takraw's blog

Tuesday, May 18, 2021

Install docker on Linux Alpine 3.13.5

Install Docker:

$ apk --no-cache add --repository http://dl-cdn.alpinelinux.org/alpine/edge/main libseccomp

$ apk --no-cache add --repository http://dl-cdn.alpinelinux.org/alpine/edge/community docker

Add User to Docker Group:

addgroup itcadmin docker

Start Docker on Boot:

rc-update add docker boot

service docker start

Install docker-compose:

uncoment

#http://dl-cdn.alpinelinux.org/alpine/v3.13/community

and

#http://dl-cdn.alpinelinux.org/alpine/v3.13/community

EX.

alpine-tpl:/etc/apk# more repositories

#/media/cdrom/apks

http://dl-cdn.alpinelinux.org/alpine/v3.13/main

http://dl-cdn.alpinelinux.org/alpine/v3.13/community

#http://dl-cdn.alpinelinux.org/alpine/edge/main

#http://dl-cdn.alpinelinux.org/alpine/edge/community

#http://dl-cdn.alpinelinux.org/alpine/edge/testing

apk add docker-compose

Friday, April 30, 2021

Freeradius Linelog

freeradius linelog

edit file /etc/freeradius/modules/linelog

linelog log_postauth_json {

format = "%t linelog_postauth \%Packet-Type non reconnu for %{User-Name} (%{Packet-Type})"

filename = ${logdir}/linelog/linelog_json.log

syslog_facility = local3

syslog_serverity = info

permissions = 0600

reference = "messages.%{%{reply:Packet-Type}:-format}"

messages {

Access-Reject = "{\"Datetime\":\"%t\",\"Module_Name\":\"linelog_postauth\",\"Packet-Type\":\"%{reply:Packet-Type}\",\"User-Name\":\"%{User-Name}\",\"Realm\":\"%{Realm}\",\"NAS-IP-Address\":\"%{NAS-IP-Address}\",\"NAS-Port\":\"%{NAS-Port}\",\"Service-Type\":\"%{Service-Type}\",\"Framed-MTU\":\"%{Framed-MTU}\",\"State\":\"%{State}\",\"Class\":\"%{Class}\",\"Vendor-Specific\":\"%{Vendor-Specific}\",\"Session-Timeout\":\"%{Session-Timeout}\",\"Idle-Timeout\":\"%{Idle-Timeout}\",\"Termination-Action\":\"%{Termination-Action}\",\"Called-Station-Id\":\"%{Called-Station-Id}\",\"Calling-Station-Id\":\"%{Calling-Station-Id}\",\"NAS-Identifier\":\"%{NAS-Identifier}\",\"Proxy-State\":\"%{Proxy-State}\",\"Login-LAT-Service\":\"%{Login-LAT-Service}\",\"Login-LAT-Node\":\"%{Login-LAT-Node}\",\"Login-LAT-Group\":\"%{Login-LAT-Group}\",\"Framed-AppleTalk-Link\":\"%{Framed-AppleTalk-Link}\",\"Framed-AppleTalk-Network\":\"%{Framed-AppleTalk-Network}\",\"Framed-AppleTalk-Zone\":\"%{Framed-AppleTalk-Zone}\",\"CHAP-Challenge\":\"%{CHAP-Challenge}\",\"NAS-Port-Type\":\"%{NAS-Port-Type}\",\"Port-Limit\":\"%{Port-Limit}\",\"Login-LAT-Port\":\"%{Login-LAT-Port}\"}"

Access-Challenge = "{\"Datetime\":\"%t\",\"Module_Name\":\"linelog_postauth\",\"Packet-Type\":\"%{reply:Packet-Type}\",\"User-Name\":\"%{User-Name}\",\"Realm\":\"%{Realm}\",\"NAS-IP-Address\":\"%{NAS-IP-Address}\",\"NAS-Port\":\"%{NAS-Port}\",\"Service-Type\":\"%{Service-Type}\",\"Framed-Protocol\":\"%{Framed-Protocol}\",\"Framed-IP-Address\":\"%{Framed-IP-Address}\",\"Framed-IP-Netmask\":\"%{Framed-IP-Netmask}\",\"Framed-Routing\":\"%{Framed-Routing}\",\"Filter-Id\":\"%{Filter-Id}\",\"Framed-MTU\":\"%{Framed-MTU}\",\"Framed-Compression\":\"%{Framed-Compression}\",\"Login-IP-Host\":\"%{Login-IP-Host}\",\"Login-Service\":\"%{Login-Service}\",\"Login-TCP-Port\":\"%{Login-TCP-Port}\",\"Reply-Message\":\"%{Reply-Message}\",\"Callback-Number\":\"%{Callback-Number}\",\"Callback-Id\":\"%{Callback-Id}\",\"Framed-Route\":\"%{Framed-Route}\",\"Framed-IPX-Network\":\"%{Framed-IPX-Network}\",\"State\":\"%{State}\",\"Class\":\"%{Class}\",\"Vendor-Specific\":\"%{Vendor-Specific}\",\"Session-Timeout\":\"%{Session-Timeout}\",\"Idle-Timeout\":\"%{Idle-Timeout}\",\"Termination-Action\":\"%{Termination-Action}\",\"Called-Station-Id\":\"%{Called-Station-Id}\",\"Calling-Station-Id\":\"%{Calling-Station-Id}\",\"NAS-Identifier\":\"%{NAS-Identifier}\",\"Proxy-State\":\"%{Proxy-State}\",\"Login-LAT-Service\":\"%{Login-LAT-Service}\",\"Login-LAT-Node\":\"%{Login-LAT-Node}\",\"Login-LAT-Group\":\"%{Login-LAT-Group}\",\"Framed-AppleTalk-Link\":\"%{Framed-AppleTalk-Link}\",\"Framed-AppleTalk-Network\":\"%{Framed-AppleTalk-Network}\",\"Framed-AppleTalk-Zone\":\"%{Framed-AppleTalk-Zone}\",\"CHAP-Challenge\":\"%{CHAP-Challenge}\",\"NAS-Port-Type\":\"%{NAS-Port-Type}\",\"Port-Limit\":\"%{Port-Limit}\",\"Login-LAT-Port\":\"%{Login-LAT-Port}\"}"

Access-Accept = "{\"Datetime\":\"%t\",\"Module_Name\":\"linelog_postauth\",\"Packet-Type\":\"%{reply:Packet-Type}\",\"User-Name\":\"%{User-Name}\",\"Realm\":\"%{Realm}\",\"NAS-IP-Address\":\"%{NAS-IP-Address}\",\"NAS-Port\":\"%{NAS-Port}\",\"Service-Type\":\"%{Service-Type}\",\"Framed-MTU\":\"%{Framed-MTU}\",\"Login-IP-Host\":\"%{Login-IP-Host}\",\"Login-Service\":\"%{Login-Service}\",\"Login-TCP-Port\":\"%{Login-TCP-Port}\",\"Reply-Message\":\"%{Reply-Message}\",\"Callback-Number\":\"%{Callback-Number}\",\"Callback-Id\":\"%{Callback-Id}\",\"Framed-Route\":\"%{Framed-Route}\",\"Framed-IPX-Network\":\"%{Framed-IPX-Network}\",\"State\":\"%{State}\",\"Class\":\"%{Class}\",\"Vendor-Specific\":\"%{Vendor-Specific}\",\"Session-Timeout\":\"%{Session-Timeout}\",\"Idle-Timeout\":\"%{Idle-Timeout}\",\"Termination-Action\":\"%{Termination-Action}\",\"Called-Station-Id\":\"%{Called-Station-Id}\",\"Calling-Station-Id\":\"%{Calling-Station-Id}\",\"NAS-Identifier\":\"%{NAS-Identifier}\",\"Proxy-State\":\"%{Proxy-State}\",\"Login-LAT-Service\":\"%{Login-LAT-Service}\",\"Login-LAT-Node\":\"%{Login-LAT-Node}\",\"Login-LAT-Group\":\"%{Login-LAT-Group}\",\"Framed-AppleTalk-Link\":\"%{Framed-AppleTalk-Link}\",\"Framed-AppleTalk-Network\":\"%{Framed-AppleTalk-Network}\",\"Framed-AppleTalk-Zone\":\"%{Framed-AppleTalk-Zone}\",\"CHAP-Challenge\":\"%{CHAP-Challenge}\",\"NAS-Port-Type\":\"%{NAS-Port-Type}\",\"Port-Limit\":\"%{Port-Limit}\",\"Login-LAT-Port\":\"%{Login-LAT-Port}\",\"VLAN\":\"%{Tunnel-Private-Group-ID:0}\"}"

}

edit site enable /etc/freeradius/site-enabled/default

post-auth {

log_postauth_json

Post-Auth-Type REJECT {

log_postauth_json

}

create log rotate policy /etc/logrotate.d/linelog

/var/log/freeradius/linelog/linelog_json.log

{

rotate 99

daily

dateext

missingok

notifempty

delaycompress

compress

sharedscripts

postrotate

invoke-rc.d rsyslog rotate > /dev/null

endscript

}

Thursday, April 29, 2021

forward authentication log on freeradius to syslog server

enable: authen log on radius.log

edit /etc/freeradius/radiusd.conf

# Log authentication requests to the log file.

# allowed values: {no, yes}

auth = yes

# Log passwords with the authentication requests.

# auth_badpass - logs password if it's rejected

# auth_goodpass - logs password if it's correct

# allowed values: {no, yes}

auth_badpass = yes

auth_goodpass = yes

restart services freeradius:

/etc/init.d/freeradius restart

create file rc.capture

#!/bin/bash

tail -F /var/log/freeradius/radius.log | logger -t freeradius -p local3.info &

chmod a+x /etc/init.d/rc.capture

add line in /etc/rc.local file

/etc/init.d/rc.capture

set remote syslog server

local3.* @10.10.31.71:514

# @ udp

# @@ tcp

Wednesday, April 28, 2021

Clear Buff/Cache Linux

echo 3 > /proc/sys/vm/drop_caches

Sunday, April 18, 2021

Python Random Function

import math

import random

import string

def generate_random_digit(length):

digits = "0123456789"

otp = ""

for i in range(length):

otp += digits[math.floor(random.random() * 10)]

print(otp)

def generate_random(length):

print(string.ascii_uppercase)

print(string.ascii_lowercase)

print(string.ascii_letters)

print(string.digits)

print(''.join(random.choices(string.digits, k=length)))

print(''.join(random.choices(string.ascii_letters+string.digits, k=length)))

print(''.join(random.choices(string.ascii_uppercase+string.digits, k=length)))

generate_random_digit(8)

generate_random(10)

Monday, February 22, 2021

Set resolution vncserver

vncserver -randr 1028x768

Tuesday, February 9, 2021

Error getting keypair for CA issuer: certificate is not a CA

edit file /etc/ssl/openssl.cnf

[ v3_ca ]

basicConstraints = critical,CA:TRUE

subjectKeyIdentifier = hash

authorityKeyIdentifier = keyid:always,issuer:always

generate csr with option -extensions v3_ca

ex.

openssl req \

-x509 \

-new \

-nodes \

-key private/univ-ca.key.pem \

-sha256 \

-days 1825 \

-out certs/univ-ca.cert.pem \

-subj '/C=TH/O=YOU-ORG-NAME/emailAddress=YOU_EMAIL' \

-passin pass:$CA_PASS \

-extensions v3_c