Posts

connect AD to ISE

1- Verify basic functionality and DNS

2- Join ISE to AD

3- Make an Identity Source Sequences

go to Administration > External Identity Sources and add active directory. Click on Add and then enter information of AD, you probably get the prompt for Username and Password. So, Enter your AD administrator in the prompt.

Then, if everything goes well, your ISE successfully join the Active Directory.

You can prove your connection by going to Active Directory again and check  the Computers section. As it is shown in the picture, ISE computer should be shown.

Now, we can tell the ISE to authenticate first from AD then if you can’t find the user go to local database. So, you have to make a Identity Source Sequence to change the order.

In the Name box select the optional Name then in the selected section first select AD then Internal Users. Finally select “Treat as if the user was not found and proceed to the next store in the sequence” option and save.

Now, go to Policy > Authentication Policy > Use  select your previous Identity “first_AD_then_local”.

To test, you can make new a user in AD

As you can see, user logs shows successful login.

 

 

 

/by

802.1X Mac Authentication Bypass (MAB)

First, configure the interface which is connected to the endpoint, previously we configured the interface as below:

SW(config)#int gi1/0/2

SW(config-if)#switchport mode access
SW(config-if)#authentication host-mode multi-auth
SW(config-if)#authentication open
SW(config-if)#dot1x pae authenticator
SW(config-if)#dot1x timeout tx-period 10
SW(config-if)#authentication port-control auto
SW(config-if)#authentication periodic
SW(config-if)#authentication timer reauthenticate server

Now, add this configuration for the interface:

SW(config-if)#mab
SW(config-if)#authentication order mab dot1x
SW(config-if)#authentication priority dot1x mab

so the result:

SW#sh authentication sessions int gi1/0/2

Interface MAC Address Method Domain Status Fg Session ID
———————————————————————-
Gi1/0/2 b8ca.3a7e.0f5a N/A UNKNOWN Unauth C0A80AFC00000FB4034126C2

Key to Session Events Blocked Status Flags:

A – Applying Policy (multi-line status for details)
D – Awaiting Deletion
F – Final Removal in progress
I – Awaiting IIF ID allocation
N – Waiting for AAA to come up
P – Pushed Session
R – Removing User Profile (multi-line status for details)
U – Applying User Profile (multi-line status for details)
X – Unknown Blocker

Runnable methods list:
Handle Priority Name
16 5 dot1x
18 10 mab
21 15 webauth
–More–

 

And if you check on the ISE:

/by

Setup Router-on-a-Stick(Layer 2 -Layer 3)

Router-On-a-stick
Enter a caption for this image (optional)

To connect several vlans together, there is a model which is called “Router-on-a-stick“. This model has some advantages:

  • Cost effective

  • Easy to Implement

On the other hand, there are some drawbacks in this model:

  • Congestion on link(bottleneck on trunk port)

  • If router becomes down, network will down

switch(config)# int gi0/1
switch(config-if)# switchport mode trunk
router(config)# int gi0/0.10
router(config-subif)# encapsulation dot1Q 10
router(config-subif)# ip address 192.168.10.1 255.255.255.0
router(config)# int gi0/0.20
router(config-subif)# encapsulation dot1Q 20
router(config-subif)# ip address 192.168.20.1 255.255.255.0
router(config)# int gi0/0.30
router(config-subif)# encapsulation dot1Q 30
router(config-subif)# ip address 192.168.30.1 255.255.255.0

In Switch layer2, we use router-on-a-stick to connect vlans together based on access-list we define.

Layer 3 switches

Multilayer Switch
Enter a caption for this image (optional)

As it is shown, first set an IP address for the PC0 and PC1. PC0 is on Vlan 10, while PC1 is on Vlan 20. Default Gateway of both PCs are set with the IP address of Vlan in Switch. For routing between to Vlan, Just we use “ip routing” command as it is shown in below code:

switch(config)# vlan 10
switch(config-if)# ip address 192.168.10.254 255.255.255.0
switch(config-if)# exit
switch(config)# vlan 20
switch(config-if)# ip address 192.168.20.254 255.255.255.0
switch(config-if)# exit
switch(config)# ip routing
/by

Trunk Port(Tag Port)

1-1 What’s Trunk port?

A trunk port is a port that is assigned to carry traffic for all the VLANs.Trunk send Untagged and Tagged information. There are two standards for Trunking:

  • ISL(Cisco)

  • 802.1Q(Industry Standard) is 4 Byte which is considered without Native Vlan

Example:

Trunk between two switches
Enter a caption for this image (optional)
sw1(config)# int fa0/1
sw1(config-if)# switchport mode trunk
sw2(config)# int fa0/1
sw2(config-vlan)# switchport mode trunk

In older version of Cisco devices first you have to write:

switchport encapsulation dot1q

then

switchport mode trunk

1-2 Changing Native Vlan

For changing Native Vlan just write:

sw1(config)# int fa0/1
sw1(config-if)# switchport trunk native vlan 20
1-3 Allow Specific Vlan

To allow specific vlan just write:

sw1(config)# int fa0/1
sw1(config-if)# switchport allowed vlan 10,20,30

In above-mentioned code, just vlan 10, 20, 30 allowed through trunk port

You can use switchport command with add/all/except/none

sw1(config-if)# switchport allowed vlan 10,20,30
sw1(config-if)# switchport allowed vlan add/all/except/none 10,20,30
1-4 How to see trunk port
switch# show interface trunk
or
switch# show interface fa0/1 switchport
/by

VLAN

A virtual LAN (Local Area Network) is a logical subnetwork that can group together a collection of devices from different physical LAN.

1-1 Create VLAN

Imagine that we have different departments on your company and you want to separate each department based on their employees. So, with the VLAN concept you can create a VLAN and then assign different ports to these VLANs.

Vlan 10-20-30 in Switch1
Enter a caption for this image (optional)

In the above picture, we have 3 departments, each of which is assigned to unique VLAN. let’s configure switch:

sw# conf t
sw(config)# vlan 10
sw(config-vlan)# name Management
sw(config-vlan)# exit
sw(config)# vlan 20
sw(config-vlan)# name IT
sw(config-vlan)# exit
sw(config)# vlan 30
sw(config-vlan)# name SALES
sw(config-vlan)# exit

For viewing created VLANs, we enter this command:

sw# show vlan

Enter a caption for this image (optional)

VLAN 1 is a default VLAN in Cisco devices. VLAN from 1002-1005 are for other protocols. VLAN from 1006- 4094 is called Extended VLAN.

1-2 Access Switch Ports to Vlan

In above picture, a PC in VLAN 10 is connected to port Fa0/1 switch. So, we can write this command to access port Fa0/1 to VLAN 10:

sw(config)# int fa0/1
sw(config-vlan)# switchport mode access
sw(config-vlan)# switchport access vlan 10
sw(config-vlan)# exit

Now, if we enter show vlan:

Enter a caption for this image (optional)

Now we do it for other ports:

sw(config)# int fa0/2
sw(config-vlan)# switchport mode access
sw(config-vlan)# switchport access vlan 20
sw(config-vlan)# exit
sw(config)# int fa0/3
sw(config-vlan)# switchport mode access
sw(config-vlan)# switchport access vlan 30
sw(config-vlan)# exit

and the result is:

Enter a caption for this image (optional)
1-3 Native Vlan

By default in Cisco switches , Vlan 1 is a native Vlan. It means, untagged traffic carries in this vlan. We’ll know how to change Native Vlan.

/by

Connect to Cisco devices

The first question is asked by those who are using Cisco devices for the first time is that how can I connect to Cisco devices. It needs kind of cable which is called rollover cable.

Rollover cable
Enter a caption for this image (optional)

rollover cable contains RJ-45 and RS-232 and as it is demonstrated in below picture, RJ-45 is connected to switch and on the other hand RS-232 is connected to PC.

Console to PC
Enter a caption for this image (optional)

Today’s PCs usually don’t have RS-232 port. You have to buy kind of convertor for RS-232 to USB or you can use new rollover cable which is RJ45 to USB.

you can use kind of these software in PC to connect to switch through the console port. Putty is a famous software which supports SSH, Telnet, Serial.

I’ve uploaded a video in Youtube to become familiar how to connect rollover cable to switch and how to connect switch through Putty

Enter a caption (optional)
/by
,

Honeypot from scratch

Read more
/by
Hamidreza Talebi

TCPdump

How to Install tcpdump in Linux

Many of Linux distributions already shipped with tcpdump tool, if in case you don’t have it on systems, you can install it using following apt-get command.

# apt-get install tcpdump

Once tcpdump tool is installed on systems, you can continue to browse following commands with their examples.

1. Capture Packets from Specific Interface

The command screen will scroll up until you interrupt and when we execute tcpdump command it will captures from all the interfaces, however with -i switch only capture from desire interface.

# tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:33:31.976358 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 3500440357:3500440553, ack 3652628334, win 18760, length 196
11:33:31.976603 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags [.], ack 196, win 64487, length 0
11:33:31.977243 ARP, Request who-has tecmint.com tell 172.16.25.126, length 28
11:33:31.977359 ARP, Reply tecmint.com is-at 00:14:5e:67:26:1d (oui Unknown), length 46
11:33:31.977367 IP 172.16.25.126.54807 > tecmint.com: 4240+ PTR? 125.25.16.172.in-addr.arpa. (44)
11:33:31.977599 IP tecmint.com > 172.16.25.126.54807: 4240 NXDomain 0/1/0 (121)
11:33:31.977742 IP 172.16.25.126.44519 > tecmint.com: 40988+ PTR? 126.25.16.172.in-addr.arpa. (44)
11:33:32.028747 IP 172.16.20.33.netbios-ns > 172.16.31.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
11:33:32.112045 IP 172.16.21.153.netbios-ns > 172.16.31.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
11:33:32.115606 IP 172.16.21.144.netbios-ns > 172.16.31.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
11:33:32.156576 ARP, Request who-has 172.16.16.37 tell old-oraclehp1.midcorp.mid-day.com, length 46
11:33:32.348738 IP tecmint.com > 172.16.25.126.44519: 40988 NXDomain 0/1/0 (121)

2. Capture Only N Number of Packets

When you run tcpdump command it will capture all the packets for specified interface, until you Hit cancel button. But using -c option, you can capture specified number of packets. The below example will only capture 6 packets.

# tcpdump -c 5 -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:40:20.281355 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 3500447285:3500447481, ack 3652629474, win 18760, length 196
11:40:20.281586 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags [.], ack 196, win 65235, length 0
11:40:20.282244 ARP, Request who-has tecmint.com tell 172.16.25.126, length 28
11:40:20.282360 ARP, Reply tecmint.com is-at 00:14:5e:67:26:1d (oui Unknown), length 46
11:40:20.282369 IP 172.16.25.126.53216 > tecmint.com.domain: 49504+ PTR? 125.25.16.172.in-addr.arpa. (44)
11:40:20.332494 IP tecmint.com.netbios-ssn > 172.16.26.17.nimaux: Flags [P.], seq 3058424861:3058424914, ack 693912021, win 64190, length 53 NBT Session Packet: Session Message
6 packets captured
23 packets received by filter
0 packets dropped by kernel

3. Print Captured Packets in ASCII

The below tcpdump command with option -A displays the package in ASCII format. It is a character-encoding scheme format.

# tcpdump -A -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
09:31:31.347508 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.], seq 3329372346:3329372542, ack 4193416789, win 17688, length 196
M.r0...vUP.E.X.......~.%..>N..oFk.........KQ..)Eq.d.,....r^l......m\.oyE....-....g~m..Xy.6..1.....c.O.@...o_..J....i.*.....2f.mQH...Q.c...6....9.v.gb........;..4.).UiCY]..9..x.)..Z.XF....'|..E......M..u.5.......ul
09:31:31.347760 IP 192.168.0.1.nokia-ann-ch1 > 192.168.0.2.ssh: Flags [.], ack 196, win 64351, length 0
M....vU.r1~P.._..........
^C09:31:31.349560 IP 192.168.0.2.46393 > b.resolvers.Level3.net.domain: 11148+ PTR? 1.0.168.192.in-addr.arpa. (42)
E..F..@.@............9.5.2.f+............1.0.168.192.in-addr.arpa.....
3 packets captured
11 packets received by filter
0 packets dropped by kernel

4. Display Available Interfaces

To list number of available interfaces on the system, run the following command with -D option.

# tcpdump -D
1.eth0
2.eth1
3.usbmon1 (USB bus number 1)
4.usbmon2 (USB bus number 2)
5.usbmon3 (USB bus number 3)
6.usbmon4 (USB bus number 4)
7.usbmon5 (USB bus number 5)
8.any (Pseudo-device that captures on all interfaces)
9.lo

5. Display Captured Packets in HEX and ASCII

The following command with option -XX capture the data of each packet, including its link level header in HEX and ASCII format.

# tcpdump -XX -i eth0
11:51:18.974360 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 3509235537:3509235733, ack 3652638190, win 18760, length 196
0x0000:  b8ac 6f2e 57b3 0001 6c99 1468 0800 4510  ..o.W...l..h..E.
0x0010:  00ec 8783 4000 4006 275d ac10 197e ac10  ....@.@.']...~..
0x0020:  197d 0016 1129 d12a af51 d9b6 d5ee 5018  .}...).*.Q....P.
0x0030:  4948 8bfa 0000 0e12 ea4d 22d1 67c0 f123  IH.......M".g..#
0x0040:  9013 8f68 aa70 29f3 2efc c512 5660 4fe8  ...h.p).....V`O.
0x0050:  590a d631 f939 dd06 e36a 69ed cac2 95b6  Y..1.9...ji.....
0x0060:  f8ba b42a 344b 8e56 a5c4 b3a2 ed82 c3a1  ...*4K.V........
0x0070:  80c8 7980 11ac 9bd7 5b01 18d5 8180 4536  ..y.....[.....E6
0x0080:  30fd 4f6d 4190 f66f 2e24 e877 ed23 8eb0  0.OmA..o.$.w.#..
0x0090:  5a1d f3ec 4be4 e0fb 8553 7c85 17d9 866f  Z...K....S|....o
0x00a0:  c279 0d9c 8f9d 445b 7b01 81eb 1b63 7f12  .y....D[{....c..
0x00b0:  71b3 1357 52c7 cf00 95c6 c9f6 63b1 ca51  q..WR.......c..Q
0x00c0:  0ac6 456e 0620 38e6 10cb 6139 fb2a a756  ..En..8...a9.*.V
0x00d0:  37d6 c5f3 f5f3 d8e8 3316 d14f d7ab fd93  7.......3..O....
0x00e0:  1137 61c1 6a5c b4d1 ddda 380a f782 d983  .7a.j\....8.....
0x00f0:  62ff a5a9 bb39 4f80 668a                 b....9O.f.
11:51:18.974759 IP 172.16.25.126.60952 > mddc-01.midcorp.mid-day.com.domain: 14620+ PTR? 125.25.16.172.in-addr.arpa. (44)
0x0000:  0014 5e67 261d 0001 6c99 1468 0800 4500  ..^g&...l..h..E.
0x0010:  0048 5a83 4000 4011 5e25 ac10 197e ac10  .HZ.@.@.^%...~..
0x0020:  105e ee18 0035 0034 8242 391c 0100 0001  .^...5.4.B9.....
0x0030:  0000 0000 0000 0331 3235 0232 3502 3136  .......125.25.16
0x0040:  0331 3732 0769 6e2d 6164 6472 0461 7270  .172.in-addr.arp
0x0050:  6100 000c 0001                           a.....

6. Capture and Save Packets in a File

As we said, that tcpdump has a feature to capture and save the file in a .pcap format, to do this just execute command with -w option.

# tcpdump -w 0001.pcap -i eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
4 packets captured
4 packets received by filter
0 packets dropped by kernel

7. Read Captured Packets File

To read and analyze captured packet 0001.pcap file use the command with -r option, as shown below.

# tcpdump -r 0001.pcap
reading from file 0001.pcap, link-type EN10MB (Ethernet)
09:59:34.839117 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.], seq 3353041614:3353041746, ack 4193563273, win 18760, length 132
09:59:34.963022 IP 192.168.0.1.nokia-ann-ch1 > 192.168.0.2.ssh: Flags [.], ack 132, win 65351, length 0
09:59:36.935309 IP 192.168.0.1.netbios-dgm > 192.168.0.255.netbios-dgm: NBT UDP PACKET(138)
09:59:37.528731 IP 192.168.0.1.nokia-ann-ch1 > 192.168.0.2.ssh: Flags [P.], seq 1:53, ack 132, win 65351, length 5

8. Capture IP address Packets

To capture packets for a specific interface, run the following command with option -n.

# tcpdump -n -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:07:03.952358 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 3509512873:3509513069, ack 3652639034, win 18760, length 196
12:07:03.952602 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags [.], ack 196, win 64171, length 0
12:07:03.953311 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 196:504, ack 1, win 18760, length 308
12:07:03.954288 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 504:668, ack 1, win 18760, length 164
12:07:03.954502 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags [.], ack 668, win 65535, length 0
12:07:03.955298 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 668:944, ack 1, win 18760, length 276
12:07:03.955425 IP 172.16.23.16.netbios-ns > 172.16.31.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
12:07:03.956299 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 944:1236, ack 1, win 18760, length 292
12:07:03.956535 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags [.], ack 1236, win 64967, length 0

9. Capture only TCP Packets.

To capture packets based on TCP port, run the following command with option tcp.

# tcpdump -i eth0 tcp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:10:36.216358 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 3509646029:3509646225, ack 3652640142, win 18760, length 196
12:10:36.216592 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags [.], ack 196, win 64687, length 0
12:10:36.219069 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 196:504, ack 1, win 18760, length 308
12:10:36.220039 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 504:668, ack 1, win 18760, length 164
12:10:36.220260 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags [.], ack 668, win 64215, length 0
12:10:36.222045 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 668:944, ack 1, win 18760, length 276
12:10:36.223036 IP 172.16.25.126.ssh > 172.16.25.125.apwi-rxspooler: Flags [P.], seq 944:1108, ack 1, win 18760, length 164
12:10:36.223252 IP 172.16.25.125.apwi-rxspooler > 172.16.25.126.ssh: Flags [.], ack 1108, win 65535, length 0
^C12:10:36.223461 IP mid-pay.midcorp.mid-day.com.netbios-ssn > 172.16.22.183.recipe: Flags [.], seq 283256512:283256513, ack 550465221, win 65531, length 1[|SMB]

10. Capture Packet from Specific Port

Let’s say you want to capture packets for specific port 22, execute the below command by specifying port number 22 as shown below.

# tcpdump -i eth0 port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:37:49.056927 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.], seq 3364204694:3364204890, ack 4193655445, win 20904, length 196
10:37:49.196436 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.], seq 4294967244:196, ack 1, win 20904, length 248
10:37:49.196615 IP 192.168.0.1.nokia-ann-ch1 > 192.168.0.2.ssh: Flags [.], ack 196, win 64491, length 0
10:37:49.379298 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.], seq 196:616, ack 1, win 20904, length 420
10:37:49.381080 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.], seq 616:780, ack 1, win 20904, length 164
10:37:49.381322 IP 192.168.0.1.nokia-ann-ch1 > 192.168.0.2.ssh: Flags [.], ack 780, win 65535, length 0

11. Capture Packets from source IP

To capture packets from source IP, say you want to capture packets for 192.168.0.2, use the command as follows.

# tcpdump -i eth0 src 192.168.0.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:49:15.746474 IP 192.168.0.2.ssh > 192.168.0.1.nokia-ann-ch1: Flags [P.], seq 3364578842:3364579038, ack 4193668445, win 20904, length 196
10:49:15.748554 IP 192.168.0.2.56200 > b.resolvers.Level3.net.domain: 11289+ PTR? 1.0.168.192.in-addr.arpa. (42)
10:49:15.912165 IP 192.168.0.2.56234 > b.resolvers.Level3.net.domain: 53106+ PTR? 2.0.168.192.in-addr.arpa. (42)
10:49:16.074720 IP 192.168.0.2.33961 > b.resolvers.Level3.net.domain: 38447+ PTR? 2.2.2.4.in-addr.arpa. (38)

12. Capture Packets from destination IP

To capture packets from destination IP, say you want to capture packets for 50.116.66.139, use the command as follows.

# tcpdump -i eth0 dst 50.116.66.139
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:55:01.798591 IP 192.168.0.2.59896 > 50.116.66.139.http: Flags [.], ack 2480401451, win 318, options [nop,nop,TS val 7955710 ecr 804759402], length 0
10:55:05.527476 IP 192.168.0.2.59894 > 50.116.66.139.http: Flags [F.], seq 2521556029, ack 2164168606, win 245, options [nop,nop,TS val 7959439 ecr 804759284], length 0
10:55:05.626027 IP 192.168.0.2.59894 > 50.116.66.139.http: Flags [.], ack 2, win 245, options [nop,nop,TS val 7959537 ecr 804759787], length 0

source :https://www.tecmint.com/

/by
Hamidreza Talebi, linux

Config SFTP Server on Ubuntu

sudo apt-get install openssh-server

————– Define a group —————————
sudo group add sftponly
cat /etc/group

———— Add User to Group————————-
useradd hamid -d / -g [group number] -M -N -o -u [group number]
sudo passwd hamid

———–Backup sshd_config file———————-

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sudo nano +76 /etc/ssh/sshd_config

——————–Edit in sshd_config file—————

Subsystem sftp internal-sftp

Match User sammyfiles
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

——————————————————————-
sudo systemctl restart sshd

root@hrt-VirtualBox:~# mkdir /var/www
root@hrt-VirtualBox:~# cd /var/www
root@hrt-VirtualBox:/var/www# mkdir test_readonly
root@hrt-VirtualBox:/var/www# chmod 755 test_readonly
root@hrt-VirtualBox:/var/www# mkdir test readwrite
root@hrt-VirtualBox:/var/www# mkdir test_readwrite
root@hrt-VirtualBox:/var/www# chown root:sftponly test_readwrite
root@hrt-VirtualBox:/var/www# chmod 775 test_readwrite
root@hrt-VirtualBox:/var/www# mkdir test_noaccess
root@hrt-VirtualBox:/var/www# chmod 733 test_noaccess

 

you can use SCP or Putty to connect to server in windows

Hamidreza Talebi

/by
Hamidreza Talebi, linux

Crontab or Scheduler in linux

You can set schedule in linux with this command:

$ crontab -e

for example:

We want our job to run at 5 A.M., which would be minute 0, hour 5, every day of the month, every month, every day of the week. We need to add a line to the bottom of the file which looks like this:

0 5 * * * /home/myname/scripts/do-every-day.sh

for backup everyday at 12:02 AM

2 0 * * * tar -zcf  /home/hrt/Desktop/backup/$(date +\%H-\%M-\%S-\%d-\%m-\%Y).tar.gz  /usr/local/bro/logs>/dev/null 2>&1

for fixing bug in ubuntu you have to add >/dev/null 2>&1 to every crontab you define.

For checking your crontab, use this command:

$crontab -l

For removing crontab just add this one:

$crontab -r

For viewing logs run  this command:

sudo grep -i cron /var/log/syslog

/by