Install Citrix Receiver in Fedora 17

Recently, I switched to Fedora 17 as my main workstation.  I routinely use Citrix applications, and needed to install Citrix Receiver.  I found there were some problems, mainly with dependancies, when trying to install it.

Heres what you need to do to get it installed.

First, you will need to add the RPMFusion Free and Non-Free repos in order to pickup the dependancies. Go Here to get the .repos for your version:  http://rpmfusion.org/Configuration

Then, we need to install a few dependancies. Citrix Receiver is a 32 bit application, so you will need to install .i686 libraries if you are running it on a 64 bit OS.  Here's the command we will need to use:

For 64 bit systems: 

yum install libXaw.i686 libXp.i686 openmotif.i686

For 32 bit systems:

yum install libXaw libXp openmotif

 

After you have those installed, goto http://citrix.com and download the latest version of the Citrix Receiver application.  Once you have it downloaded, install it using yum or rpm commands. This should be all you need in order to get it up and running!

June 9th, 2012 | CubedRoot | Categories: Fedora, Linux | Comments: 4 Comments

Install Cinnamon in Fedora 17 and Fedora 16

If you are looking for an easy way to install Cinnamon on your Fedora 16 or Fedora 17 machine, your adventure just got easier!

Thanks to a FedoraForums.org user, Leigh123linux, its now as simple as adding his repo and yum installing two packages! 

Heres a quick rundown of what you do:

First, you will need to add the repo to your /etc/yum.repos.d directory.  Theres several ways to do this:

You can download the repo file from the link below by right-clicking, choosing "Save Link As" and saving it into your /etc/yum.repos.d directory.

http://repos.fedorapeople.org/repos/leigh123linux/cinnamon/fedora-cinnamon.repo

 

Or, if you prefer to do things from the comman line, you can run the following command from terminal and it will create the repo file in the proper directory

sudo curl http://repos.fedorapeople.org/repos/leigh123linux/cinnamon/fedora-cinnamon.repo -o /etc/yum.repos.d/fedora-cinnamon.repo

 

Once you have the repo file, all thats left to do is install 2 packages.  The first is a package called muffin, that supports GPU acceleration and works as the compositor for Cinnamon. You can install both of these by running the following command:

sudo yum install muffin cinnamon

Now that you have Cinnamon installed, you will just need to log out of Gnome 3.  When you log back in, be sure to switch the session to GNOME Cinnamon in order to load the new Desktop Environment.

I will include some screen shots below if you would like to see what Cinnamon looks like in Fedora 17.

June 8th, 2012 | CubedRoot | Categories: Fedora, Linux | Comments: 3 Comments

iptables Tutorial and Exmaples

This is a small manual of iptables, I’ll show some basic commands, you may need to know to keep your computer secure.

Basic commands

List rules

iptables -L

This is going, list the default table “Filter”.

Edit: You may prefer to use iptables -L -vn to get more information, and to see ports as numbers instead of its names.

List rules in specific table

iptables -L -t nat

You can also list the other tables like: mangle, raw and security. You should consider reading a bit more about tables. You can do it in the Tables section in the man page of iptables

Delete all rules

iptables -F

Delete specific table liket nat

iptables -t nat -F

Specify chain policies

iptables let’s you configure default policies for chains in the filter table, where INPUT, FORWARD and OUTPUT, are the main ones (or at least the most used). Users can even define new chains.

These aforementioned chains, are better explained in this graph that comes from Wikipedia.

iptables chainsYou can see the original image here

iptables -P INPUT DROP iptables -P FORWARD ACCEPT iptables -P OUTPUT DROP

You can define the default policy as ACCEPT and then deny specific traffic, or define default policies as DROP and then open specific traffic to and/or from your box. The last one is more secure, but require more job.

Block IP traffic from an specific IP or Network.

Block from an IP

iptables -A INPUT -s 11.22.33.44 -j DROP

If you want to block only on an specific NIC

iptables -A INPUT -s 11.22.33.44 -i eth0 -j DROP

Or an specific port

iptables -A INPUT -s 11.22.33.44 -p tcp -dport 22 -j DROP

Using a Network and not only one IP

iptables -A INPUT -s 11.22.33.0/24 -j DROP

Block traffic from a specific MAC address

Suppose you want to bloc traffic some a MAC address instead of an IP address. This is handy if a DHCP server is changing the IP of the maching you want to protect from.

iptables -A INPUT -m mac --mac-source 00:11:2f:8f:f8:f8 -j DROP

Block a specific port

If all you want is to block a port, iptables can still do it.

And you can block incoming or outgoing traffic.

Block incoming traffic to a port

Suppose we need to block port 21 for incoming traffic:

iptables -A INPUT -p tcp --destination-port 21 -j DROP

But if you have two-NIC server, with one NIC facing the Internet and the other facing your local private Network, and you only one to block FTP access from outside world.

iptables -A INPUT -p tcp -i eth1 -p tcp --destination-port 21 -j DROP

In this case I’m assuming eth1 is the one facing the Internet.

You can also block a port from a specific IP address:

iptables -A INPUT -p tcp -s 22.33.44.55 --destination-port 21 -j DROP

Or even block access to a port from everywhere but a specific IP range.

iptables -A INPUT p tcp -s ! 22.33.44.0/24 --destination-port 21 -j DROP

Block outgoing traffic to a port

If you want to forbid outgoing traffic to port 25, this is useful, in the case you are running a Linux firewall for your office, and you want to stop virus from sending emails.

iptables -A FORWARD -p tcp --dport 25 -j DROP

I’m using FORWARD, as in this example the server is a firewall, but you can use OUTPUT too, to block also server self traffic.

Log traffic, before taking action

If you want to log the traffic before blocking it, for example, there is a rule in an office, where all employees have been said not to log into a given server, and you want to be sure everybody obeys the rule by blocking access to ssh port. But, at the same time you want to find the one who tried it.

iptables -A INPUT -p tcp --dport 22 -j LOG --log-prefix "dropped access to port 22" iptables -A INPUT -p tcp --dport 22 -j DROP

You will be able to see which IP tried to access the server, but of course he couldn’t.

Tips and Tricks

Because iptables executes the rules in order, if you want to change something you need to insert the rule in the specific position, or the desired effect is not going to be achieved.

List rules with numbers

iptables -nL --line-numbers

This is going to list all your rules with numbers preceding the rules. Determine where you want the inserted rule and write:

List specific chains

iptables -nL INPUT

Will list all INPUT rules.

iptables -nL FORWARD

Will list all OUTPUT rules

Insert rules

iptables -I INPUT 3 -s 10.0.0.0/8 -j ACCEPT

That is going to add a rule in position 3 of the “array”

Delete rules

iptables -D INPUT 3

That is going to remove the rule inserted above. You can also remove it, by matching it.

iptables -D INPUT -s 10.0.0.0/8 -j ACCEPT

Delete flush all rules and chains

This steps are very handy if you want to start with a completely empty and default tables:

iptables --flush iptables --table nat --flush iptables --table mangle --flush iptables --delete-chain iptables --table nat --delete-chain iptables --table mangle --delete-chain

NOTE: do not execute this rules if you are connected via ssh or something similar, you may get locked out

Simple scripts for specific needs

How to stop brute force attacks

You can also use iptables to stop brute force attacks to your server, for example: Allow only three attempts to log through ssh before banning the IP for 15 minutes, this should let legitimate users to log to the servers, but bots will not be able. Remember to always use strong passwords

iptables -F iptables -A INPUT -i lo -p all -j ACCEPT iptables -A OUTPUT -o lo -p all -j ACCEPT iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport ssh -j ACCEPT iptables -A INPUT -p tcp --dport www -j ACCEPT iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 900 --hitcount 3 -j DROP iptables -P INPUT DROP

How to NAT with iptables

iptables is also very useful to configure NAT routers, a Linux mashing can act as a router, and share its public IP with a private networks behind it. It is also useful to configure the DHCP in the same server.

To configure a NAT router, you will be better with a server with two NICs, let’s suppose you have:

  • eth0: 12.13.14.15
  • eth1: 10.1.1.1

Now configure NAT to forward all traffic from 10.1.1.0 network through eth0 IP. You may want to empty all tables and start with a fresh chains and tables (see how above).

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface eth1 -j ACCEPT

That is it, you only have to enable kernel forwarding now:

echo 1 > /proc/sys/net/ipv4/ip_forward
April 20th, 2012 | CubedRoot | Categories: AIX, Linux, Redhat | Comments: 1 Comment

Resize a LUKS Encryped LVM Partition

I recently had to resize the partition we use on our secure FTP server. Luckily, we use LVM on all our machines, so this was a simple task. My only concern was that it was a LUKS encrypted partition, I was afraid I would loose data due to the encryption algorithms and keys changing based upon the new size. After searching around, Here are the steps I came up with to resize a LUKS partition without loosing any data:

Assumptions and beginning info:
We have a LUKS filesystem named "encrypted" that is on alogical volume named "encrypted_LV"
The "encypted_LV" belongs to a volume group named "root_VG"
We are mounting this filesystem at /secret
We are using ext3 as the underlying filesystem
We want to extend the volume by adding 20 Gig from our root_VG volume group (It was already available as free space).

1. Unmount the filesystem:
umount /secret

2. Run a filesystem check to clean up the inode tables before working with it:
fsck.ext3 -C 0 -f /dev/mapper/encrypted

3. Close out the LUKS filesystem:
cryptsetup luksClose encrypted

4. Extend the Logical Volume like you would any other LVM (We are adding additional 20G of space):
lvextend -L +20G /dev/root_VG/encrypted_LV

5. Re-open the encrypted filesystem and resize it:
cryptsetup luksOpen /dev/root_VG/encrypted_LV encrypted
cryptsetup --verbose resize myfs

6. FSCK again (for good measure) and then resize the underlying filesystem (ext3 in this example):
fsck.ext3 -f /dev/mapper/encrypted
resize2fs /dev/mapper/encrypted

7. Mount up the newly sized LUKS filesystem and make sure everything is OK:
mount /dev/mapper/encrypted /secret

April 10th, 2012 | CubedRoot | Categories: Linux, Redhat | Comments: 12 Comments

Mount NFS Share in AIX 6.1

On some AIX 6.1 instances, you may run into problems when mounting an NFS from a Linux based machine. The root of the error lies in how AIX handles its NFS ports. You can configure AIX to use the standard NFS ports so that it can talk to the Linux box's NFS service.

Use the following code to setup AIX NFS options to use the proper ports for Linux NFS mounts:

nfso -o -p nfs_use_reserved_ports=1

Then just mount the share like you would normally. For example to mount the share temporarily, use this:

mount server:/path/to/share /mnt

That will mount the NFS share /path/to/share that is being served from a machine named "server" to your local filesystem at the directory /mnt.

January 25th, 2012 | CubedRoot | Categories: AIX, Linux | Comments: 12 Comments

Add, Remove, and adjust disks and file systems in AIX 6.1

You can use the built in tool called SMITTY to resize files systems in AIX.  Supply SMITTY with the FS argument to work with the file systems.  See instructions below for a walk through of adjusting /opt

Launch Smitty by typing:  smitty fs

Arrow down to the third option "Add / Change / Show / Delete File Systems" and press enter.

 

Select "Enhanced Journaled File System" and press enter.

Arrow down to the third option labled "Change / Show Characteristics of an Enhanced Journaled File System" and press enter.

This will bring up a selection box of the available partitions and file systems that can be edited. Use the arrow keys to select the one you want to modify, and press enter.

Now you will see all available options for editing.  To adjust the size of the file system, arrow down to the line labeled "Number of Units"
In this example, I have adjusted the file system to 12582912 units  which is equivalent to 6 GB.
Once you have entered the desired size, press the enter key to accept.

Give the system a few seconds to adjust the size, and if successful you will see a message similar to the one below.

Once you see this confirmation, press the F10 to exit smitty.

December 7th, 2011 | CubedRoot | Categories: AIX, Linux, Redhat, Uncategorized | Comments: 6 Comments

« Previous Page

%d bloggers like this: