Abril 14

Installer Open Manage sur débian 7

Ajouter la source qui va chercher automatiquement la dernière version :

echo 'deb http://linux.dell.com/repo/community/deb/latest /' | sudo tee -a /etc/apt/sources.list.d/linux.dell.com.sources.list

Ajouter la clé de vérif des packages :

gpg --keyserver hkp://pool.sks-keyservers.net:80 --recv-key 1285491434D8786F (télécharge)
ou gpg --keyserver pool.sks-keyservers.net --recv-key 1285491434D8786F
gpg -a --export 1285491434D8786F | sudo apt-key add - (installe)

Mettre à jour les dépots :

apt-get update

Pour pouvoir installer la version OME 7.1, il faut ajouter la library ssl suivante :

wget http://ftp.us.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb     (pour adm 64)

les autres versions sont dispo ici : https://packages.debian.org/squeeze/libssl0.9.8

Install d’OME :

apt-get install srvadmin-all

Démarrer le service :

service dataeng start

Demarrer l’accès web :

service dsm_om_connsvc start

et vérifier l’accès sur le port 1311 en https.

Si tout fonctionne correctement, ajouter OME au démarrage de la machine :

update-rc.d dsm_om_connsvc defaults

 

Category: DEBIAN | Los comentarios están deshabilitados en Installer Open Manage sur débian 7
Abril 3

How to configure Cisco ASA 5505 SSH access

I’ve been involved in a project of security assessment for my company and i had to find all possible vulnerabilities in network design, processes and data flows of my case study.
I’m starting to configure a secondary access to all core network devices(including some firewall appliances) and i’ve discovered that cisco asa 5505 haven’t a simple automatic mechanism to configure ssh access.
To achieve this goal we must enter some commands in command line interface form the instruments bar:
Tools –> Command Line Iface

Now we must enter these commands:

*) conf t
*) username password
*) passwd
*) ssh x.x.x.x x.x.x.x {inside/outside} —>The IP/Network enabled for access to asa(e.g. 10.0.0.0 255.255.255.0
*) crypto key generate rsa modulus {512/768/1024/2048}
*) aaa authentication ssh console LOCAL

Check it out by putty client or unix command line.
Pay attention to the ENABLE PASSWORD when you connect with ssh. It is the same used in ASDM.

Category: CISCO | Los comentarios están deshabilitados en How to configure Cisco ASA 5505 SSH access
Abril 3

Setting up ssh for remote management.

I have a generated RSA key which is stored in my ASA’s flash memory. I am going to recreate a RSA key once more, so I will zeroize the key. If there is a RSA key stored in the flash, ASA will prompt whether I want to replace the current generated key with the old one.Zeroize the key:

ciscoasa(config)# crypto key zeroize rsa
WARNING: All RSA keys will be removed.
WARNING: All device digital certificates issued using these keys will also be removed

Do you really want to remove these keys? [yes/no]: y
ciscoasa(config)#

Generating RSA key needs to define a domain name, this is the same as in IOS.

ciscoasa(config)# domain-name cyruslab.com
ciscoasa(config)#

Generate a 1024-bit long RSA key:
ciscoasa(config)# crypto key generate rsa general-keys modulus 1024
INFO: The name for the keys will be: <Default-RSA-Key>
Keypair generation process begin. Please wait…
ciscoasa(config)#

Actually it is sufficient if I just type crypto key generate rsa <cr>, the interactive prompt will just prompt me for the length of the key (modulus).

This is the 1024-bit long RSA key which I have just generated:

ciscoasa(config)# sh crypto key mypubkey rsa
Key pair was generated at: 06:20:15 UTC Apr 8 2010
Key name: <Default-RSA-Key>
Usage: General Purpose Key
Modulus Size (bits): 1024
Key Data:

30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00c2890c
ad9065a0 f17eebbd 726029dc 0a9f40a9 ca714031 5de9d15b fe7b8fc7 e11e7ffd
8f27befc beaf0aae fa937c69 482a1595 f8865cc1 d8ced14a 737243c3 8f9886ab
75be998a 8a7437a1 bac57f34 d31774b7 a53cd803 a7837bc4 92f9f326 8fc818a5
54ca0476 3c864534 7b50d635 88905d28 cfeec63d e32324a9 98eba845 3b020301 0001

Allow ssh connection from my private network:
ciscoasa(config)# ssh 192.168.1.0 255.255.255.0 inside

Allow ssh connection from the internet (any connection):
ciscoasa(config)# ssh 0 0 outside

Set up ssh idle time-out period (maximum is 1hour):
ciscoasa(config)# ssh timeout 30

ssh has two versions: 1 and 2. ssh version 1 is less secured than version 2. My default ssh supports two versions:

ciscoasa(config)# sh ssh
Timeout: 30 minutes
Versions allowed: 1 and 2
192.168.1.0 255.255.255.0 inside
0.0.0.0 0.0.0.0 outside

To support only version 2, I have to explicitly tell my firewall with this command:
ciscoasa(config)# ssh version 2

ciscoasa(config)# sh ssh
Timeout: 30 minutes
Version allowed: 2
192.168.1.0 255.255.255.0 inside
0.0.0.0 0.0.0.0 outside

I think putty supports ssh version 2.. so I shall test it…

Category: CISCO | Los comentarios están deshabilitados en Setting up ssh for remote management.