Archive for Outras

Tabela de conversão RSSI para dbm

Nota: Tabela para CISCO

Cisco has the most granular dBm lookup table.
RSSI_Max = 100
Convert % to RSSI and lookup the result in the following table. The RSSI is on the left,
and the corresponding dBm value (a negative number) is on the right.

0 = -113
1 = -112
2 = -111
3 = -110
4 = -109
5 = -108
6 = -107
7 = -106
8 = -105
9 = -104
10 = -103
11 = -102
12 = -101
13 = -99
14 = -98
15 = -97
16 = -96
17 = -95
18 = -94
19 = -93
20 = -92
21 = -91
22 = -90
23 = -89
24 = -88
25 = -87
26 = -86
27 = -85
28 = -84
29 = -83
30 = -82
31 = -81
32 = -80
33 = -79
34 = -78
35 = -77
36 = -75
37 = -74
38 = -73
39 = -72
40 = -70
41 = -69
42 = -68
43 = -67
44 = -65
45 = -64
46 = -63
47 = -62
48 = -60
49 = -59
50 = -58
51 = -56
52 = -55
53 = -53
54 = -52
55 = -50
56 = -50
57 = -49
58 = -48
59 = -48
60 = -47
61 = -46
62 = -45
63 = -44
64 = -44
65 = -43
66 = -42
67 = -42
68 = -41
69 = -40
70 = -39
71 = -38
72 = -37
73 = -35
74 = -34
75 = -33
76 = -32
77 = -30
78 = -29
79 = -28
80 = -27
81 = -25
82 = -24
83 = -23
84 = -22
85 = -20
86 = -19
87 = -18
88 = -17
89 = -16
90 = -15
91 = -14
92 = -13
93 = -12
94 = -10
95 = -10
96 = -10
97 = -10
98 = -10
99 = -10
100 = -10

Juniper SRX Port Forwarding / Destination NAT

Imagem 21

Resumo: Redirecionamento de portas usando CLI no Juniper SRX 240

SO: JUNOS Software Release [10.0R3.10]

juniper

1 – Configurar as entradas dos endereços das entidades:

set security zones security-zone DMZ-trust address-book address WebServer 10.254.254.2/32
set security zones security-zone DMZ-trust address-book address SftpServer 10.254.254.3/32

2 – Tradução das configurações de portas (nome para número):

set applications application HTTP protocol tcp
set applications application HTTP destination-port 80
set applications application SSH protocol tcp
set applications application SSH destination-port 22

3 – CONFIGURAÇÕES DE NAT

Ambos servidores e portas definidos com seus ips privados:

set security nat destination pool dnat_10_254_254_2m32 address 10.254.254.2/32 port 80
set security nat destination pool dnat_10_254_254_3m32 address 10.254.254.3/32 port 22

4 – Politica de Nat que faz a tradução:

set security nat destination rule-set DEST-NAT from zone untrust

Para o Web Server:

set security nat destination rule-set DEST-NAT rule WEB-SERVER-TCP-80 match destination-address 172.16.254.1/32
set security nat destination rule-set DEST-NAT rule WEB-SERVER-TCP-80 match destination-port 80
set security nat destination rule-set DEST-NAT rule WEB-SERVER-TCP-80 then destination-nat pool dnat_10_254_254_2m32

Para o SFTP

set security nat destination rule-set DEST-NAT rule SFTP-SERVER-TCP-22 match destination-address 172.16.254.1/32
set security nat destination rule-set DEST-NAT rule SFTP-SERVER-TCP-22 match destination-port 22
set security nat destination rule-set DEST-NAT rule SFTP-SERVER-TCP-22 then destination-nat pool dnat_10_254_254_3m32

5 – Configuração de Política de Segurança, IPs privados e portas de servidor Web e SFTP Server são definidos aqui:

para o Web Server:

set security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match source-address any
set security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match destination-address WebServer
set security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match application HTTP
set security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ then permit

para o SFTP Server

set security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match source-address any
set security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match destination-address SftpServer
set security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ match application SSH
set security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ then permit

Substituição Ports Freebsd por SVN

As of July 2012, FreeBSD uses Subversion as the primary version control system for storing all of FreeBSD’s source code, documentation, and the Ports Collection.

Installation

# cd /usr/ports/devel/subversion
# make install clean

If the ports tree is not available, Subversion can be installed as a package:

# pkg install devel/subversion

Running Subversion

svn checkout https://svn.FreeBSD.org/ports/head /usr/ports

where:

svn-mirror is a URL for one of the Subversion mirror sites.

repository is one of the Project repositories, i.e., base, ports, or doc.

branch depends on the repository used. ports and doc are mostly updated in the head branch, while base maintains the latest version of -CURRENT under head and the respective latest versions of the -STABLE branches under stable/8 (for 8.x), stable/9 (9.x) and stable/10 (10.x).

lwcdir is the target directory where the contents of the specified branch should be placed. This is usually /usr/ports for ports, /usr/src for base, and /usr/doc for doc.

Because the initial checkout has to download the full branch of the remote repository, it can take a while. Please be patient.

After the initial checkout, the local working copy can be updated by running:

# svn update lwcdir

To update /usr/ports created in the example above, use:

# svn update /usr/ports

The update is much quicker than a checkout, only transferring files that have changed.

An alternate way of updating the local working copy after checkout is provided by the Makefile in the /usr/ports, /usr/src, and /usr/doc directories. Set SVN_UPDATE and use the update target. For example, to update /usr/src:

# cd /usr/src

# make update SVN_UPDATE=yes

Ref: https://www.freebsd.org/doc/handbook/svn.html

Instalação NRPE Centos

1 – Instalação nrpe e plugins Nagios

[root@~]# yum install nrpe nagios-plugins-nrpe bc glibc.i686

Instalação do pacote --> glibc.i686 ideal para funcionamento em sistemas 64bits quando retorna mensagens do tipo:

[root@uferes ~]# /usr/lib64/nagios/plugins/check_procs -w 150 -c 200
-bash: /usr/lib64/nagios/plugins/check_procs: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory

2 – Editar o SUDO (visudo)

[root@~]# visudo
# Como não sei o usuario definido em sua instalação vou adicionar os dois.
nagios  ALL=(ALL) NOPASSWD:/usr/lib64/nagios/plugins/
nrpe  ALL=(ALL) NOPASSWD:/usr/lib64/nagios/plugins/

#comentar o parâmetro abaixo
#Defaults    requiretty

3 – Verificar se os plugins que constam em /usr/lib64/nagios/plugins/

4 – Editar o arquivo /etc/nagios/nrpe.cfg

# permitir os hosts que irão controlar:
allowed_hosts=127.0.0.1,meuservidormaster.sytes.net

# mudar a opção do blame
dont_blame_nrpe=1

## Exemplos de comandos:
command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10
command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_hda1]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200
command[check_mem]=sudo /usr/lib64/nagios/plugins/check_mem.sh 75 85
command[check_uptime]=sudo /usr/lib64/nagios/plugins/check_uptime
#command[check_mysql_query]=/usr/lib64/nagios/plugins/check_mysql_query  -q "SELECT  round(SUM(duration)/60) Minutos FROM cdr WHERE calldate > ( NOW( ) - INTERVAL 30 DAY ) AND dst = 's' AND dcontext = 'recebesp2300'"  -d asterisk -H localhost -P 3306 -u root -p zoltrix90
command[check_asterisk_peer]=sudo /usr/lib64/nagios/plugins/nagisk.pl -c peer -p $ARG2$ -w $ARG3$ -x $ARG4$
command[check_asterisk_version]=/usr/bin/sudo /usr/lib64/nagios/plugins/nagisk.pl -c version
command[check_asterisk_peers]=sudo /usr/lib64/nagios/plugins/nagisk.pl -c peers
command[check_asterisk_channels]=sudo /usr/lib64/nagios/plugins/nagisk.pl -c channels
command[check_asterisk_peer_ramal937]=sudo /usr/lib64/nagios/plugins/nagisk.pl -c peer -p 937 -w 60 -x 70

6 – Liberar no firewall as portas de acesso ao nrpe e smnp

vim /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 14161 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5666 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 161 -j ACCEPT
/etc/init.d/iptables restart

7 – Dar start na aplicação do nrpe e inicia-lo no boot

/etc/init.d/nrpe start
chkconfig nrpe start

Squid + Clamav (c-icap, clamd e squidclamav) – Antivírus no Proxy – CentOS 7

Imagem 27

CentOS 7 64bits
Squid Cache: Version 3.4.6

1 – Instalar CLAMAV

# install from EPEL
[root@dlp ~]# yum --enablerepo=epel -y install clamav clamav-update
[root@dlp ~]# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf
# update pattern files
[root@dlp ~]# freshclam
ClamAV update process started at Fri Aug 29 22:03:30 2014
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cvd is up to date (version: 19314, sigs: 1094505, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 242, sigs: 46, f-level: 63, builder: dgoddard)

2 – Testar scaneamento

[root@dlp ~]# clamscan --infected --remove --recursive /home

----------- SCAN SUMMARY -----------
Known viruses: 3575245
Engine version: 0.98.4
Scanned directories: 2
Scanned files: 3
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 10.369 sec (0 m 10 s)

# faça download de um virus Trial:
[root@dlp ~]# curl -O http://www.eicar.org/download/eicar.com

# teste a remoção dele e veja saída do comando:
[root@dlp ~]# clamscan --infected --remove --recursive .
./eicar.com: Eicar-Test-Signature FOUND
./eicar.com: Removed. # just detected
----------- SCAN SUMMARY -----------
Known viruses: 3575245
Engine version: 0.98.4
Scanned directories: 3
Scanned files: 10
Infected files: 1
Data scanned: 0.00 MB
Data read: 256.57 MB (ratio 0.00:1)

3 – Instalação Clamav server

# install from EPEL
[root@prox ~]# yum --enablerepo=epel -y install clamav-server clamav-server-systemd
[root@prox ~]# cp /usr/share/doc/clamav-server*/clamd.conf /etc/clamd.d/squid.conf 
[root@prox ~]# vi /etc/clamd.d/squid.conf
# Alterar esse arquivo de acordo:
# line 8: Comente
#Example
# line 14: descomente e troque 
LogFile /var/log/clamd.squid
# line 66: descomente e troque 
PidFile /var/run/clamd.squid/clamd.pid
# line 70: descomente
TemporaryDirectory /var/tmp
# line 85: descomente e troque 
LocalSocket /var/run/clamd.squid/clamd.sock
# line 101: descomente 
TCPSocket 3310
# 195: troque
User squidclamav

Adicionar o usuário (sem necessidade de login)

[root@prox ~]# useradd -d /var/tmp -s /sbin/nologin squidclamav 
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.

# Criando o diretório
[root@prox ~]# mkdir /var/run/clamd.squid 

Permissões do usuário ao diretório:
[root@prox ~]# chown squidclamav. /var/run/clamd.squid 
[root@prox ~]# cp /usr/share/doc/clamav-server*/clamd.sysconfig /etc/sysconfig/clamd.squid 

[root@prox ~]# vi /etc/sysconfig/clamd.squid
# 1, 2: descomente e troque 
CLAMD_CONFIGFILE=/etc/clamd.d/squid.conf
CLAMD_SOCKET=/var/run/clamd.squid/clamd.sock

[root@prox ~]# vi /etc/tmpfiles.d/clamd.squid.conf
# crie um novo arquivo contendo:
d /var/run/clamd.squid 0755 squidclamav squidclamav -

[root@prox ~]# vi /usr/lib/systemd/system/clamd@.service
# Adicionar as seguintes linhas ao final do arquivo:
[Install]
WantedBy=multi-user.target

[root@prox ~]# touch /var/log/clamd.squid 
[root@prox ~]# chown squidclamav. /var/log/clamd.squid 
[root@prox ~]# chmod 600 /var/log/clamd.squid 

# Adicionando para inicialização automática junto ao boot:
[root@prox ~]# systemctl start clamd@squid 
[root@prox ~]# systemctl enable clamd@squid 
ln -s '/usr/lib/systemd/system/clamd@.service' '/etc/systemd/system/multi-user.target.wants/clamd@squid.service'

4 – Instalação do icap

[root@prox ~]# yum -y install gcc make 
[root@prox ~]# curl -O http://ftp.jaist.ac.jp/pub/sourceforge/c/project/c-/c-icap/c-icap/0.3.x/c_icap-0.3.4.tar.gz
[root@prox ~]# tar zxvf c_icap-0.3.4.tar.gz 
[root@prox ~]# cd c_icap-0.3.4 
[root@prox c_icap-0.3.4]# ./configure 
[root@prox c_icap-0.3.4]# make
[root@prox c_icap-0.3.4]# make install 
[root@prox c_icap-0.3.4]# cd 
[root@prox ~]# cp /usr/local/etc/c-icap.conf /etc 

[root@prox ~]# vi /etc/c-icap.conf
# line 140: troque para seu email
ServerAdmin root@server.world
# line 149: coloque o hostname do servidor em questão
ServerName prox.server.world
# line 500: add
Service squidclamav squidclamav.so

[root@prox ~]# vi /etc/tmpfiles.d/c-icap.conf
# crie um novo arquivo contendo
d /var/run/c-icap 0755 root root -

# Criar o arquivo de inicialização com o conteúdo abaixo.
[root@prox ~]# vi /etc/rc.d/init.d/c-icap
# ----------------- COMEÇA AQUI ----------------------------
 #!/bin/bash

# c-icap: Start/Stop c-icap
# chkconfig: - 70 30
# description: c-icap is an implementation of an ICAP server.
# processname: c-icap
# pidfile: /var/run/c-icap/c-icap.pid

. /etc/rc.d/init.d/functions
. /etc/sysconfig/network

CONFIG_FILE=/etc/c-icap.conf
PID_DIR=/var/run/c-icap

RETVAL=0
start() {
   echo -n $"Starting c-icap: "
   daemon /usr/local/bin/c-icap -f $CONFIG_FILE
   RETVAL=$?
   echo
   [ $RETVAL -eq 0 ] && touch /var/lock/subsys/c-icap
   return $RETVAL
}
stop() {
   echo -n $"Stopping c-icap: "
   killproc c-icap
   rm -f /var/run/c-icap/c-icap.ctl
   RETVAL=$?
   echo
   [ $RETVAL -eq 0 ] && rm -f $PID_DIR/c-icap.pid /var/lock/subsys/c-icap
   return $RETVAL
}
case "$1" in
   start)
      start
   ;;
   stop)
      stop
   ;;
   status)
      status c-icap
   ;;
   restart)
      stop
      start
   ;;
   *)
      echo $"Usage: $0 {start|stop|status|restart}"
   exit 1
esac
exit $?
# ----------------- TERMINA AQUI ----------------------------

# Atribua as permissões
[root@prox ~]# chmod 755 /etc/rc.d/init.d/c-icap 

5 – Instalação squid clamav

[root@prox ~]# curl -L -O http://downloads.sourceforge.net/project/squidclamav/squidclamav/6.11/squidclamav-6.11.tar.gz 
[root@prox ~]# tar zxvf squidclamav-6.11.tar.gz 
[root@prox ~]# cd squidclamav-6.11 
[root@prox squidclamav-6.11]# ./configure --with-c-icap 
[root@prox squidclamav-6.11]# make
[root@prox squidclamav-6.11]# make install 

[root@prox squidclamav-6.11]# cd 
[root@prox ~]# ln -s /usr/local/etc/squidclamav.conf /etc/squidclamav.conf 

#Procure pelo arquivo clwarn.cgi.pt_BR e copie ele para o diretório do apache cgi-bin
[root@prox ~]# cp /usr/src/squidclamav-6.11/cgi-bin/clwarn.cgi.pt_BR /var/www/cgi-bin/

[root@prox ~]# vi /etc/squidclamav.conf
# line 17: Troque para o local onde copio o arquivo clwarn.cgi.pt_BR
redirect http://192.168.254.254:81/cgi-bin/clwarn.cgi.pt_BR
# line 26: troque para igual o sock do clamd
clamd_local /var/run/clamd.squid/clamd.sock

# Adicionando na inicialização junto ao boot
[root@prox ~]# systemctl start c-icap 
[root@prox ~]# chkconfig --add c-icap 
[root@prox ~]# chkconfig c-icap on 

6 – Adicionando os parâmetros ao final do squid

[root@prox ~]# vi /etc/squid/squid.conf
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all

7 – Restart do squid e teste

systemctl restart squid 

Instalar:
yum install perl-CGI

Conferir parametros cgi no apache.

Obs: Seria interessante realizar um restart do servidor para averiguar se todos os serviços subirão automaticamente.

Entre no site http://eicar.org/85-0-Download.html e clique sobre o “eicar.com” que eh um virus trial para teste.
Deverá apresentar a tela do Clamav bloqueando o acesso como abaixo:
Imagem 28

8 – Adicionar no crontab a atualização do antivirus e procura dos virus

# Atualizando a base de dados do clamav diariamente:
00 1 * * * /usr/bin/freshclam > /dev/null &> /dev/null
# Varrendo diretorios com clamav e enviando os virus para o diretorio INFECTADOS criado
00 23 * * * /usr/bin/clamscan -r –move=/storage1/infectados /share/publica
00 20 * * * /usr/bin/clamscan -r –move=/storage1/infectados /var/www