This afternoon I purchased myself a Cisco ASA 5505 (EOL) for my home network. My quest is to become a proficient system administrator, and perhaps one day a full stack admin...so I figured it would be a good idea to get some of the gear.
Now then, I have worked on the Cisco ASA 5510 & 5505, but the changes that I have made to it we're fairly easy to do. Open ports, edit ip addressing, and manage traffic But there is so much more to the ASA that I am interested in knowing so I figured I would jump in feet first by screwing up my own network and not someone elses. Here is a little background on the purchase.
Cisco ASA 5505-UL-BUN-K9 Security Plus Firewall Unlimited Users 25 SSL/IPSec VPN
Have one? Or have any suggestions for me? Leave me a comment.
This is a new type of entry, much like my Linux postings that I have recently been doing, but in these blogs I will be posting about things that made me uncomfortable, but I did them anyways. Success's & failures.
Well most of you know me as a web developer, but I do other things than web dev. In this past year I have taken myself outside of my comfort level and broaden my knowledge in other areas.
"If it scares you, you should probably do it."
This week I was asked to open a specific port on an Cisco ASA 5510, and also configure a Windows Server to adhere to that port on the ASA. I am unable to get into specifics but I can tell you that this was outside of my scope, but I welcomed it.
That day (Thursday) I successfully con figured the server to listen to the non-traditional port and also configured the router allow the broadcasting of it. After a reboot of the server and an outside internet connection I was able to establish a connection. SUCCESS!
The next day I received notice that certain users were not able to connect to certain shares on the server. To top it off one of them was in a upper level position. EEK!
After finding the issue, and finding the solution I relayed my concerns to my sysadmin and he was able to get the disk share re-established. At which point I simply remapped my end users on the client ends. (not all had to be remapped)
I guess in the end, the configuration issues that I made to the Cisco ASA 5510 (router) and the reboot of the server was not my doing, but the fact that I was able to get the connection re-established was.
I embrace change, tasks like this regurgitate me. In the mean time I plan on continuing my knowledge with the ASA and seek other tasks as received. It is in my hopes to one day be a full stack administrator, in the mean time...let's all get out of our comfort level, and do something that scares us.
If it scares you, you should probably do it.
Today I was mentioned on the Daily Tech News Show podcast for August 27, 2014. I submitted a press release regarding Seagate is now shipping an 8 TB 3.5-inch hard drive with a SATA 6 gigabit-per-second interface.
I really enjoy this show, and not all the links I submit to the show are read or mentioned, but I really enjoy sharing content with the masses as you know by all my entries.
...and yes Dan Patterson | danpatterson.com, you said my name correctly. Thanks!
Need to send traffic to your Apache Web Server, in hopes that you will not bring it down by HTTP or ICMP request? Well read on.
Well this is unique entry, recently a friend and I we're bench testing a couple servers on different nodes using the Apache Benchmark Tool. In our findings we noticed that 2 of the domains that we tested feel to they're knees due to memory issues. Now then, in no way do I condemn black hat conduct but sometimes the only way to protect your OWN servers is to use penetration testing tools to stress the server.
Now, there is a plethora of software that can do this locally on the server or for remote usage, but for this entry I will refrain from that.
I recommend that you take a look at my friends blog on how to protect yourself from an EVASION of traffic.
TRICK FOR APACHE2 AND MYSQL CRASHING ON HIGH LOAD / APACHE BENCHMARK
* thanks JV for the initial remote PT.
I receive a lot of PDF files in fact many more PDF files than word documents now a days. Now a day's being able to search a PDF file or perhaps a PDF file that was created into a doc file can same you time. Here are a few steps that you can do to OCR your PDF so that it can be easily searchable.
Now you should be able to do a CTRL+F to find words with in the document.
Useful Linux Links for 2014-08-22 - Below are links that I used in a given day that helped me with my goal in Linux System Administration.
This evening I gave Google Photo Sphere a try at the pool where I live. I also captured the court yard but figured the pool area would have a better view.
Google Photo Sphere is 360-degree panorama software that is available for Android and iOS, you can find the application in the respected app store. Personally I though the software was really nice and it was very easy to use, let's call the process "circling the dots". Simply rotate in a circle circling the dots, and then viola your done!
Just a reminder, stay away from tight quarters. Photo Sphere does a much better job in an open environment.
Useful Linux Links for 2014-08-20 - Below are links that I used used in a given day in helping me with my Linux System Administration.
This afternoon like many others in my Google+ Network we received our Google Domains Invitation from the Google Domains Team.
Though at the time I was happy and very interested in the program, I did notice that the price per domain would cost me an extra $2.00, now then an extra $2.00 may be nothing you say...but my partner and I have well over 20 or so domains. So I think for now we will stick to hover.com.
Here is the notice I received from Google Domains:
So there you have it, the interface when using the system is very simple and easy, but I am trying to find the added benefit to the service. I am very pleased with Hover and they're simple no BS domain name registration but I am not loyal to any domain name registration service. What are your thoughts?
This small list was originally created last week 2014-08-08, but I am barely getting to posting them. For those of you that use fail2ban being able to block an IP is easy, but unblocking can be a different matter if you have never done so before. If you have questions leave a comment.
This weekend if I have time I plan on hacking one of my 2 WeMo's. If you have never heard of a WeMo take a look here, it basically allows you to control your homes electronics by turning them off & on.
Useful Linux Links for 2014-08-08 - Below are links that I used used in a given day in helping me with my Linux System Administration.
Useful Linux Links for 2014-08-07 - Below are links that I used used in a given day in helping me with my Linux System Administration.
Below are the steps I took to troubleshoot my creation of the user: david and how I fixed the in ability to update the .ICEauthority file in /home/david/.ICEauthority
* Be sure you replace all instances with david with your username
Step by Step:
1. Begin by logging into root
2. Locate the home directory of the user that you wish fix. Example: cd /home/david
3. In some instances you may need to create the user directory as I had to. To do so, in the home directory type in mkdir david
4. Once the directory is created type in the following so that we can ensure that the user has ownership of the directory. chown david: david .ICEauthority
5. Logout as root
6. Login as your username
This entry explains how to enable / disable to the graphical user interface (GUI) in CentOS by modifying the inittab file. If you are a hard code command line user disabling the GUI will give the added benefit of save resources, and we LOVE saving resources on our servers.
Begin by opening up the command line and doing the following. (I will assume you know how to open up the command line, but if not it can be found on your gnome, kdm, xdm dock.
Step 1: In the command line type:
Step 2: Now find the line that states:
Step 3:Now simply press i (to insert text, then change the id:5:initdefault: to the following:
Step 4: Once this is complete press the colon, and type wq! (This will commit the change.)
So what is going on here is that we are modifying the inittab file and telling CentOS to default the multiuser user mode. Doing so will now disable the GUI from CentOS, and now present to command line from now on.
As always if you have questions, leave a comment.
This entry explains how to move all content from one directory to another directory with out copying the original directory itself.
Step 1: In this example I will begin by getting a file from the web. In the command prompt type:
Step 2: I will begin the extraction process, since the file is in a tar ball, we need to extract the contents. In the command prompt type:
tar -xf file.tar.gz
Step 3: Finally, we will move the extracted directories contents 'mydir' to the path that we wish the files to be moved to.
mv mydir/* /home/david/mynewdir
I know this is a 101 tip, but it never hurts to reflect on your command line beginnings. If you have questions leave a comment.
This entry explains how to rename files extensions & variables in Linux.
Currently I have a web server running CentOS. Recently I came across a ton of files in various directories with a file extension .html which needed to be renamed to .php. (I configured .htaccess to not be allowed on the server)
Things you will need:
First you will need to do is open up terminal and navigate to the parent directory in which all of your files with the file extensions that you would like to change are located. Once at this location run the code that I have provided for you below. What this will do is find and rename all files with the extension .html to .php regardless of the name of the file. So you will be responsible for modifying my .html and .php to the extensions that suit your change.
Now then, if you would like to specify the path and NOT have to navigate to the path, simply change the /var/www/html/mydir in the line below to the path with the files with the extensions that need to be renamed. Also be sure that you change my .html and .php to the extensions that suit you!
No need to contine below if this completes your needs:
Now that we have all of our file extensions changed from .html to .php in the current directory and subdirectories all we need to do is rename the contents in our index.php formelly index.html. If we we're to view index.php in our browser we would have a bunch of links pointing to .html files, but since we renamed them the links now 404.
Well let's update those links! Open index.php (or whatever your index is) in vi, and enter the following:
This will now update all .html extension to .php that are found inside of the file index.php. Keep in mind that many of you will not have to do this, and your renaming stopped after step one in this entry.
Well, I hope this helped you with the pain staking task of renaming files on your linux machine. Yes, I do know that my instructions can be hard to follow if you are a beginner to the linux system. But when I have time, I promise to create a video that will demonstrate everything that I have explained above.
As always if you have any questions leave a comment, I promise to assist you in any way I can.
Cool, I got mentioned on The Daily Tech News Show with Tom Merritt & Guests yesterday morning. Daily Tech News Show is a audio podcast that scour the web for the most important tech news to share with you.
Video playback below. 1 min 52 sec:
I submitted an article regarding Google releasing source code Tuesday for a Chrome extension called “End to End” that would provide OpenPGP encryption for messages within a browser.
You can read more about the day's show at: DTNS 2249 – BUFFER BATTLES
Just an late update on my progression with my certifications.
Good afternoon everyone, sorry for not positing this sooner I know a few of you were wondering where I am at with my certifications so here's the update.
As your already aware I became Network+ Certified back in January, and now I am Security+ Certified as of this past March. This was an elective certification for me, but I am glad I took it! Some thing's that I took out of it we're preventive measures from a network & server stand point which are invaluable for someone that is in my field.
CompTia Security+ covered some of the following:
1. Intrusion Prevention Systems (IPS)
2. Intrusion Detection Systems (IDS)
3. Kerbos & Radius Servers
6. IPV4 / IPV6 / DNS
7. Man in the Middle Attacks
8. Input Validation
9. LDAP Injections
10. Secure Protocols & more!
I took this exam because I felt that the knowledge I got from it would be invaluable for me as a sys admin level later down the line. With everything being cracked / hacked / spoofed / injected nowadays I would recommend studying and giving the exam a shot. My Network+ knowledge really helped in my success on it, but it is not required.
Security+ Study resources I used:
1. CompTIA Security+ Deluxe Study Guide Recommended Courseware: Exam SY0-301
2. CompTia SY0-301 Security+ Terms & Definitions (excuse my mess)
3. Darril Gibson's - Get Certified and Get Ahead (Must get, has practice tests!)
4. Finally being a self taught student I also used (and continue to use) ITPro.tv - CompTIA Security+ (SY0-301)
My recommendation is if you plan on taking the exam, get familiar on how questions are asked. Sometimes all the questions are right, but there is a better answer among them. Darril Gibson, well train you on this and will give you reasons why your answer is wrong. (Very helpful)
Questions? Leave them below, I am happy to help.