Wednesday, January 6, 2010

Grep in Windows

Ever wanted to grep a string in Windows console?  Here's how:
c:\>netstat -an | findstr 50000
There are other options for findstr.  You can check it out by typing "help findstr".

Tuesday, January 5, 2010

(L)AMP installation on Ubuntu

Just got a new server up and running.  Here are the commands to install Apache2, PHP5 and MySQL:
# apt-get install apache2 libapache2-mod-php5 mysql-server-5.1 php5-mysql php5-mcrypt
Make sure you do a restart.  Sometimes the apt-get process doesn't restart Apache properly to ensure the PHP5 module is loaded.
# /etc/init.d/apache2 restart

Compiling and installing libtorrent/rtorrent

Here are the steps to compile and install libtorrent/rtorrent.  The latest stable version of libtorrent/rtorrent is 0.12.6 and 0.8.6 respectively as of writing this article.  The tarballs can be obtained here.  Following commands must be run as root.
# apt-get install build-essential libssl-dev libssl0.9.8 libsigc++-2.0-dev libncurses5-dev libncursesw5-dev libcurl4-openssl-dev libssl-dev libssl0.9.8 libsigc++-2.0-dev libncurses5-dev libncursesw5-dev libcurl4-openssl-dev

# tar zxvf libtorrent-0.12.6.tar.gz
# cd libtorrent-0.12.6
# ./configure
# make
# make install
# ldconfig

# tar zxvf rtorrent-0.8.6.tar.gz
# cd rtorrent-0.8.6
# ./configure
# make
# make install
That's it :)  rtorrent is now installed in /usr/local/bin.

Sunday, January 3, 2010

OpenVPN with pam_mysql username/password authentication

Here's how I setup OpenVPN with pam_mysql using only username/password authentication (insecure, but really easy on the admin side :P).  Target platform is Ubuntu Jaunty.  For starters, you'll need the following installed:
  • openvpn
  • mysql - server installed and running
Get the latest version of pam_mysql from http://pam-mysql.sourceforge.net/.  Untar it into a working directory.  The latest version as of writing this article is 0.7RC1.  The pam_mysql package in Jaunty is broken.  You'll need to patch the Makefile.in with the following patch (thanks to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418500#50):
--- Makefile.in.chold   2008-07-14 10:25:53.000000000 +0200
+++ Makefile.in 2008-07-14 10:26:06.000000000 +0200
@@ -110,7 +110,7 @@
 CPPFLAGS = @CPPFLAGS@
 LDFLAGS = @LDFLAGS@
 LIBS = @LIBS@
-pam_mysql_la_LIBADD =
+pam_mysql_la_LIBADD = -lpam
 pam_mysql_la_OBJECTS =  pam_mysql.lo
 CFLAGS = @CFLAGS@
 COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

Save the above as patch.in in the same folder where you untar pam_mysql.  Then run the following command:
# patch -p0 <patch.in
That command will perform the patch process by using the patch.in file.  Next, we'll need to grab some deb packages to compile the module:
# apt-get install libmysql++-dev libpam0g-dev libgsasl7 libgsasl7-dev
Once that's done, proceed with the usual make commands (please note the extra configure options to enable SHA1 and MD5 options in the module):
# ./configure --with-cyrus-sasl2 --with-openssl
# make
# make install


The module should now be installed in /lib/security/pam_mysql.so.  Now to configure OpenVPN.  Here's my server configuration file:
port 1194
proto udp
dev tun

ca /etc/openvpn/easy-rsa/ca.crt
cert /etc/openvpn/
easy-rsa/server.crt
key /etc/openvpn/
easy-rsa/server.key
dh /etc/openvpn/
easy-rsa/dh1024.pem

server 10.128.127.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "redirect-gateway def1"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 2.2.2.2"

keepalive 10 120

comp-lzo

max-clients 50

persist-key
persist-tun

status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
mute 20

client-cert-not-required
username-as-common-name

plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn

The most important lines are the last three lines which have been bold.  Follow the commands below to setup OpenVPN server:
cd /etc/openvpn
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ easy-rsa
cd easy-rsa
vim vars # Edit KEY_* vars appropriately
source ./vars
./clean-all
./build-dh
./pkitool --initca
./pkitool --server server
To allow traffic to be routed from clients to the server, perform the following tasks:
echo 1 > /proc/sys/net/ipv4/ip_forward
edit /etc/sysctl.conf
Uncomment/add the line: net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -s 10.128.127.0/24 -o eth0 -j MASQUERADE
iptables-save
Now to configure PAM.  Create a file called openvpn in /etc/pam.d.  Below are its contents:
auth optional /lib/security/pam_mysql.so user=root passwd=pass host=localhost db=vpn_db table=tbl_user usercolumn=userid passwdcolumn=password where=active=1 sqllog=no crypt=4 verbose=0

account required /lib/security/pam_mysql.so user=root passwd=pass host=localhost db=vpn_db table=tbl_user usercolumn=userid passwdcolumn=password
where=active=1 sqllog=no crypt=4 verbose=0
crypt=4 instructs pam_mysql to use SHA1.  There are other options which you can view in the pam_mysql README file.  OpenVPN client configuration file is shown below:
client
dev tun
proto udp
remote my.vpn.server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
cipher BF-CBC
comp-lzo
verb 4
mute 20

Very lean and clean client config file.

Compiling openvpn-auth-ldap on Debian

Here are the steps I followed to compile openvpn-auth-ldap plugin on Debian:


apt-get install re2c 
apt-get install libldap2-dev
apt-get install gobjc
./configure --prefix=/usr/local --with-openldap=/usr/include --with-openvpn=/usr/include/openvpn

The libldap2-dev package is required for openldap header files while the gobjc package is required to satisfy sanity check on cpp.  Openvpn's header files are installed by default in /usr/include/openvpn