July 2nd, 2009

Searching for words in a file (Linux)

If you want to search for a file on the filesystem that contains specific words, the following will give you a fairly good start:

grep -ir searchterm *

If you have no idea where the file might be, then cd to the root of the filesystem or “cd /” then run it. Otherwise get into the dir you know it’s in to save some time.tux

I know this is quite a simple command but looking high and low, nobody really spells it out well. So here you go.

Here is a nice little tutorial on the different switches for grep:
http://www.cyberciti.biz/faq/howto-use-grep-command-in-linux-unix/


By mikeb121 in Linux 
Comment: Comments Off
Tags: , , ,




April 27th, 2009

A Beginners Guide To Choosing Processors

A Beginners Guide To Choosing Processors

Intel’s latest announcement describing the new Stars rating system has me questioning what’s changed in the way of judging processors by their specifications. Maybe if I redefine what a processor is, that will help me focus on what I’m looking for when making a purchase.

The job of a processor is to execute program instructions which perform functions. These instructions come in the form of software, so basically a processor interprets software. How well it does this is determined by its architecture or its internal design. Intel and AMD describe this internal design with names like P4, P III, i7, and so on. Within these architecture types are family names like Nehalem, Centrino, and Sempron.

In addition to the internal design, it’s important to know how the processor communicates externally to the rest of the PC. This takes into consideration the interface between the systems chipset, memory, and all the other devices connected to the motherboard. The lines of communication between the cpu and these other devices are called buses. For the purpose of this article I’m limiting the discussion to the processor and memory bus.

You may have heard people refer to the processor’s Front Side Bus or FSB. This is the pathway that takes information from the processor to the memory controller. It is usually given a number that designates its size or width, for example a 333Mhz FSB. The number is describing the amount of information that moves across that path. Intel’s latest architecture moves the memory bus inside the processor so for the very latest, FSB is no longer a factor. This is not the first time for this arrangement. AMD has done this for quite some time with their HyperTransport. Moving the controller into the processor is all about improving communication to the memory located on the motherboard of your system. It’s a proven technology.

Read Full Article


By mikeb121 in PC/Server Hardware 
Comment: Comments Off





March 3rd, 2009

Problems upgrading PIX515 to 8.0(4)

If you are receiving an error message upgrading your pix such as: “Insufficient flash space available for this request” then you probably should be upgrading in “monitor” mode.

I ran into this issue and scratched my head for quite awhile until I stumbled on an obscure cisco page.  It refers to ver 7.0(4) however the process is the same.

- Cisco Link -

I would plagerize the procedure and put it here, but Cisco does a fairly good job of covering it except for just a few things.

1. It is definitely necessary to tftp the bin file over one more time.  The first time just copies it into memory and boots from it.

2. When you are finished with all the steps, make sure you remove the old .bin file and copy over the new and improved ASDM pdm.

3. Unfortunately, or fortunately… you MUST be connected via console in order to do this.  Make sure you write mem, save backups of all sorts and take plenty of precautions when upgrading. 

4. The process will attempt to clean up your config and convert it however you will probably still want your old config to refer to “just in case”.

Hit me up of you have any questions.


By mikeb121 in Network 
Comment: Comments Off
Tags: , , , , , , ,




February 13th, 2009

Secure Copy on Cisco ASA

The asa introduces a more secure and simple method of getting bin files over onto the ASA, and the following outlines the mothod for secure copy from a Windows XP/Vista machine.

I was having a little trouble figuring out just what to do to get this to work properly.  I used sftp, fscp, etc, until I found the following:

On the ASA appliance:
#ssh scopy enable

Download PuttySCP

pscp.exe <source> <user>@<destination host>:<flash file name>

An example would be:
pscp.exe asa804-k8.bin root@10.1.10.1:asa804-k8.bin

Not only does this securely copy files to your appliance, it also alleviates the need to set up a TFTP server and supporting configuration.

Source


By mikeb121 in Network 
Comment: Add New
Tags: , , , ,




February 11th, 2009

Configuring a Windows Server for Radius Authentication

This Help topic provides instructions for users who wish to configure a Windows 2000 Advanced Server or Windows Server 2003 to provide RADIUS authentication. It includes steps for configuring the Internet Authentication Service (IAS), and for creating users in Active Directory. Policy Manager has been designed to work with a RADIUS server for authentication. The IAS implements the RADIUS protocol, and provides authentication of users connecting to the network via LAN, virtual private network (VPN), and dial-up technology.

It is recommended that you begin by reading the Policy Manager Authentication Configuration Guide for general authentication instructions prior to following the steps here. Windows 2000 Advanced Server and Windows Server 2003 users should follow the steps in this topic, instead of the Installing and Configuring the RADIUS Server section in the Authentication Configuration Guide.

The recommended sequence for performing the configuration is listed below. When you have completed these instructions, refer back to the sections Configuring RADIUS in Policy Manager and Testing Authentication in the Authentication Configuration Guide for instructions on how to use Policy Manager to configure authentication parameters on your devices, and verify that the users created in Active Directory can authenticate to the network.

  NOTE: The following instructions assume that you already have IAS installed on your computer.

Instructions on:

  1. Configuring Active Directory
  2. Configuring Internet Authentication Service (IAS)
    1. Specifying RADIUS Port Numbers
    2. Adding RADIUS Client Devices
    3. Adding a New Remote Access Policy
    4. Registering IAS
    5. Stopping and Restarting IAS
  3. Creating Users in Active Directory
    1. Creating a User
    2. Specifying User Permissions
  4. Configuring Devices and Testing Authentication

Configuring Active Directory

When using CHAP protocol, the “password reversed encryption” option must be enabled. You can enable this option globally for all users in the domain, or for a specific user.

To enable this option globally:

  1. Select Start > Programs > Administrative Tools > Active Directory Users and Computers.
  2. In the Active Directory Users and Computers window, right click on your domain and select Properties.
  3. In the Group Policy tab, select “Default Domain Policy” and click Edit.
  4. In the Group Policy window, navigate to Password Policy in the left-panel Tree view: Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.
  5. Right-click on “Store password using reversible encryption for all users in the domain” and select Security.
  6. In the Security Policy Setting window, select the “Define this policy setting” checkbox and the Enabled radio button. Click OK.
  7. Close all applications and restart the computer, and log into your domain.

To enable this option for a specific user:

  1. Select Start > Programs > Administrative Tools > Active Directory Users and Computers.
  2. In the Active Directory Users and Computers window, right-click on the user and select Properties.
  3. In the Account tab, check “Store password using reversible encryption.” Click OK.
  4. Close all applications and restart the computer, and log into your domain.
  NOTE: The Windows 2000 Advanced Server Troubleshooting IAS Installation guide states: “After you enable reversibly-encrypted passwords in a domain, all users must change their passwords before they will be able to authenticate against the domain.”

Top

 

Configuring Internet Authentication Service (IAS)

  NOTE: Install the latest service pack, which is available at the Microsoft website, before configuring authentication for Windows 2000 Advanced Server or Windows Server 2003. The following instructions assume that you already have IAS installed on your computer.

Specifying RADIUS Port Numbers

Use the following steps to specify the RADIUS authentication and accounting port numbers.

  1. Select Start > Programs > Administrative Tools > Internet Authentication Service. The Internet Authentication Service window opens.
  2. Right click on “Internet Authentication Service (Local)” and select Properties.
  3. In the RADIUS Tab (for Windows 2000 Advanced Server) or the Ports Tab (for Windows Server 2003), enter 1645 in the Authentication field and 1646 in the Accounting field.
  4. Click OK.

Adding RADIUS Client Devices

Follow these steps to add RADIUS clients (Policy Manager devices, not end users) to the server.

  1. In the Internet Authentication Service window (Start > Programs > Administrative Tools > Internet Authentication Service), right click on the Clients folder (for Windows 2000 Advanced Server) or the RADIUS Clients folder (for Windows Server 2003), and select New > Client.
  2. Enter a Friendly Name and Protocol and then click Next.
  3. Enter the IP address of the RADIUS client and select a Client Vendor (i.e. RADIUS Standard).
  4. Enter a shared secret. A shared secret is a string of characters that will be used to encrypt and decrypt communications between the RADIUS server and the device (RADIUS client). Without the shared secret, the server and client will be unable to communicate, and authentication attempts will fail. The shared secret must be at least 6 characters long; 16 characters is recommended. Dashes are allowed in the string, but spaces are not. Be sure to write the shared secret down, as you will be adding it to the RADIUS client devices later.
  5. Click Finish.
  6. Repeat until all of your Policy Manager devices have been added.

Adding a New Remote Access Policy

Follow these steps to add a new Remote Access Policy. A Remote Access Policy is a set of actions which is applied to a group of users that meet a specified set of conditions.

  NOTE: For information on configuring end user VLAN ID attributes (in compliance with RFC 3580) to be used in conjunction with VLAN to Role Mapping, refer to your device firmware and RADIUS server documentation.
  1. In the Internet Authentication Service window (Start > Programs > Administrative Tools > Internet Authentication Service), right click on the Remote Access Policies folder and select New > Remote Access Policy.
  2. Windows 2000 Advanced Server: Enter a Policy friendly name and then click Next.
    Windows Server 2003: Enter a Policy friendly name, select the “Set up a Custom Policy” radio button (as opposed to selecting the Wizard), and then click Next.
  3. Follow these steps to add a condition. For example, to add a Windows Group condition:
    1. Click the Add button to open the Select Attribute window.
    2. Select “Windows Groups” and click Add.
    3. Click Add in the Groups window.
    4. Select a domain group (i.e. Domain Users) and click Add. Click OK.
    5. Add more groups if needed in the Groups window. Otherwise, click OK.
    6. Click Next.
  4. In the Permissions window, select “Grant remote access permission” and click Next.
  5. Add a User Profile for users who match the conditions you have specified:
    1. Click the Edit Profile button to open the Edit Dial-in Profile window.
    2. In the Authentication tab, select the appropriate authentication methods.
    3. In the Advanced tab, remove all parameters, such as “Server-Type” and “Framed-Protocol” and click Add to add a Filter-Id attribute.
    4. In the Add Attributes window, select “Filter-Id” and then click Add.
    5. In the Multivalued Attribute Information window, click Add.
    6. In the Attribute Information window, enter the attribute value:
      Enterasys:version=1:mgmt=su:policy=[role]
      where [role] is the role name to be applied to this user.

        CAUTION: Include :mgmt=su in the string only for users who should have administrative privileges and the ability to telnet to devices and/or use local management on devices when authentication is enabled. For other users, leave it out.
  6. Click OK to proceed through the windows and Finish.

Registering the IAS

Follow these steps to register the Internet Authentication Service in the Active Directory, which enables IAS to authenticate users in the Active Directory.

  1. In the Internet Authentication Service window (Start > Programs > Administrative Tools > Internet Authentication Service), right click on the “Internet Authentication Service (Local)” and select Register Service in Active Directory.
  2. Click OK.

Stopping and Restarting the IAS

After completing the above steps to configure the Internet Authentication Service, you must stop and restart the Service.

  1. In the Internet Authentication Service window (Start > Programs > Administrative Tools > Internet Authentication Service), right click on the “Internet Authentication Service (Local)” and select “Stop Service”.
  2. Right click on the “Internet Authentication Service (Local)” and select “Start Service”.

Top

 

Creating Users in Active Directory

Use these steps to create users and specify user permissions.

Creating a User

Create a new object for each user who will be authenticating.

  1. Select Start > Programs > Administrative Tools > Active Directory Users and Computers. The Active Directory Users and Computers window opens.
  2. Right click on the left-panel Users folder and select New > User.
  3. Proceed through the windows, entering the user name, password and other relevant information. Click Finish.

Specifying User Permissions

The steps for specifying user permissions are different depending on whether you are using Windows 2000 Advanced Server or Windows Server 2003.

Windows 2000 Advanced Server

The steps to specify user permissions depends on your domain operation mode. There are two domain operation modes in Active Directory: Mixed Mode and Native Mode. In Mixed Mode, user permission is specified in the User Properties window. In Native Mode, user permission is specified in the Remote Access Policy that is configured in the Internet Authentication Service. To change the domain operation mode, consult the Microsoft Windows 2000 Advanced Server documentation for guidance.

  • Mixed Mode:
    1. Right click on a user and select Properties. The User Properties window opens.
    2. In the Dial-In tab, select either the “Allow access” or the “Deny Access” radio button in the Remote Access Permission (Dial-in or VPN) section.
    3. Click OK.
  • Native Mode:
    1. Right click on a user and select Properties. The User Properties window opens.
    2. In the Dial-In tab, select the “Control access through Remote Access Policy” radio button in the Remote Access Permission (Dial-in or VPN) section.
    3. Go to the appropriate policy configured in the Internet Authentication Service and check either the “Grant remote access permission” or “Deny remote access permission” radio button in the policy’s Properties window.
    4. Click OK.

Windows Server 2003

For Windows Server 2003, user permission is specified in the Remote Access Policy that is configured in the Internet Authentication Service.

  1. Right click on a user and select Properties. The User Properties window opens.
  2. In the Dial-In tab, select the “Control access through Remote Access Policy” radio button in the Remote Access Permission (Dial-in or VPN) section.
  3. Go to the appropriate policy configured in the Internet Authentication Service and check either the “Grant remote access permission” or “Deny remote access permission” radio button in the policy’s Properties window.
  4. Click OK.

Top

 

Configuring Devices and Testing Authentication

When you have completed the above instructions, refer to the sections Configuring RADIUS Devices in Policy Manager and Testing Authentication in the Authentication Configuration Guide for instructions on how to use Policy Manager to configure authentication parameters on your devices, and verify that the users created in Active Directory can authenticate to the network.

Original Source: Click Here


By mikeb121 in Windows 
Comment: Add New
Tags: , ,




January 2nd, 2009

Find disk free space in Linux

Here is a popular one from my old blog I thought I would add back.

Finding out free disk space on all of your partitions:
#df -h

Yep, it’s just that easy!


By mikeb121 in Linux 
Comment: Add New
Tags: ,