Monday 19 October 2015

Tune your CentOS 6.x system using tuned

tuned, a system performance tuning tool, comes with 9 different system tuning profiles for different scenarios. Each profile implements different tunables for different system resources such as cpu, network, ATA disk.  

 tuned, normally runs as daemon and allows dynamic modification of system settings depending on usage.

Basically yo do:
# yum install tuned

#tuned-adm list

Available profiles:
- laptop-ac-powersave
- server-powersave
- laptop-battery-powersave
- desktop-powersave
- virtual-host
- virtual-guest
- enterprise-storage
- throughput-performance
- latency-performance
- spindown-disk
- default

# tuned-adm profile latency-performance

# to turn off:
#tuned-adm off

So, by running tuned, your system will always be optimally tuned.
Posted by at 1 comment:
Labels:

Friday 16 October 2015

Installation of flash player on Mozilla firefox in Ubuntu

Before you begin, first check whether Flash is already installed in your system. Visit below official Adobe flash tester page.

Test Your Flash Plugin (https://www.adobe.com/software/flash/about)

In this page, if you see a flash animation and a box mentioning “Version Information” of flash, then it is enabled in Mozilla in your system.

Alternatively, you can also visit about:plugins in Mozilla and check for flash plugin entry.

Now, let's update it as there are many vulnerabilities discovered in Adobe flash in the past year. Also, offline installation is also useful if you are
on internal network. Here  are the steps for manual installation:

1) Download the tar.gz archive from https://get.adobe.com/flashplayer
2) open it with the Archive Manager.
3) Unpack and copy libflashplayer.so to the plugins directory of Firefox -e /home/user/.mozilla/plugins
If it does not exist, create plugins directory and copy file -libflashplayer.so to it.

If "libflashplayer.so" exists in "/usr/lib/adobe-flashplugin/" directory, copy the latest "libflashplayer.so" file to this directory also as it is usually listed first in the path and is picked up by the browser.

And restart the firefox! That's it!

Posted by at No comments:
Labels:

Wednesday 14 October 2015

Installing Bro with PF_ring on CentOS 6.x

Bro is an amazing network traffic analysis system. Unfortunately, it is not that popular in information security unlike Snort and frankly, I don't know why!!!

I wanted to install Bro with PF_ring to load balance the traffic on 10G link. Although, the Bro manual details the steps, there are some missing links that took some of my time during installation. So, here are my notes:

Enable/Install EPEL repository
========================
#wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6.8.noarch.rpm
#rpm -ivh epel-release-6.8.noarch.rpm

Upgrade cmake
==============
# Cmake rpm available as a part of  CentOS 6/Scientific Linux 6 repository is old. - cmake-2.6.4-5.el6.x86_64

Bro requires that cmake version should be at least 2.8.1 or more - e.g. cmake-2.8.11.2-1.el6.x86_64
This rpm is available as a part of EPEL repository.

Remove existing cmake (ver- 2.6.4)
#yum remove cmake

Install cmake-2.8
#yum install cmake28

Now, make some symbolic links:
#ln -s /usr/bin/cmake28 /usr/bin/cmake
#ln -s /usr/bin/ccmake28 /usr/bin/ccmake
#ln -s /usr/bin/cpack28 /usr/bin/cpack
#ln -s /usr/bin/ctest28 /usr/bin/ctest

Note:

Don't blindly install cmake28 version from EPEL repository like:
#yum install cmake28

This rpm is just a wrapper and has a dependency on cmake26.

So, you should install cmake28-2.8.11.2-1.el6.x86_64 pacakge and not cmake28-2.8.12.2-2.el6.x86_64


ipsumdump installation
======================
#wget http://www.read.seas.harvard.edu/~kohler/ipsumdump
#tar -zxvf ipsumdump-1.85.tar.gz
#cd ipsumdump-1.85
#./configure
#make && make install

#install Bro IDS dependent packages  from linux repository.
===================================
#yum install kernel-devel kernel-headers -y
#yum install make autoconf automake gcc gcc-c++ flex bison libpcap libpcap-devel -y
#yum install openssl openssl-devel python-devel swig zlib zlib-devel -y
#yum install openssl-libs bind-libs -y
#yum install gawk -y
#yum install pcre-devel -y
#yum install libtool -y 
#yum install numactl numactl-devel -y
#yum install gperftools-libs gperftools-devel -y
#yum install GeoIP GeoIP-devel -y
#yum install jemalloc jemalloc-devel -y
#yum install curl -y
#yum install libcurl-devel -y

Set LD flags for python 2.7.10 compilation:

#export LDFLAGS=-L/usr/local/lib
#export CFLAGS=-I/usr/local/include
#export CPPFLAGS=-I/usr/local/include
#export LD_LIBRARY_PATH=/usr/local/lib

Python-2.7.10 installation
==========================
CentOS comes with python2.6 by default. Bro requires python2.7 at least for Broccoli component.
Please do not try to remove existing python version as it will remove many python dependent packages e.g. yum requires python2.6 that comes default with SL/CentOS distribution.

So, install python 2.7.x in addition to existing python 2.6.6

#wget http://www.python.org/ftp/python/2.7.10/Python-2.7.10.tgz
#tar -zxvf Python-2.7.10.tgz
#cd Python-2.7.10
#./configure --prefix=/usr/local --enable-unicode=ucs4 --enable-shared LDFLAGS="-Wl,-rpath /usr/local/lib"
#make
#make altinstall
#ln -s /usr/local/bin/python2.7 /usr/bin/python2.7

Add python to system path
#export PATH=$PATH:/usr/local/bin/python2.7

If you face any compilation issue,please follow some good blog links that lists python2.7.10 installation instructions:

  • http://toomuchdata.com/2014/02/16/how-to-install-python-on-centos/
  • https://github.com/h2oai/h2o-2/wiki/Installing-python-2.7-on-centos-6.3.-Follow-this-sequence-exactly-for-centos-machine-only

Now, it is the time to install python package manager - pip so that you can install python packages:
Download file - get-pip.py from https://bootstrap.pypa.io/get-pip.py

# wget get-pip.py from https://bootstrap.pypa.io/get-pip.py 
#python2.7 get-pip.py 

If you are having a local PyPI repository,then

#python2.7 get-pip.py --trusted-host=pypi-local-domain-hostname -i http://local-pypi-repo-url

Now pip will be installed under /usr/local/bin/pip2.7 

Create a symbolic link:
#ln -s /usr/local/bin/pip2.7 /usr/bin/pip2.7

In addition to this, you may be required to install(copy) sqlite3 python bindings on python2.7:

It is presumed that python(python2.6.10) has been installed as a part of default installation.

#cp /usr/lib64/python2.6/lib-dynload/_sqlite3.so /usr/local/lib/python2.7/sqlite3/

Now, install pysubnettree python package:
#pip2.7 install pysubnettree 

On local PyPI:
#pip2.7 install pysubnettree --trusted-host=pypi-local-domain-hostname -i http://local-pypi-repo-url


# Download, install and configure PF_RING
=========================================
Download pf_ring source from http://www.ntop.org/get-started/download/#PF_RING

Now, compile/install various libraries required for PF_RING:

#cd /usr/src
#tar -zxvf PF_RING-6.0.3.tar.gz
#cd PF_RING-6.0.3/userland/lib
#./configure --prefix=/opt/pfring
#make
#make install

#cd ../libpcap
#./configure --prefix=/opt/pfring
#make
#make install

#cd ../tcpdump-4.1.1
#./configure --prefix=/opt/pfring
#make
#make install

#cd ../../kernel

(During kernel 'make' installation step, compile(make) it as normal user rather than as a root.)
#make
#make install

Note - Please make sure that your kernel-devel, kernel-headers and kernel rpms have  same major/minor versions. If not, you will encounter error in make step.
e.g.
# rpm -qa |grep -i kernel
kernel-headers-2.6.32-431.1.2.el6.x86_64
kernel-devel-2.6.32-431.1.2.el6.x86_64
kernel-2.6.32-431.1.2.el6.x86_64

Find out kernel version and try to install corresponding kernel-devel rpm from CentOS/RHEL repository. Do not try to install kernel-devel blindly as there may be a version mismatch between 
kernel-devel and kernel rpms. If not taken care, it will be give you installation headaches!!

Add pf_ring module at start up:

#modprobe pf_ring enable_tx_capture=0 min_num_slots=32768

or

#insmod pf_ring.so enable tx_capture=0 transparent_mode=0 min_num_slots=32768


# Download, install and configure Bro
====================================
Download Bro from bro site - http://www.bro.org/download/index.html
cd bro-2.4.1
./configure --with-pcap=/opt/pfring --enable-debug --enable-perftools --enable-jemalloc
make && make install

To check status of PF_ring
=========================
# modinfo pf_ring
# cat /proc/net/pf_ring/info
# lsmod |grep -i pf_ring

If  you wish to blacklist pf_ring module:
echo "blacklist pf_ring" >> /etc/modprobe.d/blacklist.conf

Once this is done, please follow Bro cluster setup instructions given at :
https://www.bro.org/sphinx/configuration/index.html

Some interesting links for Bro PF_ring installation

  •     http://ossectools.blogspot.in/2012/10/multi-node-bro-cluster-setup-howto.html
  •     https://thecomputersecurityblog.wordpress.com/2015/03/17/install-bro-on-centos-7-x6-x/
  •     http://mailman.icsi.berkeley.edu/pipermail/bro/2013-November/006269.html
  •     http://sickbits.net/configuring-a-network-monitoring-system-sensor-w-pf_ring-on-ubuntu-server-1-04-part-1-interface-configuration/
  •     https://sathisharthars.wordpress.com/2014/05/07/installing-and-configuring-bro-nids-in-centos-6/
  •     https://github.com/h2oai/h2o-2/wiki/Installing-python-2.7-on-centos-6.3.-Follow-this-sequence-exactly-for-centos-machine-only

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)