15 Dec

Energy efficient log servers with Raspberry Pi

I have few Raspberry Pi 2 (RPi2) laying around and doing nothing. For this project, I will be building a centralized log server on RPi2 for my home usage.

1. I’m using DietPi for the OS for simple reason, it is extremely lightweight and having the lowest memory footprint. I will not be covering the image installation to the RPi2 sdcard because that is pretty common process and I assume everyone is already know doing that. Get it from here https://dietpi.com/

2. Once DietPi is installed, ssh to it and complete the initial setup and update.

3. I’m using remotesyslog for for the log collector. If you need advance feature, you may explore Graylog2. Follow the remotesyslog installation guide from here https://www.remotesyslog.com/legacy/

4. Configure your devices to send the logs to this remotesyslog.

5. There are 2 ways of viewing the logs, through the CLI and Web UI.

6. Access the remotesyslog by launching any web browser and you may see below screen.

7. SSH to the remotesyslog and run rsview to see the logs form the terminal.

01 Dec

TACACS+ (tac_plus) with Brocade IronStack

This post shows how to configure a TACACS+ server for system authentication in Juniper SRX with open source tac_plus software.

Brocade IronStack configuration
aaa authentication web-server default local
aaa authentication login default tacacs+ enable local
aaa authentication login privilege-mode
aaa accounting commands 0 default start-stop tacacs+
aaa accounting exec default start-stop tacacs+
aaa accounting system default start-stop tacacs+
tacacs-server host 10.14.14.55
tacacs-server host 10.18.15.145
tacacs-server key NASKEYHERE
tacacs-server timeout 10
ip tacacs source-interface ve 998

reference: http://www1.brocade.com/downloads/documents/html_product_manuals/FI_ICX6650_07500_SCG/wwhelp/wwhimpl/common/html/wwhelp.htm#context=Security-converted&file=FI_Security.03.6.html

Incoming search terms:

  • brocade aaa server
  • brocade icx6650-64 tacacs
  • brocade tacacs
11 Oct

TACACS+ (tac_plus) with Juniper Netscreen SSG

This post shows how to configure a TACACS+ server for system authentication in Juniper Netscreen SSG with open source tac_plus software.

Juniper Netscreen SSG Configuration
set auth-server TACACS id 1
set auth-server TACACS server-name 192.168.1.100
set auth-server TACACS backup1 192.168.1.200 (optional)
set auth-server TACACS account-type admin
set auth-server TACACS type tacacs
set auth-server TACACS tacacs secret Tacacssecret1
set auth-server TACACS tacacs port 49
set admin auth server TACACS
set admin auth remote primary
set admin auth remote root
set admin privilege get-external

tac_plus configuration
key = Tacacssecret1
group = netscreen
{
service = netscreen
{
vsys = root
privilege = root
}
}
user = nmsns {
default service = permit
login = file /etc/passwd
member = netscreen
}

Incoming search terms:

  • tacacs plus juniper ssg
11 Oct

TACACS+ (tac_plus) with Juniper SRX

This post shows how to configure a TACACS+ server for system authentication in Juniper SRX with open source tac_plus software.

Juniper SRX configuration
Connect to SRX and enter configure mode
root@SRX-FW% cli
{primary:node1}
root@SRX-FW> configure
warning: Clustering enabled; using private edit
warning: uncommitted changes will be discarded on exit
Entering configuration mode{primary:node1}[edit]
root@SRX-FW#

Add a new TACACS+ server and set its IP address.
root@SRX-FW#set tacplus-server address 172.16.98.24

Specify the shared secret (password) of the TACACS+ server.
root@SRX-FW#set tacplus-server 172.16.98.24 secret Tacacssecret1

Specify the device’s loopback address as the source address.
root@SRX-FW#set tacplus-server 172.16.98.24 source-address 10.0.0.1

Set for single connection authentication
root@SRX-FW#set tacplus-server 172.16.98.24 single-connection

Set authentication order
root@SRX-FW# set system authentication-order tacplus
root@SRX-FW# set system authentication-order password

Set accounting logging
root@SRX-FW# set system accounting events login
root@SRX-FW#set system accounting events change-log
root@SRX-FW#set system accounting events interactive-commands
root@SRX-FW#set system accounting destination tacplus

Verify configuration
root@SRX-FW# show system tacplus-server
root@SRX-FW# show system accounting

tac_plus configuration
key = Tacacssecret1
group = srx {
service = junos-exec
{
local-user-name = root
}
}

user = srxadmin {
default service = permit
login = file /etc/passwd
member = srx
}

Incoming search terms:

  • juniper srx 345 tacacs server
  • junos tacas
  • Juniper TAC system
  • srx YANDEX
  • how to configure tacacs plus server for juniper
  • https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1828 G11AS8abecpbqUMrlo8bXxiKJ0ruWvrtPHuPMOadwRbsIdCBfMnBv50nEh5FkrD2 d9386682b756cdf106434029d52cbb4ba0967ef7&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme
  • juniper srx tacacs
  • srx tacacs
  • srx tacase认证
  • tacacs configuration on juniper srx
  • tacacs juniper srx
11 May

AdBlocking using BIND DNS Server

The purpose of the tutorial is to setup an ads blocking using Bind9 DNS Server. Tutorial is divided into 2 section: Setup Pixelserv and Setup AdBlock script for Bind9.
adblock

1. Setup Pixelserv

Pixelserv is a super minimal webserver, it’s one and only purpose is serving a 1×1 pixel transparent gif file. We will redirect web requests, for adverts, to our pixelserv (running in the same bind9 server).

Install Pixelserv

cd /usr/local/bin/
curl http://proxytunnel.sourceforge.net/files/pixelserv.pl.txt > pixelserv
chmod 755 pixelserv

We now need a simple init script for starting/stopping pixelserv, as /etc/init.d/pixelserv.

#! /bin/sh
# /etc/init.d/pixelserv
#
# Carry out specific functions when asked to by the system
case "$1" in
start)
echo "Starting pixelserv "
/usr/local/bin/pixelserv &
;;
stop)
echo "Stopping script pixelserv"
killall pixelserv
;;
*)
echo "Usage: /etc/init.d/pixelserv {start|stop}"
exit 1
;;
esac

exit 0
chmod 755 /etc/init.d/pixelserv

Add pixelserv to startup

update-rc.d pixelserv defaults

Run pixelserv

/etc/init.d/pixelserv start

bind9

2. AdBlock for Bind9

Create new file, /etc/bind/update.sh

curl "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig&showintro=0&mimetype=plaintext" | sed 's/null.zone.file/\/etc\/bind\/nullzonefile.txt/g' > ad-blacklist

Make it executable

chmod +x update.sh

Execute update.sh to download adservers file

./update.sh

Verify file content, make sure the path is changed from:

zone "24pm-affiliation.com" { type master; notify no; file "null.zone.file"; }; to zone "24pm-affiliation.com" { type master; notify no; file "/etc/bind/nullzonefile.txt"; };

Create adblock zone file, we named it as nullzonefile.txt

$TTL    86400   ; one day  
@       IN      SOA     ads.example.com. hostmaster.example.com. (
               2014090102
                    28800
                     7200
                   864000
                    86400 )          
                NS      my.dns.server.org          
                A       $YOUR_DNS_SERVER_IP 
@       IN      A       $YOUR_DNS_SERVER_IP
*       IN      A       $YOUR_DNS_SERVER_IP

Reload bind9 configuration

rndc reload

Test your DNS Server

dig @localhost 24pm-affiliation.com

Should returned your own server ip address.

Reference:
https://charlieharvey.org.uk/page/adblocking_with_bind_apache
The Best Ad Blocking Method
http://box.matto.nl/dnsadblok.html
http://www.deer-run.com/~hal/sysadmin/dns-advert.html
http://prefetch.net/blog/index.php/2006/05/27/using-bind-to-reduce-ad-server-content/

Incoming search terms:

  • bind9 block ads
  • ad blocking dns service
  • dns adblocker
  • dns for kids adblocker
  • free ad blocking dns servers
  • adblock dns server
  • free adblock dns Bind DNS Server
  • dns blocking services
  • ad blocker dns
  • dns ad blocker
  • bind9 block google ads
  • best free ad blocker dns
  • bind9 adblocker
  • bind pixelserv
  • ubuntu bind9 block