Tag Archive for 'how-to'

How To: Cisco VPN Client On Ubuntu

Published
by
Tyler
on May 17, 2007
in Internet, Linux, Noteworthy and Open Source
. 184 Comments Tags: , , , , , , , .

IMPORTANT UPDATE, SEE BELOW

So, I installed Ubuntu 7.04 Feisty Fawn beta about 2 months ago. I installed it on my notebook and one of my workstations, both of which had Windows installed previously. I’m not dual booting on those machine, they’re 100% Ubuntu now.

After getting everything setup and running nicely, I realized I had no way of connecting to the Cisco PIX VPN we have at work. This is really important for me to be able to do, my job depends on it. I immediately went to Google and started searching. Turns out a nice fellow named Alexander Griesser has created a patch for the Cisco VPN client. The most recent CIsco VPN client for linux won’t compile with kernels 2.6.19 or newer. There’s really not much of a difference between his instructions and this how-to. However, I’m including more detailed instructions for those who may not be familiar with compiling software on Linux.

Here’s the steps I took to get the Cisco VPN Client to work under Unbutu 7.04 (Feisty Fawn). In all reality, this should work with any version of Ubuntu, not just 7.04. I used this same method to get the Cisco VPN Client working on Ubuntu 8.04. Note: A $ at the beginning of a line signifies a command to be run from the terminal.

  1. Download vpnclient-linux-4.8.00.0490-k9.tar.gz (mirror) to your home directory.
  2. Open a terminal window and untar the vpnclient with the following command:
    $ tar xzf vpnclient-linux-4.8.00.0490-k9.tar.gz
    This will create a new folder called vpnclient in your home directory. Leave the terminal window open, you’ll need it later.
  3. Download the patch (mirror) and save it to the vpnclient folder that was created in step 2.
  4. Go back to your terminal window and move into the vpnclient folder:
    $ cd vpnclient/
  5. Now patch the Cisco VPN source with this command:
    $ patch < vpnclient-linux-2.6.22.diff
  6. Next we actually build the Cisco VPN client, issue this command:
    $ sudo ./vpn_install
    Just hit enter for everything it asks you, the defaults are all OK. You may see lots of warnings, but those are OK.
  7. The VPN client is installed, now we need to start it:
    $ sudo /etc/init.d/vpnclient_init start
  8. Place your .pcf configuration files in /etc/opt/cisco-vpnclient/Profiles/
  9. If your .pcf file is called myVPN.pcf, you’ll connect to the VPN with the following command:
    $ sudo vpnclient connect myVPN


That’s it! You should now be able to connect to your Cisco VPN with the official Cisco VPN client on Linux. This will probably work on pretty much any linux setup, not just Ubuntu.

UPDATE (8/18/2007): Alexander Griesser released a new patch that works with kernel versions 2.6.22 and greater. The new patch is backwards compatible, so it also works with older kernels as well, such as 2.6.10 and 2.6.21. All the download links above point to the newest release of the patch. I’ll continue to update this how-to as he releases new patches.

UPDATE (10/04/2007): Cisco has finally released a new version of their vpn client for Linux. This new version compiles on all the new 2.6.xx kernels without the need for patching! You can download it from Alexander’s site or you can get it right here.

UPDATE (12/29/2007): Alexander Griesser has a new project page for his Cisco VPN client patches. It contains basic usage information and will most likely always have the latest and greatest patch available for download. In addition to that, Alexander has a new patch to make version 4.8.01.0640-k9 of the Cisco VPN Client compile on 64bit systems. Again, you can download the latest Cisco VPN Client for linux from the following link:
http://www.longren.org/downloads/vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz

Ubuntu is a far cry from the Microsoft Windows OS that you’re used to. No need to pass the 70-270 or 70-649 exam to understand what’s going on. The Cisco 646-204 and 642-901 exams on the other would get more use with the open source format of this Linux release. Ubuntu is a 220-601 PC builder’s dream come true.

Popularity: 100% [?]

Twitter: Show Your Latest Entry On Your Blog

Published
by
Tyler
on March 10, 2007
in Internet, Noteworthy, PHP, Personal and WordPress
. 23 Comments Tags: , , , , , , , , , , .

Want to show your latest entry to Twitter on your WordPress blog or website? It’s really very simple. Don’t be scared off by the vague instructions for adding a badge at the Twitter Badge page. The Twitter Badge page has some Flash badges at the very top and some javascript badges immediately below the Flash badges.

We’re mostly interested in the javascript badges. I don’t give two shits about Flash and refuse to add something to this site that will cause unnecessary lag just because it’s “pretty”. I’m a pretty devout follower of the K.I.S.S. philosophy. And besides, all we’re covering here is how to show your latest Twitter entry, pretty basic. Take a look below to see how I display “My Latest Twitter” in my sidebar.

1. Open your themes sidebar.php file (probably in /wp-content/themes/theme_name/).

2. Determine where you would like your Recent Twitter Status to appear in your sidebar.

3. Copy the following code and paste it into sidebar.php in the location you chose in step 2.

<div class="sb-lasttwitter">
<h2><a href="http://twitter.com/yourTwitterUsername/"><?php _e('My Latest Twitter'); ?></a></h2>
<ul><li>
### insert javascript for Twitter Badge here ###
</li></ul>
</div>

4. Open your themes style.css file and add a class called sb-lasttwitter. You can expand on the styling for the sb-lasttwitter class all you want. The CSS I use is below, it should work for most people as-is.

/*- most recent twitter*/
.sb-lasttwitter ul li {
	list-style-type: none;
	}

5. After adding the sb-lasttwitter CSS class, save your style.css file and upload the newly modified file to your website.

6. Login to your Twitter account and click the “Badge” link at the top.

7. Click the first javascript badge, it should automatically select all of the code when you click on it. Copy the selected javascript code to your clipboard (right-click and copy).

8. After you’ve copied the badge javascript, go back to sidebar.php and find the line that reads: ### insert javascript for Twitter Badge here ###. Replace that line with the javascript you copied from step 7.

9. Save sidebar.php and upload it to your website, it goes in the same directory you uploaded style.css to.

10. Done! Visit your blog to (hopefully) see your latest twitter in the sidebar.

Once you’re done with that you should see “My Latest Twitter” in your sidebar. Immediately below that text you should see your most recent Twitter and how long ago it was entered.

You should also note that the code from step 2 may not work for every WordPress theme, in fact, it probably won’t. However, you should be able to make a few simple changes to make it fit perfectly with your blog’s theme. My point is, you may have to modify that code (and the CSS) to make this show properly with the rest of your blog theme.

Please be aware that the Twitter javascript badge breaks XHTML 1.0 Transitional validation. Fortunately, it’s an easy fix to get pages including the Twitter javascript badge to validate again. Remember, this is the javascript we copied in step 7.

Anyway, to make it pass XHTML 1.0 Transitional validation, have a look at the very last line of the javascript, towards the end of the line, should look similar to this:

?callback=twitterCallback&count=1"></script>

Replace the text above with the following text:

?callback=twitterCallback&amp;count=1"></script>

Modifying the last line of the javascript as described above will make your site/blog pass XHTML 1.0 Transitional validation, assuming nothing else in your site is broken. WDG has some good information on why this change will help your site pass validation.

If you have any problems with this, please let me know! I will try to help people as much as I can, no promises though. If there’s enough interest, I may end up throwing together a very simple wordpress plugin to do all this automatically. It would seem the only Twitter WordPress plugins currently available require the WordPress Widgets plugin, which I don’t use. I just want a simple plugin to include the basic javascript badge without the need for Widgets. If nothing pops up within the next few weeks I’ll probably get to work on a plugin of my own.

There are two full featured Twitter WordPress plugins currently in development, both should be fantastic. The first plugin is Twitter Tools from Alex King. Twitter Tools aims to provide full integration between Twitter and WordPress. The second plugin in development is Twitt-Twoo from Dean J. Robinson. Twitt-Twoo isn’t aiming to be a full integration plugin like Twitter Tools. Twitt-Twoo is much more basic, although I believe it will allow you to post to twitter right from the sidebar of your blog, provided you’re logged in. I’m not sure if that functionality will be included in Twitter Tools as well or not.

Popularity: 18% [?]

More SSH Brute Force Protection

Published
by
Tyler
on August 23, 2006
in Internet, Linux, Noteworthy, Personal and Security
. Comment Tags: , , , , , , , , , , , , .

Stopping SSH Brute Force Attacks resulted in some really great comments and suggestions from readers.

So, this is a follow up to the last SSH brute force post. I didn’t realize there was such a wide selection of applications for dealing with this, but there is! The two best looking options in my opinion are Fail2ban and DenyHosts.

I’ve actually started using DenyHosts on two machines now, and it’s working very well. I chose to go with DenyHosts for a very simple reason. Community stats. I love stats.

Anyway, if you’re looking for something to protect against ssh brute force attacks, go with Fail2ban or DenyHosts, they’re still being actively developed. I can’t say the same for Breakinguard, as it appears to have been abandoned about 1 year ago. And like I said, DenyHosts does it’s job extremely well, I couldn’t ask for anything more.

If you’re looking for another solution, try using cryptographic keys instead of passwords. A tutorial on configuring SSH to look for keys instead of passwords can be found here. This was suggested by commenter pwyll.

Oh, and this is the 700th post. yay!

Popularity: 7% [?]

Stopping SSH Brute Force Attacks

Published
by
Tyler
on August 21, 2006
in Internet, Linux, Noteworthy, Personal and Security
. Comments Tags: , , , , , , , , , , , .

A few weeks ago at work, I noticed a bunch of failed login attempts to one of our Linux servers. After doing some investigation, I found that no intrusion had actually been made, which is excellent. Lines similar to this were filling my /var/log/messages log file:

Aug 20 23:31:26 elixer sshd[22526]: Failed password for invalid user alias from 66.166.22.186 port 26217 ssh2

Notice they’re trying to login with the username “alias”, which doesn’t exist on that system. In fact, all the usernames attempted don’t exist, which makes me feel a little safer. Still, I don’t like seeing my boxes actively attacked. So, to stay on top of these breakin attempts, I installed Breakinguard.

Breakinguard basically watches your log file for any failed login attempts. You can set a pre-defined number of attempts that can be executed before breakinguard will block the IP.

The Package itself does a ‘tail -f’ of your syslog, and when it identifies a matching line within your logs, it logs this ‘attempt’. If more than the pre-defined number of attempts from the same IP address are received it triggers the iptables (or any other block method defined) block and also emails you notification.

I’ve never been able to get the configure script to work for me, simply because the perl module installation always fails. So, to get around that I simply installed these perl modules manually and commented out these lines in the configure script:

$PERL -MCPAN -e "install File::Tail"
$PERL -MCPAN -e "install IO::Socket"

Those two lines execute perl and try to install the File::Tail module and the IO::Socket module. After manually installing the perl modules below and commenting out the lines above in the configure script, the configure script should run and do it’s thing without error.

File::Tail
IO::Socket


After the configuration script has run, you should have a couple new files, /etc/breakinguard.conf and /etc/rc.d/breakinguard. Now, the /etc/breakinguard.conf file stores the breakinguard configuration. This is where you tell breakinguard which log file to monitor and how many incorrect login attempts are defined as a breakin.

I’m not going to bother going through all the options in breakinguard.conf, simply because they’re all explained pretty well within the conf file.

The other “new file”, /etc/rc.d/breakinguard is the script used to launch breakinguard. Run “/etc/rc.d/breakinguard start” to start breakinguard.

Once breakinguard is running, it will monitor whichever log file you specified in /etc/breakinguard.conf (/var/log/messages in my case). When it sees a failed login attempt, it will be noted. Now, when an IP fails a certain number of logins, iptables will be called to block all traffic from the IP.

Below is an example email that’s generated by Breakinguard when it blocks an IP:

BreakinGuard has blocked an IP based on suspicious activity
Please review this server.

Detail:
Hostname: elixer.hostname
IP Blocked: 202.82.16.180
Last log entry that caused the block:
Aug 22 06:17:05 elixer sshd[25591]: Failed password for invalid user alias from 202.82.16.180 port 45340 ssh2

Popularity: 7% [?]

Improved Permalink Redirection

Published
by
Tyler
on August 19, 2006
in Internet, Noteworthy, PHP, Personal and WordPress
. Comments Tags: , , , , , , , , , , , , , , , .

After a hard evenings work, I have a much better redirection method to replace the one I described in this post. Previously, I was simply guessing which post a searcher was looking for and displayed a link to that post.

That was all fine and dandy, but I have pretty good search ranking for various keywords. I’d like to keep it that way. After digging around a bit I came across the best method to keep my search rankings in place and manage to redirect the searcher to the desired post. Enter the 301 Permanent Redirect.

I found a nice simple PHP function to do redirection on any number of levels. This function has the ability to send specific HTTP/1.1 status codes based on the type of redirection desired. Since my old permalinks will never be valid again, I chose the 301 Permanent Redirect. A note, the function listed at the URL linked above doesn’t work as-is, you need to modify it. The modified function is below, plus some extra code. All of that code is in my themes header.php file.
Continue reading ‘Improved Permalink Redirection’

Popularity: 6% [?]

cheap xbox 360 games - buy from zavvi
cheap xbox 360 games - zavvi

mobile phones - Web Design - Savings - New York Hotel - Mortgage - Credit Card Consolidation
Search Engine Optimisation - Mobile Phone - Bike Insurance - Landlords Insurance - Search Engine Marketing - Mobile Phone