Posted on

MFA solution

To setup a multiple factor authentication server, this freeipa is open source solution. And with FreeOTP+ app to second factor:

ipa-server-install
ipa-server-install --setup-dns

You must make sure these network ports are open:
TCP Ports:
* 80, 443: HTTP/HTTPS
* 389, 636: LDAP/LDAPS
* 88, 464: kerberos
UDP Ports:
* 88, 464: kerberos
* 123: ntp

client side, first you should set up the dns or hosts file, and then execute the command as below:

yum install freeipa-client
ipa-client-install --mkhomedir

Posted on

elastic 8.13.2

For setup syslog to accept from netowrk device, the configration of filebeat as below:
filebeat.yml
filebeat.inputs:
- type: syslog
protocol.tcp:
host: "0.0.0.0:5014"
fields:
type: syslog
fields_under_root: true
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
output.logstash:
hosts: ["x.x.x.x:10083"]
enabled: true
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~

For logstash pipeline setting you should like do this kinds of configuration:

input {
beats {
port => 5044
}
}

filter {
date {
match => [ "@timestamp", "yyyy-MM-dd HH:mm:ss Z" ]
}
mutate {
remove_field => ["@version", "_index", "_source", "ecs"]
}

if [type] == "syslog" {
grok {
match => { "message" => "<%{NONNEGINT:syslog_pri}>%{NONNEGINT:version}%{SPACE}(?:-|%{TIMESTAMP_ISO8601:syslog_timestamp})%{SPACE}(?:-|%{IPORHOST:hostname})%{SPACE}(?:%{SYSLOG5424PRINTASCII:program}|-)%{SPACE}(?:-|%{SYSLOG5424PRINTASCII:process_id})%{SPACE}(?:-|%{SYSLOG5424PRINTASCII:message_id})%{SPACE}(?:-|(?(\[.*?[^\\]\])+))(?:%{SPACE}%{GREEDYDATA:syslog_message}|)"}
match => { "message" => "(<%{NUMBER:syslog_event_id}>)?%{SYSLOGTIMESTAMP:syslog_timestamp} (%{SYSLOGHOST:syslog_hostname} )?%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?:%{GREEDYDATA:syslog_message}" }
match => { "message" => "(<%{NUMBER:syslog_event_id}>)?%{TIMESTAMP_ISO8601:syslog_timestamp} (%{SYSLOGHOST:syslog_hostname} )?%{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?:%{GREEDYDATA:syslog_message}" }
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_tag => [ "syslog" ]
}
mutate {
add_field => { "[@metadata][target_index]" => "syslog-%{+YYYY.MM.dd}" }
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}

if [event][module] == "nginx" {
grok {
match => [ "message" , "%{COMMONAPACHELOG}+%{GREEDYDATA:extra_fields}"]
overwrite => [ "message" ]
}
mutate {
convert => ["response", "integer"]
convert => ["bytes", "integer"]
convert => ["responsetime", "float"]
add_field => { "[@metadata][target_index]" => "nginx-%{+YYYY.MM.dd}" }
}
geoip {
source => "address"
target => "clientgeo"
add_tag => ["nginx-geoip"]
}
}

if [event][module] == "auditd" {
grok {
match => { "message" => "type=%{WORD:audit_type} msg=audit\(%{NUMBER:audit_epoch:timestamp}:%{NUMBER:audit_counter}\): pid=%{NUMBER:audit_pid} uid=%{NUMBER:audit_uid} auid=%{NUMBER:audit_audid} ses=%{NUMBER:ses} msg=\'op=%{WORD:operation}:%{WORD:detail_operation} grantors=%{WORD:pam_login},%{WORD:pam_key},%{WORD:pam_limit},%{WORD:pam_system} acct=\"%{WORD:acct_user}\" exe=\"%{GREEDYDATA:exec}\" hostname=%{GREEDYDATA:hostname} addr=%{GREEDYDATA:ipaddr} terminal=%{WORD:terminal} res=%{WORD:result}" }
}
date {
match => [ "audit_epoch", "UNIX_MS" ]
}
mutate {
split => ["host", "."]
add_field => { "hostname" => "%{[host][0]}" }
add_field => { "podName" => "%{[host][1]}" }
add_field => { "ignore" => "%{[host][2]}" }
remove_field => ["ignore", "host"]
add_field => { "[@metadata][target_index]" => "audit-%{+YYYY.MM.dd}" }
}
}
if [container][id] =~ /service/ {
mutate {
add_field => { "[@metadata][target_index]" => "%{[container][id]}-%{+YYYY.MM.dd}" }
}
}
}

output {
elasticsearch {
hosts => ["https://x.x.x.x:9200"]
user => "elastic"
password => "xxxxxxxx"
#data_stream => "true"
#data_stream_dataset => "xxxxxx"
index => "%{[@metadata][target_index]}"
ssl_enabled => "true"
#ssl => true
#ssl_certificate_verification => true
#cacert => "/usr/share/logstash/config/ca.pem"
ssl_verification_mode => "none"
ssl_certificate_authorities => "/usr/share/logstash/config/ca.pem"
ca_trusted_fingerprint => "xxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}

Posted on

group policy remove software installation met error event 108

1. remove the register value
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Appmgmt\{2c0cf1fc-3ec1-4c9c-87ec-7eee5bea3503}

2. delete the sysvol share related .aas file
\\lookdata.cn\SYSVOL\lookdata.cn\Policies\{EBB86C99-BC22-4FFF-8EF2-6AA3FBC01977}\Machine\Applications

Posted on

ASA 5515-X

PPPOE

1. set the CT route to bridge mode
2. configed the pppoe on the asa5515
fw02# show running-config vpdn
vpdn group CT request dialout pppoe
vpdn group CT localname user1234
vpdn group CT ppp authentication pap
vpdn username user1234 password *****
fw02# show run
fw02# show running-config int
fw02# show running-config interface g0/5
!
interface GigabitEthernet0/5
nameif outside
security-level 0
dhcp client update dns
pppoe client vpdn group CT
ip address pppoe setroute
fw02#

fw02# show vpdn session pppoe state

PPPoE Session Information (Total tunnels=1 sessions=1)

SessID TunID Intf State Last Chg
22408 5 outside SESSION_UP 28161 secs

3. publish http service to internet

fw02# show running-config access-list
access-list SSH extended permit ip any any
access-list SSH extended permit tcp any any log critical
access-list OUT extended permit icmp any any log
access-list OUT extended permit tcp any any eq www
access-list IN extended permit tcp any any eq 8888 log
access-list IN extended permit tcp any any eq www
access-list IN extended permit udp host x.x.x.x any
access-list IN extended permit tcp host x.x.x.x any
fw02# show running-config nat
!
object network OA
nat (inside,outside) static interface service tcp www 8888
!
nat (inside,outside) after-auto source dynamic OA interface
fw02#
fw02# show nat

Auto NAT Policies (Section 2)
1 (inside) to (outside) source static OA interface service tcp www 8888
translate_hits = 0, untranslate_hits = 78

Manual NAT Policies (Section 3)
1 (inside) to (outside) source dynamic OA interface
translate_hits = 473, untranslate_hits = 0
fw02#
fw02# packet-tracer input outside tcp 8.8.8.8 12345 x.x.x.x 8888 detailed

Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network OA
nat (inside,outside) static interface service tcp www 8888
Additional Information:
NAT divert to egress interface inside
Untranslate x.x.x.x/8888 to x.x.x.x/80

Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group OUT in interface outside
access-list OUT extended permit tcp any any eq www
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac4a10fe0, priority=13, domain=permit, deny=false
hits=2, user_data=0x2aaab9906b80, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=80, tag=any, dscp=0x0
input_ifc=outside, output_ifc=any

Phase: 3
Type: CONN-SETTINGS
Subtype:
Result: ALLOW
Config:
class-map class-default
match any
policy-map global_policy
class class-default
set connection decrement-ttl
service-policy global_policy global
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac3eb0280, priority=7, domain=conn-set, deny=false
hits=224, user_data=0x2aaacabcf980, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=outside, output_ifc=any

Phase: 4
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside,outside) after-auto source dynamic OA interface
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaab9bb49f0, priority=6, domain=nat, deny=false
hits=40, user_data=0x2aaac276e650, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=x.x.x.x, mask=255.255.255.255, port=0, tag=any, dscp=0x0
input_ifc=outside, output_ifc=inside

Phase: 5
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac2b1f880, priority=0, domain=nat-per-session, deny=false
hits=29568, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac44e2400, priority=0, domain=inspect-ip-options, deny=true
hits=7307, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=outside, output_ifc=any

Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map class-default
match any
policy-map global_policy
class class-default
inspect icmp
service-policy global_policy global
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac4aace50, priority=70, domain=inspect-icmp, deny=false
hits=50, user_data=0x2aaac4ac4ed0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=outside, output_ifc=any

Phase: 8
Type: FOVER
Subtype: standby-update
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac4380a90, priority=20, domain=lu, deny=false
hits=132, user_data=0x0, cs_id=0x0, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=outside, output_ifc=any

Phase: 9
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x2aaac4b56900, priority=13, domain=ipsec-tunnel-flow, deny=true
hits=1216, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=outside, output_ifc=any

Phase: 10
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
object network OA
nat (inside,outside) static interface service tcp www 8888
Additional Information:
Forward Flow based lookup yields rule:
out id=0x2aaac447d000, priority=6, domain=nat-reverse, deny=false
hits=50, user_data=0x2aaac4480120, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=x.x.x.x, mask=255.255.255.255, port=80, tag=any, dscp=0x0
input_ifc=outside, output_ifc=inside

Phase: 11
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0x2aaac2b1f880, priority=0, domain=nat-per-session, deny=false
hits=29570, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=any, output_ifc=any

Phase: 12
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0x2aaac475d220, priority=0, domain=inspect-ip-options, deny=true
hits=5834, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=inside, output_ifc=any

Phase: 13
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 7981, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_inspect_icmp
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_inspect_icmp
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat

Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow

fw02#

Posted on

ORA-01210: data file header is media corrupt

bbed parfile=parfile.txt

parfile.txt
blocksize=8192
listfile=file.txt
mode=edit
password=blockedit

file.txt
1 /opt/app/oradata/test/system01.dbf 8178892
2 /opt/app/oradata/test/sysaux01.dbf 2936012
3 /opt/app/oradata/test/undotbs01.dbf 9017753
4 /opt/app/oradata/test/users01.dbf 5242880
5 /opt/app/oradata/test/test01.dbf 2547200

SQL> select checkpoint_change# from v$datafile_header;

CHECKPOINT_CHANGE#
——————
120020207
120020207
120020207
120020207
120000000

BBED> info
BBED> p kcvfhckp
BBED> d /v dba 1,1 offset 484 count 16
BBED> assign dba 5,1 kcvfh.kcvfhckp.kcvcpscn.kscnbas = dba 1,1 kcvfh.kcvfhckp.kcvcpscn.kscnbas
BBED> d /v dba 5,1 offset 484 count 16
BBED> set dba 5,1
BBED> sum apply

SQL> recover datafile 5;
Connected to an idle instance.

SQL> startup
ORACLE instance started.

Total System Global Area 3340451840 bytes
Fixed Size 2217952 bytes
Variable Size 2499807264 bytes
Database Buffers 822083584 bytes
Redo Buffers 16343040 bytes
Database mounted.
Database opened.

Posted on

terraform alicloud import security group rule

ecs

%appdata%\terraform.rc
provider_installation {
filesystem_mirror {
path = “C:/Users/Linus/tf/mirror”
}
}

main.cf
provider “alicloud” {
access_key = “xxxxxxxxxxxxxxxx”
secret_key = “xxxxxxxxxxxxxxxx”
region = “cn-beijing”
}

resource “alicloud_vpc” “testvpc” {
vpc_name = “testvpc”
cidr_block = “192.168.0.0/16”
}

resource “alicloud_vswitch” “vswitch” {
vpc_id = alicloud_vpc.testvpc.id
cidr_block = “192.168.100.0/24”
zone_id = “cn-beijing-d”
}

resource “alicloud_security_group” “testgroup” {
name = “sg-test”
description = “test security group”
vpc_id = “${alicloud_vpc.testvpc.id}”
}

resource “alicloud_security_group_rule” “allow_22” {
type = “ingress”
ip_protocol = “tcp”
nic_type = “intranet”
policy = “accept”
port_range = “22/22”
priority = 1
security_group_id = “${alicloud_security_group.testgroup.id}”
cidr_ip = “10.56.8.13/32”
}

resource “alicloud_instance” “test” {
description = “test”
host_name = “test”
image_id = “ubuntu_20_04_x64_20G_alibase_20220727.vhd”
instance_name = “test”
instance_charge_type = “PostPaid”
security_groups = alicloud_security_group.testgroup.*.id
instance_type = “ecs.xn4.small”
vswitch_id = alicloud_vswitch.vswitch.id
internet_charge_type = “PayByBandwidth”
internet_max_bandwidth_out = 1
}

terraform init
terraform show
terraform plan
terraform state pull
terraform import alicloud_security_group_rule.allow_22 sg-2zefwtrsg4df3r4cy80:ingress:tcp:22/22:intranet:x.x.x.x/32:accept:2