CyberKeeda In Social Media

How to run C and C++ codes within Atom


Why to move ahead from your favorite IDE, when t's capable to run your C, C++ Scripts/Programmes.

Find here, how to run it.


Read more ...

Create Oracle Virtualbox Guest Machines from Browsers

 

 

Install phpVirtualBox in Ubuntu 16.04 LTS


Video Tutorial.


  
It's a webbased tool, we need to install Apache HTTPD webserver, PHP and some additional php modules.
 
Lets go ahead.
  • Install Mandatory packages.
cybeerkeeda@Linux-Maniac:~ sudo apt-get install apache2 php php-mysql libapache2-mod-php php-soap php-xml
  • Download the phpVirtualBox latest version from phpVirtualBox download page.
cybeerkeeda@Linux-Maniac:~ cd /tmp wget https://sourceforge.net/projects/phpvirtualbox/files/phpvirtualbox-5.0-5.zip
  • Unzip it.
cybeerkeeda@Linux-Maniac:~ unzip phpvirtualbox-5.0-5.zip
cybeerkeeda@Linux-Maniac:~ mv phpvirtualbox-5.0-5  phpvirtualbox
  • Move the extracted phvirtualbox folder to your apache webserver root folder.
cybeerkeeda@Linux-Maniac:~ mv phpvirtualbox  /var/www/html/
  • Assign the proper permissions to the phpvirtualbox folder.
cybeerkeeda@Linux-Maniac:~ chmod 777 /var/www/html/phpvirtualbox/
  • Configure phpVirtualBox.

Copy the sample config file as shown below.
cybeerkeeda@Linux-Maniac:~ cvar/www/html/phpvirtualbox/config.php-example var/www/html/phpvirtualbox/config.php 
  • Edit phpVirtualBox config.php file:

cybeerkeeda@Linux-Maniac:~vim /var/www/html/phpvirtualbox/config.php


Find the following lines and replace the
username and password with your system user 

In my case, my username is kunal, and password is redhat.

var $username = 'kunal';
var $password = 'redhat';

Save and close the file.

Create a new file called /etc/default/virtualbox:

cybeerkeeda@Linux-Maniac:~vim /etc/default/virtualbox

Add the following line. Replace ‘kunal’ with your own username.

VBOXWEB_USER=kunal



Finally, Reboot your system or restart all services to complete the configuration.

sudo systemctl restart vboxweb-service
sudo systemctl restart vboxdrv
sudo systemctl restart apache2


You can disable the authentication mechanism.

// Disable authentication
var $noAuth = true;


I will open it directly from my browser without any authentication.


Here we go.. We have installed it..
Read more ...

Join Linux into Windows Active Directory domain




Though I'm  a great fan of Linux/Unix but while working with any enterprise firm i couldn't avoid, thus i was asked to join our Linux hosts into Active directory.

So let's move ahead and join our LInux systems into ad using tool named as " adcli "
I have used this to join our Redhat/CentOS 7 hosts into AD.

Video Tutorial.


There are two must things as a prerequisites for it.

1.     Make Sure RHEL machine is able to resolve Active Directory servers.
2.     Install adcli package along with sssd:

 Consider the below inputs as a lab enviroment of mine.


Active Directory Server : swind101x.cyberkeeda.net
Domain name : cyberkeeda.net
Linux Client Hostname :  scent101x.cyberkeeda.net
[root@scent101x ~]# yum install adcli sssd authconfig
  • Discover the AD domain:
[root@scent101x ~]# adcli info cyberkeeda.net
adcli will show few details about the AD domain. 


[domain]
domain-name = cyberkeeda.net
domain-short = CYBERKEEDA
domain-forest = cyberkeeda.net
domain-controller = SWIND101X.cyberkeeda.net
domain-controller-site = Default-First-Site-Name
domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable good-timeserv full-secret
domain-controller-usable = yes
domain-controllers = SWIND101X.cyberkeeda.net
[computer]
computer-site = Default-First-Site-Name


  • Now, join RHEL system to AD domain using adcli: 
[root@scent101x ~]# adcli join cyberkeeda.net
Password for Administrator@CYBERKEEDA.NET: <---- Enter Admin password
By default, it prompts for the Administrator password, but it's possible to specify another user with the -U option:
[root@scent101x ~]# adcli join cyberkeeda.net -U ad_admin_user 

# adcli join cyberkeeda.net -U ad_admin_user        <------ This user should have administrative rights in AD

The join operation creates a keytab the machine will authenticate with. When inspect the with klist -kt, 
[root@scent101x ~]# klist -kte
It should show several entries that contain client hostname in some form:


Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (aes256-cts-hmac-sha1-96) 
   2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (aes128-cts-hmac-sha1-96) 
   2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (des3-cbc-sha1) 
   2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (arcfour-hmac)


  • Configure /etc/krb5.conf to use AD domain:

Replace 
Realm
Admin_server
your Realm, domain realms, AD erver information.

includedir /etc/krb5.conf.d/

[logging]
default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = CYBERKEEDA.NET
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 CYBERKEEDA.NET = {
  kdc = cyberkeeda.net
  admin_server = swind101x.cyberkeeda.net
 }

[domain_realm]
 .cyberkeeda.net = CYBERKEEDA.NET
 cyberkeeda.net = CYBERKEEDA.NET




Use authconfig to set up the Name Service Switch(/etc/nsswitch.conf) and PAM stacks(password-authand system-auth):

[root@scent101x ~]#  authconfig --enablesssd --enablesssdauth --update

Above command will modify and add necessary entries in 

Ø /etc/nsswitch.conf, 
Ø /etc/pam.d/password-auth 
Ø /etc/pam.d/system-authfiles 


The final step is to configure the SSSD itself. 
Open /etc/sssd/sssd.conf and define a single domain:

[sssd]

services = nss, pam, ssh, autofs

config_file_version = 2

domains = CYBERKEEDA.NET



[domain/CYBERKEEDA.NET]
id_provider = ad
# Uncomment and configure below , if service discovery is not working

ad_server = swind101x.cyberkeeda.net
 



 Make sure /etc/sssd/sssd.con is owned by root:root and permissions are 600

 # chown root:root /etc/sssd/sssd.conf
 # chmod 600 /etc/sssd/sssd.conf

Start the SSSD and make sure it's up after reboots:

# service sssd start
# chkconfig sssd on

    Try to  fetch user information for AD user and then try to login as AD user

# getent passwd aduser


# id Administrator
# ssh Administrator@localhost
Read more ...

Cinnamon desktop shows double desktop icon.

 I got a very weired issue with my Ubuntu Desktop with Cinnamon Display manager.

When i click ony any application to add it into desktop as a shortcut icon,  i found icons/links appearing twice.

The reason is i have added cinnamon as an additional Window manager for my Ubuntu desktop which has Unity as primary which was using nautilus as primary display manager.

To fix it, do run the following commands.


cybeerkeeda@Linux-Maniac:~ sudo pkill nautilus
cybeerkeeda@Linux-Maniac:~ sudo gsettings set org.gnome.desktop.background show-desktop-icons false
Read more ...

net ads dns register WARNING: no network interfaces found



Recently i got a requirement to change my MAC entry for a specific KVM host, since it's Virtual host MAC.
And the requirement also need to change the interface from eth0 to eth1


So after changing the MAC and interface name to eth1, everything went fine but i had a issue after few hours.
KVM host uses samba to register it's DNS entry into Active Directory, but it was failing somehow though it can join itself into AD but couldnot register it's IN A record into AD.

To fix it, check the two config files.
cybeerkeeda@Linux-Maniac:~ vim /etc/samba/smb.conf
And look for the below line , it must be look same 
interfaces = eth* bond* tun0 br0
cybeerkeeda@Linux-Maniac:~ vim /etc/samba/smb.sys


interfaces = eth*

Restart smb and all will work fine

cybeerkeeda@Linux-Maniac:~ service smb restart


Read more ...

NagiosXI: Download pdf Couldn't create temporary file.





Couldn't create temporary file. Check that the directory permissions for the /temp directory are set to 777








Login as root to the Nagios server and run the following.



chown -R  nagios.nagios /usr/local/nagiosxi/html/includes/components/highcharts/exporting-server/temp
chmod -R  ug+rwx /usr/local/nagiosxi/html/includes/components/highcharts/exporting-server/temp
Read more ...

Ubuntu : net usershare' returned error 255: mkdir failed on directory /var/run/samba/msg.lock: Permission denied net usershare add: cannot convert name



Nautilus Error message while sharing a directory into local network as

Ubuntu : net usershare' returned error 255: mkdir failed on directory /var/run/samba/msg.lock: Permission denied net usershare add: cannot convert name,.

Solved : Restart Samba services.


/etc/init.d/samba restart
Sounds fizzy, but yes it will fix.
Read more ...

ERROR Guest name 'centos7' is already in use.




Starting a VM

To start a VM you've just created after the installation, use the virsh start NAME command:

virsh start centos7
Use the virsh list --all to list all available virtual machines, including powered off ones:

$ virsh list --all
 Id    Name                           State
----------------------------------------------------
 4     centoS                        running
 -     debian                        shut off
 -     win10                         shut off
 -     win7                          shut off
 -     winxp                         shut off

Stopping and removing
To stop a VM, you give the (unintuitive) command virsh destroy NAME:

virsh destroy centos7
It will not remove any data, just stop the VM by pulling the virtual power cable.

If you want to remove the VM from the virsh list, you need to undefine it:

virsh undefine centos7
This will remove the configuration. If you don't undefine the VM and want to try the virt-install again it will give an error like this:

ERROR    Guest name 'centos' is already in use.
You do manually need to remove the virtual disk after undefining a vm.
Read more ...

How to fix : OpenSSL Sweet 32 Birthday attack Vulnerability






Sweet32 Birthday attack, which affects the triple-DES cipher. OpenSSL has rated the triple-DES vulnerability as low, they stated “triple-DES should now be considered as ‘bad’ as RC4.”

The Sweet32 Birthday attack does not affect SSL Certificates; certificates do not need to be renewed, reissued, or reinstalled.


Fix :

Verify the CIPHER status from below commands.

One can use openssl ciphers  command to see a list of available ciphers for OpenSSL




openssl ciphers

To check the status of DES and 3DES cipher below commands will help.

 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -ssl2
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -ssl3 
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -tls1 
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -tls1_1 
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -tls1_2



Find your Open SSL  config file ( openssl.conf )   and locate     SSLCipherSuite

You might find a lot of ciphers written parallel along with SSLCipherSuite.

Just Add  ! before DES and 3DES to disable CIPHER successive with :

 ! -- It states don't use
 : -- It states a begining of CIPHER
It should look like below

SSLCipherSuite !3DES:!DES 

Save and close ssl config file and restart apache to reflect changes.

On Ubuntu/Debian

systemctl restart apache2

On RHEL/CentOS

systemctl restart httpd
Read more ...

SSH from your favourite browser using Shellinabox




Shellinabox is perfect tool if you have any of the requirement.

Missing Putty or SSH agent on your desktop  ?
Looking for Client less agent to SSH ?
Want to SSH your Linux server or desktop from mobile.

So lets move ahead and just follow the steps to install Shellinabox.

Video tutorial, for video lovers.


ShellinaBox Installation on  CentOS7

Introduction [ Shell In A Box ]

Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugins.

Official repository link

More info on official git page :  https://github.com/shellinabox/shellinabox

Installation.

Intsall EPEL Repo.


[root@cyberkeeda ~]# yum install epel-release 


Install shellinabox package


[root@cyberkeeda ~]# yum install shellinabox


Configuration.

Shellinabox configuration file  :    /etc/sysconfig/shellinaboxd


 Lets have a look on the file and allow and modify the important lines

[root@cyberkeeda ~]# vim /etc/sysconfig/shellinaboxd



# Shell in a box daemon configuration
# For details see shellinaboxd man page

# Basic options
USER=shellinabox
GROUP=shellinabox
CERTDIR=/var/lib/shellinabox
PORT=4200
OPTS="--disable-ssl-menu -s /:LOGIN"
OPTS="-t -s /:SSH:192.168.0.181"

PORT

PORT=4200

Chnage PORT to some other to avoid conflict between sytem level ports 

I will be changing it to 6162 

SSH HOST

OPTS="-t -s /:SSH:192.168.0.101"

Chnage IP or Hostname to your default login host, by default shellinabox will ask to login into it, then later you can ssh and jump into n number of servers.


My final config file would look as

# Shell in a box daemon configuration
# For details see shellinaboxd man page

# Basic options
USER=shellinabox
GROUP=shellinabox
CERTDIR=/var/lib/shellinabox
PORT=6162
OPTS="--disable-ssl-menu -s /:LOGIN"
OPTS="-t -s /:SSH:192.168.0.101"


Configuration Done..

Important : 

STOP Firewalld iptables and disable selinux 

#    Service firewalld stop
#    Service iptables stop

Disable SELINUX : change status of selinux to disabled

Finally Restart the shellinaboxd daemon.



[root@cyberkeeda ~]# service shellinaboxd start

Read more ...
Designed By Kunal Saha