Category Archives: Linux

Graylog Syslog Input Failed to start on port 514

Probably you are having the same issue as me, so let me clarify. You can use lower ports when you run Graylog as root, since this is not the case how can we fix this? The catch is redirecting traffic from a different port 1514 to port 514 UDP/TCP.

Assuming that you are using Two Input Streams

[email protected]:~$ sudo iptables -t nat -A PREROUTING -p tcp –dport 514 -j REDIRECT –to 1514
[email protected]:~$ sudo iptables -t nat -A PREROUTING -p udp –dport 514 -j REDIRECT –to 1514

[email protected]:~$ netstat -nutlp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN –
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN –
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN –
tcp6 0 0 :::22 :::* LISTEN –
tcp6 0 0 10.4.252.246:9000 :::* LISTEN –
udp 0 0 127.0.0.53:53 0.0.0.0:* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –

[email protected]:~$ sudo iptables-save
# Generated by iptables-save v1.6.1 on Tue Jul 23 13:04:56 2019
*nat
:PREROUTING ACCEPT [33:2312]
:INPUT ACCEPT [84:11215]
:OUTPUT ACCEPT [33:2344]
:POSTROUTING ACCEPT [33:2344]
-A PREROUTING -p udp -m udp –dport 514 -j REDIRECT –to-ports 1514
-A PREROUTING -p tcp -m tcp –dport 514 -j REDIRECT –to-ports 1514
COMMIT
# Completed on Tue Jul 23 13:04:56 2019
# Generated by iptables-save v1.6.1 on Tue Jul 23 13:04:56 2019
*filter
:INPUT ACCEPT [111065:37834236]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [106771:36862434]
COMMIT
# Completed on Tue Jul 23 13:04:56 2019

Below you can confirm if the Policy is working, in this case the Chain OUTPUT.

[email protected]:~$ sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 124K packets, 42M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 119K packets, 41M bytes)
pkts bytes target prot opt in out source destination

TAP vs TUN Interfaces

What is the TUN ?
The TUN is Virtual Point-to-Point network device.
TUN driver was designed as low level kernel support for
IP tunneling.

What is the TAP ?
The TAP is a Virtual Ethernet network device.
TAP driver was designed as low level kernel support for
Ethernet tunneling.

What is the difference between TUN driver and TAP driver?
TUN works with IP frames. TAP works with Ethernet frames.

These kind of interfaces are supported in Linux

White box with Cumulus Networks

Probably you heard about “white box” term or Open Networking, which is a new move in the Networking Industry. It’s pretends decouple hardware from software in network device sold by vendor. Have you imagined running NX-OS in x86 server for a network fabric (leaf?) purpose? What do you earn doing this? It would be cheaper off course but you will need Network/Ops teams evolve with that (skill gap?). Some Service Providers like AT&T are moving on white box solutions, they are testing Provider Edge (PE) modes in¬† MPLS network, replacing expensive boxes from vendors which doing basic functions. At the moment Cisco is not getting there with any product! Juniper is doing some advances, his new product OCX 1100 you can run Cumulus. But what is Cumulus? It’s full-featured Linux OS for networking hardware!
I’ve had an opportunity to play with Cumulus (2 spines/leafs with OSPF, BGP, VXLAN, Bridging), and it seems interesting, but i would expect a more readable CLI. Are we be able to learn another CLI? Absolutely!

Recently Cumulus Networks launch a Virtual Edition called Cumulus VX , it’s available for different Hypervisors, so Network Engineers¬† will not be in the dark any more. Another benefit with Virtual editions is run a demonstration to customers is a few clicks.

Cumulus-VX-logo

Rescan NIC on Centos

After clone a VM (Centos 6) in Vmware i was not able to use the nic (eth0), after some research it was using the same original VM MAC-ADDRESS (00:0c:29:2c:a9:ae)

To solve it i did:

rm -f /etc/udev/rules.d/70-persistent-net.rules

Because this is my lab i can reboot my vservers whenever i want :), so i rebooted

After reboot i was able too see correct mac-address assigned to my vserver

[[email protected] ~]# cat /etc/udev/rules.d/70-persistent-net.rules
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x8086:0x100f (e1000) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:2c:a9:af", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

Eth0 Interface pick up the right MAC and  i was able to communicate with my Lab World :)

[[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:2c:a9:af
TYPE=Ethernet
UUID=9e18221f-2e93-4326-8923-d3f834d15c62
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=10.0.0.100
NETMASK=255.255.255.0
GATEWAY=10.0.0.254

Finalmente em IPv6 :)

Infelizmente durou mais que o previsto, mas já é possível aceder ao blog via IPv6 :)
A solu√ß√£o assenta em Dual-Stack, em que a componente IPv6 √© disponibilizada atrav√©s de um t√ļnel Point-to-Point IPv6 over IPv4 estabelecido com a Hurricane Electric.
Esta disponibiliza um Broker de T√ļneis sem qualquer custo, necessitando apenas de registar-se no site.
Ap√≥s ativado o registo, poder√° criar at√© 5 t√ļneis e atribuir prefixos /48 aos t√ļneis (rede para clientes), no site j√° existem diversas pr√©-configura√ß√Ķes para diferentes sistemas como: Cisco, Juniper, Fortigate, FreeBSD, Linux entre outros.

O esquema de rede é mais ou menos assim:

Quando um utilizador acede via IPv6, o tr√°fego √© encaminhado na Internet at√© √† rede da Hurricane Electric, encaminhando-o posteriormente pelo t√ļnel estabelecido. O retorno do tr√°fego √© efetuado exatamente pelo mesmo caminho.

Resumindo, agora existem 2 formas de aceder ao Blog, através de IPv4 e IPv6, portanto já não existem desculpas!

Referências:
Hurricane Electric Free IPv6 Tunnel Broker

Hosts Linux em apenas 20 MBytes com Tiny Core

Quem diria, uma vers√£o de Linux (Tiny Core) com algumas ferramentas b√°sicas de Networking (tcpdump,iperf,suporte IPv6,entre outras ) em apenas 20Mbytes, ideal para acrescentar aos laborat√≥rios no GNS3. O Tiny Core √© uma distribui√ß√£o de Linux bastante usada em microcontroladores, podendo usufruir de um mini-Destop que permite navegar na internet, ouvir m√ļsica ver filmes entre outras tarefas.
A base do sistema usa BusyBox e FLTK(GUI), este permite ainda adicionar extens√Ķes j√° pr√©-compiladas posteriormente √° instala√ß√£o base. Pode ser usado em vers√£o Live ou apartir de um disco.

As vers√Ķes do Tiny existentes s√£o:
“Core” (8 MB) – variante do Tiny Core sem interface gr√°fico, permite a adi√ß√£o de extens√Ķes podendo assim ter o interface gr√°fico
“Tiny Core” (12 MB) -recomendado para utilizadores que necessitam de usufruir de rede, inclui de Base o Sistema Core e interface gr√°fico.
“Core Plus” (64 MB) – permite a utiliza√ß√£o de Wireless e suporte a teclados non-US

Os requisitos mínimos são:

Mínimo: Tiny Core 46 MB, e o Core 28 MB RAM no mínimo. CPU mínimo i486DX
Recomendado: Pentium 2 CPU & 128 MB RAM

Poder√° efetuar download apartir do Site Oficial.

Extens√Ķes:
As extens√Ķes est√£o dispon√≠veis no reposit√≥rio http://distro.ibiblio.org/tinycorelinux/4.x/x86/tcz/

Após instalar a versão Tiny Core, deverá executar os seguintes passos:

1. Suporte teclado PT

tce-load -wi kmaps.tcz
sudo loadkmap < /usr/share/kmap/qwerty/pt-latin1.kmap

Opcionalmente poder√° adicionar ao boot do sistema:

vi /opt/bootlocal.sh
loadkmap < /usr/share/kmap/qwerty/pt-latin1.kmap

2. Instalar a extens√Ķes pretendidas (Consulte o Reposit√≥rio)

tce-load -wi openssh.tcz
tce-load -wi iperf.tcz
tce-load -wi iptraf.tcz
tce-load -wi tcpdump.tcz
tce-load -wi ipv6-3.0.21-tinycore.tcz

Para permitir o suporte de IPv6, dever√° executar:

sudo modprobe ipv6

Verifique se o módulo foi carregado com sucesso:

lsmod | grep ipv6

Partilho aqui o meu PC (apenas 20MB) que utilizo nos Labs do GNS3, a Imagem est√° em Formato VDI.

Nota: O √ļnico user existente √© o tc (sem password), caso necessite de instalar algum plugin dever√° executar o comando sudo . Para mais informa√ß√Ķes dever√° consultar http://wiki.tinycorelinux.net/wiki:passwd

Referências:
Comparison of Linux Live Distros
Site Oficial Tiny Core Linux
Reposit√≥rio Extens√Ķes Tiny Core

Reset SolusVM Admin Password

O SolusVM é um painel de Controlo que permite gerir VPS (Virtual Private Servers) em ambientes OpenVZ e Xen.

A consola de gest√£o Web permite gerir infra-estrutura de uma forma eficaz, o user e password por default s√£o vpsadmin.

Se perder a password de Admin poder√° recuperar novamente o acesso da seguinte forma:

php /usr/local/solusvm/scripts/pass.php --type=admin --comm=change --username=

O par√Ęmetro ‚Äďusername refere-se ao user Admin do SolusVM, caso nunca tenha alterado o default √©¬† vpsadmin.

O Output do comando é semelhante a:

New password: 9.k#ksla7f89

Host … is not allowed to connect to this MySQL server

Por defeito o MySql apenas permite liga√ß√Ķes do user root vindo do “localhost”, para permitir liga√ß√Ķes remotas √© necess√°rio efetuar o seguinte.

[[email protected] ~]#mysql -u root -p
Enter password: **************
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.5.18 MySQL Community Server (GPL)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement

mysql> use mysql;
Database changed
mysql> select user,host from user;
+——————+————–+
| user                        | host                 |
+——————+————–+
| root                 | localhost                 |
| teste               | localhost                 |
+————-+——————+
5 rows in set (0.00 sec)

mysql>GRANT ALL PRIVILEGES ON *.* TO [email protected]o_meu_ip IDENTIFIED BY ‘root_password‘ WITH GRANT OPTION;

mysql> select user,host from user;
+————-+————–+
| user                | host                 |
+————-+————–+
| root                 | o_meu_ip      |
| root                 | localhost         |
| teste               | localhost          |
+————-+—————+

Forçar Speed e Full-Duplex Linux

Uma ferramenta interessante em Linux para interagir com as placas de rede da m√°quina √© sem d√ļvida o ethtool.

Objetivo: Forçar a placa de rede (eth1) a 100 Mbps Full Duplex c/ autonegociação
desativada

ethtool -s eth1 speed 100 duplex full autoneg off

[ethtool Help ]

ethtool -s ethX [speed 10|100|1000] [duplex half|full] [port tp|aui|bnc|mii] [autoneg on|off] [phyad N] [xcvr internal|external] [wol p|u|m|b|a|g|s|d…] [sopass xx:yy:zz:aa:bb:cc] [msglvl N]