings on eth0 

IP tables

#service iptables status - Displays status of iptables (running or not) 

#iptables -L - Displays ruleset of iptables 

#iptables -I INPUT -p tcp -m tcp -s 192.168.15.254/26 --dport 22 -j ACCEPT - Accepts incoming SSH connections from IP range 192.168.15.254/26 
#iptables -I INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 22 -j DROP - Blocks SSH connections from everywhere else 

#iptables -I INPUT -s "192.168.10.121" -j DROP - Drops all traffic from IP 192.168.10.121 

#iptables -D INPUT -s "192.168.10.121" -j DROP - Removes previously allied drop all from IP 192.168.10.121 

#iptables -I INPUT -s "192.168.10.0/24" -j DROP - Drops all traffic from IP range 192.168.10.0/24 

#iptables -A INPUT -p tcp --dport 25 -j DROP - Blocks all traffic to TCP port 25 

#iptables -A INPUT -p tcp --dport 25 -j ACCEPT - Allows all traffic to TCP port 25 

#iptables -A INPUT -p udp --dport 53 -j DROP - Blocks all traffic to UDP port 53 

#/etc/init.d/iptables save - Saves all IPtables rules and re-applies them after a reboot

Processes

#ps ax - Displays all running processes 

#ps aux - Displays all running processes including CPU and memory usage of each 

#ps ax | wc -l - Displays the total number of processes 

#top - Interactive process manager which allows sorting by criteria

Logs

#tail -f /var/log/messages - Displays the most current entries to the messages log in real-time 

#tail -50 /var/log/messages - Displays the last 50 lines of the messages log 

#head -50 /var/log/messages - Displays the first 50 lines of the messages log 

#cat /var/log/messages - Displays the entire messages log 

#cat /var/log/messages | grep "FTP session opened" - Displays any entries in the messages log that contain the ext FTP session opened 

#cat /var/log/messages | grep "FTP session opened" > log2.txt - Writes any entries in the messages log that contain the ext FTP session opened to a file named log2.txt 

Paths to Common Files

Bind (named)

/var/named - Bind zone files (non chrooted) 
/etc/named.conf - Bind configuration file (non chrooted) 
/var/named/chroot/var/named - Bind zone files (chrooted) 
/var/named/chroot/etc/named.conf - Bind configuration file (chrooted) 

Apache (httpd)

/etc/httpd/conf/httpd.conf - Main apache configuration file 
/var/www/html - Default directory for serving pages 
/var/log/httpd/ - Default location for logs (access and error) 

Networking

/etc/hosts - System hosts file 
/etc/resolv.conf - DNS lookup configuration file 
/etc/sysconfig/network - Network/hostname configuration file 
/etc/selinux - SELinux configuration file 
/etc/sysconfig/network-scripts/ - Default location of a network setting file 
/etc/sysconfig/iptables - Default iptables policy configuration file 
/etc/sysconfig/iptables-config - Default iptables daemon configuration file


(Note: Reference of the above post is http://firewalltipss.blogspot.in/search/label/Cheat%20Sheets )

Subnet Masks Cheat Sheet

The tables below are commonly used subnet masks and hosts.

Class C
Mask	Notation	Subnets	Hosts
255.255.255.0	/24	1	256
255.255.255.128	/25	2	128
255.255.255.192	/26	4	64
255.255.255.224	/27	8	32
255.255.255.240	/28	16	16
255.255.255.248	/29	32	8
255.255.255.252	/30	64	4
255.255.255.254	/31	128	2
255.255.255.255	/32	256	1
Class B
Mask	Notation	Subnets	Hosts
255.255.0.0	/16	1	65,536
255.255.128.0	/17	2	32,768
255.255.192.0	/18	4	16,384
255.255.224.0	/19	8	8,192
255.255.240.0	/20	16	4,096
255.255.248.0	/21	32	2,048
255.255.252.0	/22	64	1,024
255.255.254.0	/23	128	512
255.255.255.0	/24	256	256
Class A
Mask	Notation	Subnets	Hosts
255.0.0.0	/8	1	16,777,216
255.128.0.0	/9	2	8,388,608
255.192.0.0	/10	4	4,194,304
255.224.0.0	/11	8	2,097,152
255.240.0.0	/12	16	1,048,576
255.248.0.0	/13	32	524,288
255.252.0.0	/14	64	262,144
255.254.0.0	/15	128	131,072
255.255.0.0	/16	256	65,536

(Note: Reference of the above post is http://firewalltipss.blogspot.in/search/label/Cheat%20Sheets )

How to Find UTM-1 Check Point Appliance Model from CLI

Run the following command:

[Expert@yourfirewall]# /usr/sbin/dmidecode | grep "Product Name"
Product Name: P-10-00

Here is a list of the dmidecode information that I’ve found for various UTM/Power-1 appliances, and the hardware that you can expect to require if you run an open server.

Check Point 2012 Appliance series

DMIDecode	Model	SPU	FW	VPN	IPS	CPU	MHz	RAM
?	21400	2003	50	7	21	2x Intel Xeon E5645 (6 cores)	2.40GHz	6
P-230-00	12600	1861	30	7	17	2x Intel Xeon E5645 (6 cores)	2.40GHz	?
P-220-00	12400	?	?	?	?	?	?	?
P-210-00	12200	738	15	2.5	8	Intel Core i5 750 (4 cores)	2.67GHz	4

Check Point Power-1 Appliance series

DMIDecode	Model	SPU	FW	VPN	IPS	CPU	MHz	RAM
?	11075	up to 1222	20	4	12	2x Intel Xeon E5530 (QC)	2.40Ghz	6
?	9075	1006	16	3.7	10	2x Intel Xeon E5410 (QC)	2.33Ghz	4
P-20-00	9070	?	?	?	?	?	?	?
P-1?-??	5075	596	9	2.4	7.5	Intel Xeon E5410 (QC)	2.33Ghz	2
P-10-00	5070	?	?	?	?	?	?	?

Check Point ??? series

DMIDecode	Model	SPU	FW	VPN	IPS	CPU	MHz	RAM
T-180-00	4800	623	11	2	6	Intel Core2 Quad CPU Q9400	2.66GHz	4
?	4600	374	9	1.5	4	Pentium Dual-Core E6500	2.93GHz	4
?	4400	223	5	1.2	3.5	Intel Celeron Dual-Core E3400	2.6 GHz	4
?	4200	114	3	0.4	2	Intel Atom D525 Dual-Core	1.80GHz	4
?	2200	114	3	0.4	2	Intel Atom D525 Dual-Core	1.80GHz	2
C6P_UTM	2050	?	?	?	?	?	?	?
C6_UTM	1050	?	?	?	?	?	?	?
C2_UTM	450	?	?	?	?	?	?	?

Check Point UTM-1 Appliance series

DMIDecode	Model	SPU	FW	VPN	IPS	CPU	MHz	RAM
U-40-00	3070	298	4.5	1.1	4	Intel Core2 Duo E6400	2.13GHz	3
U-30-00	2070	101	3.5	0.45	2.7	Intel Celeron 440	2GHz	2
U-20-00	1070	101	3	0.35	2.2	Intel Celeron M	1.5 GHz	1
U-15-00	570	101	2.5	0.3	1.7	Intel Celeron M	1.5 GHz	1
U-10-00	270	50	1.5	0.12	1	Intel Celeron M	600 MHz	1
?	130	50	1.5	0.12	1	Intel Celeron M	600 MHz	1

Check Point Smart-1 Appliance series

DMIDecode	Model	CPU	RAM	HDD
?	Smart-1 5	Intel Celeron M 1.50GHz	2	500 GB
?	Smart-1 25b	Intel Core2 Duo Processor E7400 2.80 GHz	4	2 TB
?	Smart-1 50	Intel Xeon E5410 2.33GHz (DualCore)	4	2 TB

 Reference of  this post is http://digitalcrunch.com/check-point-firewall/find-utm-1-check-point-appliance-model-from-cli/

The Linux File System

The Linux File System

A file system is nothing more than the way the computer stores and retrieves all your files. These files include your documents, programs, help files, games, music etc. In the Windows world we have the concept of files and folders.

A folder (also known as a directory) is nothing more than a container for different files so that you can organise them better. In Linux, the same concept holds true -- you have files, and you have folders in which you organise these files.

The difference is that Windows stores files in folders according to the program they belong to (in most cases), in other words, if you install a program in Windows, all associated files -- such as the .exe file that you run, the help files, configuration files, data files etc. go into the same folder. So if you install for example Winzip, all the files relating to it will go into one folder, usually c:\Program Files\Winzip.

In Linux however, files are stored based on the function they perform. In other words, all help files for all programs will go into one folder made just for help files, all the executable (.exe) files will go into one folder for executable programs, all programs configuration files will go into a folder meant for configuration files.

This layout has a few significant advantages as you always know where to look for a particular file. For example, if you want to find the configuration file for a program, you'll bound to find it in the actual program's installation directory.

With the Windows operating system, it's highly likely the configuration file will be placed in the installation directory or some other Windows system subfolder. In addition, registry entries is something you won't be able to keep track of without the aid of a registry tracking program - something that does not exist in the Linux world since there is no registry!

Of course in Linux everything is configurable to the smallest level, so if you choose to install a program and store all its files in one folder, you can, but you will just complicate your own life and miss out on the benefits of a file system that groups files by the function they perform rather than arbitrarily.

Linux uses an hierarchical file system, in other words there is no concept of 'drives' like c: or d:, everything starts from what is called the ‘/' directory (known as the root directory). This is the top most level of the file system and all folders are placed at some level from here. This is how it looks:

 As a result of files being stored according to their function on any Linux system, you will see many of the same folders.

These are 'standard' folders that have been pre-designated for a particular purpose. For example the 'bin' directory will store all executable programs (the equivalent of Windows ‘.exe ' files).

Remember also that in Windows you access directories using a backslash (eg c:\Program Files) whereas in Linux you use a forward slash (eg: /bin ).

In other words you are telling the system where the directory is in relation to the root or top level folder.

So to access the cdrom directory according to the diagram on the left you would use the path /mnt/cdrom.

To access the home directory of user 'sahir' you would use /home/sahir.

So it's now time to read a bit about each directory function to help us get a better understanding of the operating system:

• bin - This directory is used to store the system's executable files. Most users are able to access this directory as it does not usually contain system critical files.

• etc - This folder stores the configuration files for the majority of services and programs run on the machine. These configuration files are all plain text files that you can open and edit the configuration of a program instantly. Network services such as samba (Windows networking), dhcp, http (apache web server) and many more, rely on this directory! You should be careful with any changes you make here.

• home - This is the directory in which every user on the system has his own personal folder for his own personal files. Think of it as similar to the 'My Documents' folder in Windows. We've created one user on our test system by the name of 'sahir' - When Sahir logs into the system, he'll have full access to his home directory.

• var - This directory is for any file whose contents change regularly, such as system log files - these are stored in /var/log. Temporary files that are created are stored in the directory /var/tmp.

• usr - This is used to store any files that are common to all users on the system. For example, if you have a collection of programs you want all users to access, you can put them in the directory /usr/bin. If you have a lot of wallpapers you want to share, they can go in /usr/wallpaper. You can create directories as you like.

• root - This can be confusing as we have a top level directory ‘/' which is also called ‘the root folder'.

The 'root' (/root) directory is like the 'My Documents' folder for a very special user on the system - the system's Administrator, equivalent to Windows 'Administrator' user account.

This account has access to any file on the system and can change any setting freely. Thus it is a very powerful account and should be used carefully. As a good practice, even if you are the system Administrator, you should not log in using the root account unless you have to make some configuration changes.

It is a better idea to create a 'normal' user account for your day-to-day tasks since the 'root' account is the account for which hackers always try to get the password on Linux systems because it gives them unlimited powers on the system. You can tell if you are logged in as the root account because your command prompt will have a hash '#' symbol in front, while other users normally have a dollar '$' symbol.

• mnt - We already told you that there are no concepts of 'drives' in Linux. So where do your other hard-disks (if you have any) as well as floppy and cdrom drives show up?

Well, they have to be 'mounted' or loaded for the system to see them. This directory is a good place to store all the 'mounted' devices. Taking a quick look at our diagram above, you can see we have mounted a cdrom device so it is showing in the /mnt directory. You can access the files on the cdrom by just going to this directory!

• dev - Every system has its devices, and the Linux O/S is no exeption to this! All your systems devices such as com ports, parallel ports and other devices all exist in /dev directory as files and directories! You'll hardly be required to deal with this directory, however you should be aware of what it contains.

• proc - Think of the /proc directory as a deluxe version of the Windows Task Manager. The /proc directoy holds all the information about your system's processes and resources. Here again, everything exists as a file and directory, something that should't surprise you by now!

By examining the appropriate files, you can see how much memory is being used, how many tcp/ip sessions are active on your system, get information about your CPU usage and much more. All programs displaying information about your system use this directory as their source of information!

• sbin - The /sbin directory's role is that similar to the /bin directory we covered earlier, but with the difference its only accessible by the 'root' user. Reason for this restriction as you might have already guessed are the sensitive applications it holds, which generally are used for the system's configuration and various other important services. Consider it an equivelant to the Windows Administration tools folder and you'll get the idea.

Lastly, if you've used a Linux system, you'll have noticed that not many files have an extension - that is, the three letters after the dot, as found in Windows and DOS: file1.txt , winword.exe , letter.doc.

While you can name your files with extensions, Linux doesn't really care about the 'type' of file. There are very quick ways to instantly check the type of file anything is. You can even make just about any file in Linux an executable or .exe file at whim!

Linux is smart enough to recognise the purpose of a file so you don't need to remember the meaning of different extensions.

You have now covered the biggest hurdle faced by new Linux users. Once you get used to the file system you'll find it is a very well organised system that makes storing files a very logical process. There is a system and, as long as you follow it, you'll find most of your tasks are much simpler than other operating system tasks.

(Note: Reference of this post is www.firewall.cx.)

Linux File & Folder Permissions

Linux File & Folder Permissions

File & folder security is a big part of any operating system and Linux is no exception!

These permissions allow you to choose exactly who can access your files and folders, providing an overall enhanced security system. This is one of the major weaknesses in the older Windows operating systems where, by default, all users can see each other's files (Windows 95, 98, Me).

For the more superior versions of the Windows operating system such as NT, 2000, XP and 2003 things look a lot safer as they fully support file & folder permissions, just as Linux has since the beginning.

Together, we'll now examine a directory listing from our Linux lab server, to help us understand the information provided. While a simple 'ls' will give you the file and directory listing within a given directory, adding the flag '-l' will reveal a number of new fields that we are about to take a look at:

It's possible that most Linux users have seen similar information regarding their files and folders and therefore should feel pretty comfortable with it. If on the other hand you happen to fall in to the group of people who haven't seen such information before, then you either work too much in the GUI interface of Linux, or simply haven't had much experience with the operating system :)

Whatever the case, don't disappear - it's easier than you think!!

So what does all this output mean ? Especially all those 'rwx' lines?!

Let's start from scratch, analysing the information in the previous screenshot.

In the yellow column on the right we have the file & directory names (dirlist.txt, document1, document2 etc.) - nothing new here. Next, in the green column, we will find the time and date of creation.

Note that the date and time column will not always display in the format shown. If the file or directory it refers to was created in a year different from the current one, it will then show only the date, month and year, discarding the time of creation.

For example, if the file 'dirlist.txt' was created on the 27th of July, 2004, then the system would show:

Jun 27 2004 dirlist.txt

instead of

Jun 27 11:28 dirlist.txt

A small but important note when examining files and folders! Lastly, the date will change when modifying the file. As such, if we edited a file created last year, then the next time we typed 'ls -l', the file's date information would change to today's date. This is a way you can check to see if files have been modified or tampered with.

The next column contains the file size in bytes - again nothing special here.

Next column shows the permissions. Every file in Linux is 'owned' by a particular user.. normally this is the user (owner) who created the file.. but you can always give ownership to someone else.

The owner might belong to a particular group, in which case this file is also associated with the user's group. In our example, the left column labeled 'User' refers to the actual user that owns the file, while the right column labeled 'group' refers to the group the file belongs to.

Looking at the file named 'dirlist.txt', we can now understand that it belongs to the user named 'root' and group named 'sys'.

Following the permissions is the column with the cyan border in the listing.

The system identifies files by their inode number, which is the unique file system identifier for the file. A directory is actually a listing of inode numbers with their corresponding filenames. Each filename in a directory is a link to a particular inode.

Links let you give a single file more than one name. Therefore, the numbers indicated in the cyan column specifies the number of links to the file.

As it turns out, a directory is actually just a file containing information about link-to-inode associations.

Now for the fun column, the first one on the left containing the '-rwx----w-' characters. These are the actual permissions set for the particular file or directory we are examining.

To make things easier, we've split the permissions section into a further 4 columns as shown above. The first column indicates whether we are talking about a directory (d), file (-) or link (l).

In the newer Linux distributions, the system will usually present the directory name in colour, helping it to stand out from the rest of the files. In the case of a file, a dash (-) or the letter 'f' is used, while links make the use of the letter 'l' (l). For those unfamiliar with links, consider them something similar to the Windows shortcuts.

Column 2 refers to the user rights. This is the owner of the file, directory or link and these three characters determine what the owner can do with it.

The 3 characters on column 2 are the permissions for the owner (user) of the file or directory. The next 3 are permissions for the group that the file is owned by and the final 3 characters define the access permissions for the others group, that is, everyone else not part of the group.

So, there are 3 possible attributes that make up file access permissions:

r - Read permission. Whether the file may be read. In the case of a directory, this would mean the ability to list the contents of the directory. w - Writepermission. Whether the file may be written to or modified. For a directory, this defines whether you can make any changes to the contents of the directory. If write permission is not set then you will not be able to delete, rename or create a file. x - Execute permission. Whether the file may be executed. In the case of a directory, this attribute decides whether you have permission to enter, run a search through that directory or execute some program from that directory.

Let's take a look at another example:

Take the permissions of 'red-bulb', which are drwxr-x---. The owner of this directory is user david and the group owner of the directory is sys. The first 3 permission attributes are rwx. These permissions allow full read, write and execute access to the directory to user david. So we conclude that david has full access here.

The group permissions are r-x. Notice there is no write permission given here so while members of the group sys can look at the directory and list its contents, they cannot create new files or sub-directories. They also cannot delete any files or make changes to the directory content in any way.

Lastly, no one else has any access because the access attributes for others are ---.

If we assume the permissions are drw-r--r-- you see that the owner of the directory (david) can list and make changes to its contents (Read and Write access) but, because there is no execute (x) permission, the user is unable to enter it! You must have read and execute (r-x) in order to enter a directory and list its contents. Members of the group sys have a similar problem, where they seem to be able to read (list) the directory's contents but can't enter it because there is no execute (x) permission given!

Lastly, everyone else can also read (list) the directory but is unable to enter it because of the absence of the execute (x) permission.

Here are some more examples focusing on the permissions:

-r--r--r-- :This means that owner, group and everyone else has only read permissions to the file (remember, if there's no 'd' or 'l', then we are talking about a file).

-rw-rw-rw- : This means that the owner, group and everyone else has read and write permissions.

-rwxrwxrwx : Here, the owner, group and everyone else has full permissions, so they can all read, write and execute the file (-).

Modifying Ownership & Permissions

So how do you change permissions or change the owner of a file?

Changing the owner or group owner of a file is very simple, you just type 'chown user:group filename.ext', where 'user' and 'group' are those to whom you want to give ownership of the file. The 'group' parameter is optional, so if you type 'chown david file.txt', you will give ownership of file.txt to the user named david.

In the case of a directory, nothing much changes as the same command is used. However, because directories usually contain files that also need to be assigned to the new user or group, we use the '-R' flag, which stands for 'recursive' - in other words all subdirectories and their files: 'chown -R user:group dirname'.

To change permissions you use the 'chmod' command. The possible options here are 'u' for the user, 'g' for the group, 'o' for other, and 'a' for all three. If you don't specify one of these letters it will change to all by default. After this you specify the permissions to add or remove using '+' or '-' . Let's take a look at an example to make it easier to understand:

If we wanted to add read, write and execute to the user of a particular file, we would type the following 'chmod u+rwx file.txt'. If on the other hand you typed 'chmod g-rw file.txt' you will take away read and write permissions of that file for the group .

While it's not terribly difficult to modify the permissions of a file or directory, remembering all the flags can be hard. Thankfully there's another way, which is less complicated and much faster. By replacing the permissions with numbers, we are able to calculate the required permissions and simply enter the correct sum of various numbers instead of the actual rights.

The way this works is simple. We are aware of three different permissions, Read (r), Write (w) and Execute (x). Each of these permissions is assigned a number as follows:

r (read) - 4

w (write) - 2

x (execute) - 1

Now, to correctly assign a permission, all you need to do is add up the level you want, so if you want someone to have read and write, you get 4+2=6, if you want someone to have just execute, it's just 1.. zero means no permissions. You work out the number for each of the three sections (owner, group and everyone else).

If you want to give read write and execute to the owner and nothing to everyone else, you'd get the number 700. Starting from the left, the first digit (7) presents the permissions for the owner of the file, the second digit (0) is the permissions for the group, and the last (0) is the permissions for everyone else. You get the 7 by adding read, write and execute permissions according to the numbers assigned to each right as shown in the previous paragraphs: 4+2+1 = 7.

r, w, x Permissions	Calculated Number
---	0
--x	1
-w-	2
-wx	3 (2+1)
r--	4
r-x	5 (4+1)
rw-	6 (4+2)
rwx	7 (4+2+1)

If you want to give full access to the owner, only read and execute to the group, and only execute to everyone else, you'd work it out like this :

owner: rwx = 4 + 2 + 1 = 7

group: r-x = 4 + 0 + 1 = 5

everyone: --x = 0 + 0 + 1 = 1

So your number will be 751, 7 for owner, 5 for group, and 1 for everyone. The command will be 'chmod 751 file.txt'. It's simple isn't it ?

If you want to give full control to everyone using all possible combinations, you'd give them all 'rwx' which equals to the number '7', so the final three digit number would be '777':

If on the other hand you decide not to give anyone any permission, you would use '000' (now nobody can access the file, not even you!). However, you can always change the permissions to give yourself read access, by entering 'chmod 400 file.txt'.

For more details on the 'chmod' command, please take a look at the man pages.

As we will see soon, the correct combination of user and group permissions will allow us to perform our work while keeping our data safe from the rest of the world.

For example in order for a user or group to enter a directory, they must have at least read (r) and execute (x) permissions on the directory, otherwise access to it is denied:

As seen here, user 'mailman' is trying to access the 'red-bulb' directory which belongs to user 'david' and group 'sys'. Mailman is not a member of the 'sys' group and therefore can't access it. At the same time the folder's permissions allow neither the group nor everyone to access it.

Now, what we did is alter the permission so 'everyone' has at least read and execute permissions so they are able to enter the folder - let's check it out:

Here we see the 'mailman' user successfully entering the 'red-bulb' directory because everyone has read (r) and execute (x) access to it!

The world of Linux permissions is pretty user friendly as long as you see from the right perspective :) Practice and reviewing the theory will certainly help you remember the most important information so you can perform your work without much trouble.

(Note: Reference of this post is www.firewall.cx.)

 

How to Change admin password for Nokia using cli

How to Change admin password for Nokia using cli

clish
> set user admin newpass xxxxx
> save config

How to configure NTP on Splat

How to configure NTP on Splat

Verify if the NTP is running:

# ntpstat
ntp is not running

# which ntp
/usr/sbin/ntp

# cat /usr/sbin/ntp -> you find the configuration file: /etc/sysconfig/ntp

If NTP is not running, this file does not exist. You can create it:

# cat /etc/sysconfig/ntp
INTERVAL=86400 # once per day
SERVER1=10.0.0.1
USE_NTP=true

#service ntp start

# ntpstat
ntp is running

You can make this configuration also using webui.

Modify the expiration date for all users

Modify the expiration date for all users

To change the expiration date for all users, connect to CMA/Smartdashboard in command line and issue this command:

fwm expdate 31-Dec-2017

All the sessions must be closed (for example GUI) or you will have an error like this:
 Lock found indicating rulebase is already being managed by username@LOCATION using fwm

Viewing Checkpoint fw monitor files in Wireshark

How to Viewing Checkpoint fw monitor files in Wireshark

Checkpoints fw monitor utility performs packet captures similar to tcpdump and wireshark. Unlike these utilities it operates above layer 2 and contains no mac address information.  It does contain additional information from the firewall on interface and direction.
To view this additional information in wireshark some extra configuration is required.

1. Select edit/preferences/protocols/ethernet
2. Check the box labelled “Attempt to interpret as Firewall-1 monitor file” and press ok
3. Select edit/preferences/User Interface/columns
4. Click add to add a new column and name it interface.
5. From the format dropdown listbox select FW-1 monitor if/direction and press ok

Save the text below to a file colorise.txt

# DO NOT EDIT THIS FILE!  It was created by Wireshark
@FW-Mon-i @ fw1.direction contains "i"@[65535,65535,0][0,0,0]
@FW-Mon-I @fw1.direction contains "I"@[37008,61166,37008][0,0,0]
@FW-Mon-o@fw1.direction contains "o"@[44461,55512,59110][0,0,0]
@FW-Mon-O@ fw1.direction contains "O"@[31161,49051,54875][0,0,0]

1. Select View/coloring rules
2. Click import and open the saved file from above
3. Select the last 4 rules and move them to the top of the list by clicking the up button
4. Press ok

Your now ready to view the fw monitor files in wireshark.

tcpdump filters

tcpdump filters

A common step in troubleshooting is finding out what not to troubleshoot. With a packet capture you can confirm things such as routing, firewall rules, and remote services.

Once you can prove that a packet is coming back, then you can prove that all layers of the OSI model below are working. For example, if you get an ACK, then you know a few things:

• Layer 1 hardware is probably on and functioning
• Layer 2 Addressing is likely working
• Layer 3 Routing would appear to be working
• Layer 4 Transport is likely working

Session, presentation and application might not be working at this point, but you’ve ruled out several things that don’t need to be tested.

You can do detailed packet captures that look for additional information to verify if layers 5,6 and 7 are working, but this should save you some time to know that layers 1-4 are operational.

It’s possible that intermittent errors, or bandwidth related errors could be hiding, and a packet capture can still help you find this type of error too.

Every serious network and security professional should know how to use tcpdump.

Here are my tcpdump notes, perhaps you’ll find them handy too:

Basic tcpdump flags

-i <interface>

Specify which intterface to capture, defaults to lowest numbered interface

-q

Quick output. Print less protocol information so output lines are shorter, easier to read.

-X

Show binary and hex data

-n

Do not perform DNS lookup, just show the IP

-v

Show additional information, -vv shows more, -vvv shows even more

-s <size>

Size of the Packet, (-s 1514)

-S

Print absolute, rather than relative TCP sequence numbers

src (net)

The source IP of the filter (src 1.1.1.1). src net can be used to specify a network, in CIDR: (dst net 1.1.1.0/24)

dst (net)

The destination IP of the filter (dst 1.1.1.1). dst net can be used to specify a network, in CIDR: (dst net 1.1.1.0/24)

(src|dst) port

which port specifically, can be named ports, or specific port. (dst port 80)

-w <filename>

The name of the file to write out your packet capture to (-w filename.cap)

and

combine filters (and src net 1.1.1.0/24)

not

negate filters (and not dst port 22)

tcpdump filter examples

Here is a list of several ways to build filters, and some of the more common ways that you might want to view data.

tcpdump -nS

Very basic communication.

tcpdump -nnvvS

Basic, verbose communication.

tcpdump -nnvvXS

Get the packet payload, but that’s all

tcpdump -nnvvXSs 1514

Full packet capture with all details

tcpdump host 1.2.3.4

Show traffic to and from 1.2.3.4

tcpdump src 1.2.3.4

Show all traffic from 1.2.3.4

tcpdump dst 4.3.2.1

Show all traffic to 4.3.2.1

tcpdump net 1.2.3.0/24

Look at traffic to and from 1.2.3.0/24

tcpdump port 3389

Remote Desktop example

tcpdump udp and src port 53

specify protocol combined with src port (DNS filter example)

tcpdump portrange 1000-2000

Do you need an explanation? If so, perhaps another article is better for you.

tcpdump -i any -nnvvXSs 1514 -c 100 src 1.2.3.4 port 443 -w capturefile

Capturing full packet, fully verbose, limit to 100 of them, with IP and port filter, write to capturefile for later analysis.

tcpdump -nnvvXSs 1514 src net 192.168.0.0/16 and dst net 10.0.0.0/8 not dst port 22

Like previous tcpdump filter, but also limiting between 2 networks, and ignoring port 22

3 way Handshake Troubleshooting With tcpdump

We are able to confirm routing, firewall rules, and remote service response by looking at the type of packet that comes back:

tcpdump ‘tcp[13] & 2!=0′

SYN messages tell us that at least our client is sending it’s initial outbound message. If that’s all we see, then nothing is coming back and routing could be bad, or the remote server could be down.

tcpdump ‘tcp[13] & 16!=0′

ACK is the acknowledge message. We can see that the traffic is going all the way to and from the client/server and the server is responding.

tcpdump ‘tcp[13]=18′

SYN ACK packets shows active communication between client and server. Routes, ACLs, and Firewall rules are good.

tcpdump ‘tcp[13] & 4!=0′

RST packets. RST packets are sent back from the service, so at least you know the path is good and not blocked by an ACL or firewall.

tcpdump ‘tcp[13] & 1!=0′

FIN packets. FIN packets are sent back from the service, so you also know path and firewall or ACL rules are not blocking.

tcpdump Statistics

Often, on a network a few hosts will be infected, but it’s hard to tell which ones those hosts are. Here is a quick method to help you determine who is spewing the most traffic:

First, get a packet capture of the data that is of interest to you, you can get basic packets, or all of it if you want to review it later. In my example I want to review it later, so I’m capturing the entire packet, with a bit of detail:

#  tcpdump -i any -nn -X -vv -s 1514 -c 1000 -w packetcap.cap

Next run it through awk to display some statistical information:

# tcpdump -nr packetcap.cap | awk '{print }' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort | uniq -c | sort -n

Which produces:

Now I could use tools like nslookup, whois, etc to determine what the most trafficked IP addresses are and adjust my firewall rules accordingly.

Sample tcpdump Output