martes, 18 de septiembre de 2012

FUDCon Venezuela 2012

Para empezar abrazos a todos los que estuvieron en el FUDCon Venezuela es una experiencia muy divertida, es un momento de compartir todos nuestros conocimientos y buscar colaboradores nuevos que estaban escondidos en algun rincon del mundo.

Uno de los logros de este FUDCon fue el ingreso al grupo de empacadores y embajadores de Eduardo (Echevemaster) que aprovecho al maximo este momento de aprender logrando su primer paquete y otros que vienen en camino xD.

Charla de Robotica por Valentin Basel como decimos un lleno total :-) divertido que causa mucho interes entre los participantes. Compañeros de otras Distros que ven como trabaja una comunidad muy unida donde escucharon anecdotas del día a día de cada uno de nosotros, como contribuimos al proyecto y como es ese trabajo en equipo dentro de Fedora.

Tambien una charla muy interesante ya que es el tema de moda ARM donde cabe destacar la presentación de varios Rasperry-Pi funcionando con el Fedora Remix por Itamar y en esta charla uno de los participantes fue acredor de un android con procesador arm funcionando con Fedora.

Siempre no se queda atras las charlas de RPMDev para los que quieren ser packagers-manteiners por Potty, todo lo referente a documentación gracias a Jared Smith, Yaderv que se tomo el salon con un tema muy importante como lo es Parches utilizando GIT. Tantos temas interesantes y en algunos que no pude estar presente porque estaba en otro tema que tambien me interesaba y me tocaba tomar decisiones dificiles xDD jeje. Bueno en fin aqui les dejo algunas fotos, son solo algunas por que hay muchas por todos lados. Saludos a todos y esperemos seguir reforzando el proyecto como siempre buscando nuevos colaboradores y compartiendo todos nuestros conocimientos para todos.

Itamar y Profesora Ganadora del Equipo


Rasperry-Pi en su arranque:





Rasperry-Pi Fedora ARM Botton :) by Potty- Itamar - LoKoMurdoK


Robyn Rebergeron en la charla de arranque del FUDCon Venezuela 2012
 
 
TODOS :-)





lunes, 6 de agosto de 2012

FUDCon LATAM - Venezuela 2012


El FUDCon es la Conferencia de Usuarios y Desarrolladores Fedora, nuestro evento premier efectuado en cuatro diferentes regiones del mundo, una vez al año en cada una. El FUDCon es siempre libre, gratuito y abierto al público. Algunas de las temáticas tratadas en el FUDCon incluyen: Infraestructura, Desarrollos, Construcción de la comunidad, Gerencia y Mercadeo del Proyecto, Diseño, Pruebas y Control de Calidad de Software, Empaquetado, entre otros. El FUDcon contará con gran participación de conferencistas Internacionales, conoce el panel de ponentes aquí.

jueves, 26 de julio de 2012

Nagios Notifications

To enable notifications the first step is edit contact email (example mail: test@gmail.com)

[root@BMNG001 soporte]# cd /etc/nagios/objects
[root@BMNG001 soporte]# vi contacts.cfg

1. Edit this lines:


define contact{
        contact_name  Soporte          ; Short name of user
        use           generic-contact  ; Inherit default values...
        alias         Soporte          ; Full name of user
        email         test@gmail.com   ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******
        }
 
2. And Then
 
edit hosts
 
vi /etc/hosts 
 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.160.6 BMNG001.ZEUS.loc BMNG001
 
Add your: IP - host.domain.com - HOSTNAME
[root@BMNG001 soporte]# service nagios restart
 

 
This is because I see that many have problems with notifications to 
the end and it is something simple but not everyone knows it.






Regards,
 

jueves, 19 de julio de 2012

Nagios in Fedora





Basic installation and configuration of Nagios on F17. Go into the console, login as root and proceed to write yum install nagios*

Install Nagios:

[soporte@BMNG001 ~]$ su                                                                                                                                      
Contraseña:
[root@BMNG001 soporte]# yum install nagios*

Start services Nagios and Apache:

[root@BMNG001 soporte]# services start nagios
[root@BMNG001 soporte]# services start httpd

Enable apache service:

[root@BMNG001 soporte]# chkconfig httpd on


Create nagios admin password:

[root@BMNG001 soporte]# htpasswd -c /etc/nagios/passwd nagiosadmin 

Check the configuration file:

[root@BMNG001 soporte]# vi /etc/httpd/conf.d/nagios.conf
  
Nagios user & groups 

[root@BMNG001 soporte]# groupadd nagios
[root@BMNG001 soporte]# adduser nagios -g nagios
[root@BMNG001 soporte]# passwd nagios
[root@BMNG001 soporte]# usermod -G nagios nagios
[root@BMNG001 soporte]# usermod -G apache,nagios apache

Verify the configuration:

[root@BMNG001 soporte]# nagios -v /etc/nagios/nagios.cfg
 
Nagios Core 3.4.1
Copyright (c) 2009-2011 Nagios Core Development Team and Community Contributors
Copyright (c) 1999-2009 Ethan Galstad
Last Modified: 05-11-2012
License: GPL

Website: http://www.nagios.org
Reading configuration data...
   Read main config file okay...
Processing object config file '/etc/nagios/objects/commands.cfg'...
Processing object config file '/etc/nagios/objects/contacts.cfg'...
Processing object config file '/etc/nagios/objects/timeperiods.cfg'...
Processing object config file '/etc/nagios/objects/templates.cfg'...
Processing object config file '/etc/nagios/objects/localhost.cfg'...
Processing object config file '/etc/nagios/objects/windows.cfg'...
   Read object config files okay...

Running pre-flight check on configuration data...

Checking services...
        Checked 61 services.
Checking hosts...
        Checked 8 hosts.
Checking host groups...
        Checked 2 host groups.
Checking service groups...
        Checked 0 service groups.
Checking contacts...
        Checked 1 contacts.
Checking contact groups...
        Checked 1 contact groups.
Checking service escalations...
        Checked 0 service escalations.
Checking service dependencies...
        Checked 0 service dependencies.
Checking host escalations...
        Checked 0 host escalations.
Checking host dependencies...
        Checked 0 host dependencies.
Checking commands...
        Checked 28 commands.
Checking time periods...
        Checked 5 time periods.
Checking for circular paths between hosts...
Checking for circular host and service dependencies...
Checking global event handlers...
Checking obsessive compulsive processor commands...
Checking misc settings...

Total Warnings: 0
Total Errors:   0

Things look okay - No serious problems were detected during the pre-flight check


Now type in your browser http://yourIP/nagios login with  your  nagiosadmin user already created.

Example:

http://192.168.160.6/nagios

Service Area



This is an example Nagios in Server my office:
Hosts Area



Coming soon: How to define hosts and groups. :-)

LAMP in Fedora 17

Many persons today have a question, What is LAMP? very simple for your acronym:

- Linux, the operating system, in some cases referred to LDAP.
- Apache, the web server;
- MySQL, the database manager;
- Perl, PHP, or Python programming languages​​.




Considering that I have Fedora 17 Xfce 64bit
the first step:

Install Apache server:

Go into the console, login as root and proceed to write: yum install httpd php php-common

[soporte@BMNG001 ~]$ su                                                                                                                                      
Contraseña:                                                                                                                                                  
[root@BMNG001 soporte]# yum install httpd php php-common


and then

[root@BMNG001 soporte]# service httpd start  
[root@BMNG001 soporte]# chkconfig --levels 235 httpd on

In your browser type http://yourIP/

Example:

http://192.168.160.6/



We will need some php modules:


[root@BMNG001 soporte]#  yum install php-pecl-apc php-cli php-pear php-pdo php-mysql php-pgsql php-pecl-mongo php-sqlite php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml
 
Install MySQL server:


[root@BMNG001 soporte]# yum install mysql mysql-server 

Start and enable services:

[root@BMNG001 soporte]# systemctl start mysqld.service
[root@BMNG001 soporte]# systemctl enable mysqld.service

Assign Mysql password:

[root@BMNG001 soporte]# mysqladmin -u root password Test2012$

Check connection to MySQL server:


[root@BMNG001 soporte]# mysql -h localhost -u root -p

And Finally install PHPMyAdmin:

[root@BMNG001 soporte]# yum install phpmyadmin

Restart Apache (httpd)

[root@BMNG001 soporte]# service httpd restart
Redirecting to /bin/systemctl restart  httpd.service
[root@BMNG001 soporte]#

when finish type in your browser: http://yourIP/phpmyadmin

Example:

http://192.168.160.6/phpmyadmin

And that's all, Greetings.

miércoles, 18 de julio de 2012

Nmap in Fedora 17


Use nmap for audits, vulnerability scanning, security test or others. :-)
The first step easy and simple: install. Go into the console, login as root and proceed to write yum install nmap.

[soporte@BMNG001 ~]$ su -
Contraseña:
[root@BMNG001~]# yum install nmap

Instalado:                                                                                                                      
  nmap.x86_64 2:6.00-1.fc17                                                                                                     
                                                                                                                                
¡Listo!                                                                                                                         
[root@BMNG001 ~]#

Now let's see the different modes of operation within our network, let's define some important commands remembering that some must be run as root.


Type (s) scanning

-sT system call connect () is used to connect to all ports. If the port is listening, connect () will succeed.

-sS not open a full TCP connection. It sends a SYN packet, if there comes a SYN | ACK is sent to close the connection RTS.

-sP If you only need to know which nodes are active. In root mode techniques used ICMP, SYN ACK and parallel to detect that node is active.

-sU Used to know that UDP ports are open. In UNIX nodes UDP scanning is limited in frequency.

-sF -sX -sN Stealth Mode FIN, Xmas Tree, or Null scan. The idea is that closed ports respond to RST packets, while open ports must ignore the packets in question. Because this type of scan nodes will not work on Windows, is a good idea to distinguish between platforms.


General Options 
-PT <#port> Use TCP ping to determine which servers are active.

Resolves DNS-R all nodes. 

- dns-servers <server1[,server2],...> Alternatively, you can specify which DNS servers search for names 
-O Report Operating System 
-p port scan 25,80,1000-4000 only 25.80 and 1000 to 4000 
-sV check the versions of software that listens on ports 
-v enable extended information mode (supports more than one v)

Objects specification

nmap -sS -P0 -sV -O 192.168.160.1 performs a deep scan of the node.

nmap -sT -n -p --P0 192.168.160.6 discussing with TCP scan all 65535 ports, without sending ping consent (which may be blocked by the table) and without reverse DNS lookup, this makes the scan is very fast.

nmap -T5 -F -O -iL input.txt done very fast scanning of the nodes listed (one per line) in input.txt used primarily to detect the OS

nmap -sV -n -P0 -p 22 192.168.160.6 detect that service runs on port 22 192.168.160.6 node and its version.

nmap -sL 192.168.160.1-255 looking through DNS host in the range 192.168.160.1-255 with name and registered in the DNS. Usually the nodes that are not in the DNS appear in this scan as not connected.

nmap -sP -PR live 192.168.160.1-255 looking hosts through ARP pings (-PR) in the range 192.168.160.1-255, arp pings is chosen because it might ICMP pings are blocked by a firewall.

nmap - iflist prints the list of interface and default route for each interface.

host -l servertest.com | cut -d " " -f  4 | ./nmap -v -iL - makes a DNS zone transfer to find servidor.com servers and then move IP addresses to nmap.



These commands can see, writing on the console $nmap.


[soporte@BMNG001 ~]$ nmap                                                                                                       
Nmap 6.00 ( http://nmap.org )                                                                                                   
Usage: nmap [Scan Type(s)] [Options] {target specification}                                                                     
 

TARGET SPECIFICATION:                                                                                                           
  Can pass hostnames, IP addresses, networks, etc.                                                                              
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254                                                          
  -iL <inputfilename>: Input from list of hosts/networks                                                                        
  -iR <num hosts>: Choose random targets                                                                                        
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks                                                                 
  --excludefile <exclude_file>: Exclude list from file                                                                          
 

HOST DISCOVERY:                                                                                                                 
  -sL: List Scan - simply list targets to scan                                                                                  
  -sn: Ping Scan - disable port scan                                                                                            
  -Pn: Treat all hosts as online -- skip host discovery                                                                         
  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports                                                     
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes                                                         
  -PO[protocol list]: IP Protocol Ping                                                                                          
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]                                                            
  --dns-servers <serv1[,serv2],...>: Specify custom DNS servers                                                                 
  --system-dns: Use OS's DNS resolver                                                                                           
  --traceroute: Trace hop path to each host                                                                                     
 

SCAN TECHNIQUES:                                                                                                                
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans                                                                    
  -sU: UDP Scan                                                                                                                 
  -sN/sF/sX: TCP Null, FIN, and Xmas scans                                                                                      
  --scanflags <flags>: Customize TCP scan flags                                                                                 
  -sI <zombie host[:probeport]>: Idle scan                                                                                      
  -sY/sZ: SCTP INIT/COOKIE-ECHO scans                                                                                           
  -sO: IP protocol scan                                                                                                         
  -b <FTP relay host>: FTP bounce scan                                                                                          
 

PORT SPECIFICATION AND SCAN ORDER:                                                                                              
  -p <port ranges>: Only scan specified ports                                                                                   
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9                                                                
  -F: Fast mode - Scan fewer ports than the default scan                                                                        
  -r: Scan ports consecutively - don't randomize                                                                                
  --top-ports <number>: Scan <number> most common ports                                                                         
  --port-ratio <ratio>: Scan ports more common than <ratio>                                                                     
 

SERVICE/VERSION DETECTION:                                                                                                      
  -sV: Probe open ports to determine service/version info                                                                       
  --version-intensity <level>: Set from 0 (light) to 9 (try all probes)                                                         
  --version-light: Limit to most likely probes (intensity 2)                                                                    
  --version-all: Try every single probe (intensity 9)                                                                           
  --version-trace: Show detailed version scan activity (for debugging)                                                          
 

SCRIPT SCAN:                                                                                                                    
  -sC: equivalent to --script=default                                                                                           
  --script=<Lua scripts>: <Lua scripts> is a comma separated list of                                                            
           directories, script-files or script-categories                                                                       
  --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts                                                               
  --script-args-file=filename: provide NSE script args in a file                                                                
  --script-trace: Show all data sent and received                                                                               
  --script-updatedb: Update the script database.                                                                                
  --script-help=<Lua scripts>: Show help about scripts.                                                                         
           <Lua scripts> is a comma separted list of script-files or                                                            
           script-categories.                                                                                                   
 

OS DETECTION:                                                                                                                   
  -O: Enable OS detection                                                                                                       
  --osscan-limit: Limit OS detection to promising targets                                                                       
  --osscan-guess: Guess OS more aggressively                                                                                    
 

TIMING AND PERFORMANCE:                                                                                                         
  Options which take <time> are in seconds, or append 'ms' (milliseconds),                                                      
  's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).                                                         
  -T<0-5>: Set timing template (higher is faster)                                                                               
  --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes                                                          
  --min-parallelism/max-parallelism <numprobes>: Probe parallelization                                                          
  --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies                                                       
      probe round trip time.                                                                                                    
  --max-retries <tries>: Caps number of port scan probe retransmissions.                                                        
  --host-timeout <time>: Give up on target after this long                                                                      
  --scan-delay/--max-scan-delay <time>: Adjust delay between probes                                                             
  --min-rate <number>: Send packets no slower than <number> per second                                                          
  --max-rate <number>: Send packets no faster than <number> per second                                                           

FIREWALL/IDS EVASION AND SPOOFING:                                                                                              
  -f; --mtu <val>: fragment packets (optionally w/given MTU)                                                                    
  -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys                                                                         
  -S <IP_Address>: Spoof source address                                                                                         
  -e <iface>: Use specified interface                                                                                           
  -g/--source-port <portnum>: Use given port number                                                                             
  --data-length <num>: Append random data to sent packets                                                                       
  --ip-options <options>: Send packets with specified ip options                                                                
  --ttl <val>: Set IP time-to-live field                                                                                        
  --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address                                                          
  --badsum: Send packets with a bogus TCP/UDP/SCTP checksum                                                                     
 

OUTPUT:                                                                                                                         
  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,                                                           
     and Grepable format, respectively, to the given filename.                                                                  
  -oA <basename>: Output in the three major formats at once                                                                     
  -v: Increase verbosity level (use -vv or more for greater effect)                                                             
  -d: Increase debugging level (use -dd or more for greater effect)                                                             
  --reason: Display the reason a port is in a particular state                                                                  
  --open: Only show open (or possibly open) ports                                                                               
  --packet-trace: Show all packets sent and received                                                                            
  --iflist: Print host interfaces and routes (for debugging)                                                                    
  --log-errors: Log errors/warnings to the normal-format output file                                                            
  --append-output: Append to rather than clobber specified output files                                                         
  --resume <filename>: Resume an aborted scan                                                                                   
  --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML                                                       
  --webxml: Reference stylesheet from Nmap.Org for more portable XML                                                            
  --no-stylesheet: Prevent associating of XSL stylesheet w/XML output                                                           
 

MISC:                                                                                                                           
  -6: Enable IPv6 scanning                                                                                                      
  -A: Enable OS detection, version detection, script scanning, and traceroute                                                   
  --datadir <dirname>: Specify custom Nmap data file location                                                                   
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets                                                            
  --privileged: Assume that the user is fully privileged                                                                        
  --unprivileged: Assume the user lacks raw socket privileges                                                                   
  -V: Print version number                                                                                                      
  -h: Print this help summary page.                                                                                             
 

EXAMPLES:                                                                                                                       
  nmap -v -A scanme.nmap.org                                                                                                    
  nmap -v -sn 192.168.0.0/16 10.0.0.0/8                                                                                         
  nmap -v -iR 10000 -Pn -p 80



And this is advanced example and simple, some things like this X as mac address for "security" reasons.


[root@BMNG001 soporte]# nmap -sS -P0 -sV -O 192.168.160.1                                                                       
                                                                                                                                
Starting Nmap 6.00 ( http://nmap.org ) at 2012-07-18 16:05   EST                                                                   
Nmap scan report for 192.168.160.1                                                                                                
Host is up (0.00045s latency).                                                                                                  
Not shown: 997 filtered ports                                                                                                   
PORT    STATE  SERVICE      VERSION                                                                                             
264/tcp open   fw1-topology Checkpoint FW1 Topology                                                                             
443/tcp open   ssl/http     Check Point SVN foundation httpd                                                                    
500/tcp closed isakmp                                                                                                           
MAC Address: X:X:X:X:X:X (Lanner Electronics)                                                                             
Device type: firewall|specialized|general purpose|broadband router|WAP                                                          
Running (JUST GUESSING): Check Point Linux 2.6.X|2.4.X (97%), Cisco embedded (91%), Linux 2.6.X|2.4.X (89%), ZyXEL ZyNOS 2.X (88%
), Juniper IVE OS 7.X (88%), Endian Linux 2.6.X (87%), IPCop Linux 2.4.X (87%)                                                  
OS CPE: cpe:/o:checkpoint:linux:2.6 cpe:/o:checkpoint:linux:2.4 cpe:/o:linux:kernel:2.6.30 cpe:/o:zyxel:zynos:2 cpe:/o:linux:kern
el:2.4 cpe:/o:juniper:ive_os:7 cpe:/o:endian:linux:2.6 cpe:/o:ipcop:linux:2.4                                                   
Aggressive OS guesses: Check Point VPN-1 firewall (Linux 2.6.18) (97%), Check Point firewall (Linux 2.4.21) (93%), Cisco NME-NAM-
80S network analysis module (91%), Linux 2.6.30 (89%), Linux 2.6.24 (Gentoo) (89%), ZyXEL ZyWALL USG 50 firewall (ZyNOS 2.21) (88
%), Linux 2.6.24 (88%), OpenWrt Kamikaze 8.09.1 (Linux 2.4.35.4) (88%), OpenWrt (Linux 2.4.32) (88%), Juniper SA4000 SSL VPN gate
way (IVE OS 7.0) (88%)                                                                                                          
No exact OS matches for host (test conditions non-ideal).                                                                       
Network Distance: 1 hop                                                                                                         
Service Info: Device: firewall                                                                                                  
                                                                                                                                
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .                            
Nmap done: 1 IP address (1 host up) scanned in 21.13 seconds

I hope this material serve in their daily work.