yurisk.info

Yuri Slobodyanyuk's blog on IT Security and Networking sharing experience and expertise

Category: Solaris (page 1 of 2)

Grab bag of IPF commands for FreeBSD and Solaris 10

Nothing new here , just a round-up of the commands/configs I happen to need from time to time. Google probably has better references for that.I talk about Pf firewall used in FeeeBSD, OpenBSD and Solaris systems.
Enable and disable firewall:

#pfctl –e Enable packet filter real time
#pfctl –ef /etc/pf.conf Enable packet filter and load rules from /etc/pf.conf
#pfctl –d Disable packet filter

Enable/disable permanently to survive reboot
OpenBSD :

/etc/rc.conf.local:
pf=YES
pf_rules=/etc/pf.conf

FreeBSD:

/etc/default/rc.conf:
pf_enable=”YES”

pf_rules=”/etc/pf.conf”
pf_program=”/sbin/pfctl”
pflog_enable=”YES”
pflog_logfile=”/var/log/pflog”

Working with rules.

#pfctl –F all Flush (remove) all the active rules from the running packet filter , means PERMIT ANY ANY.
#pfctl –n –f /etc/pf.conf just parse rules from file , not actually loading them, to check syntax
#pfctl -f /etc/pf.conf Load rules from file

Order of rules in the file :
options, normalization, queuing, translation, and filtering rules.
Show commands.

#pfctl –s info Show filter information
#pfctl -s rules Show the currently loaded filter rules
#pfctl -s state Show the contents of the state table.
#pfctl -s all Show all of the above

Simplest set of rules – block all the incoming but ssh, allow all the outgoing from the server.

block in all
pass out all keep state
pass in proto tcp from any to any port 22

It is just a beginning, to be continued later…

Convert mb4 to mp3 files in one run with ffmpeg

Folks at Defcon.org have been somewhat inconsistent in publishing their conference audio archives – once they do it in mb4 format, once in mp3 . As I listen to them on my mobile phone during my commuting to the work  and it doesn’t accept anything but mp3 I had to first convert all audio files from mb4 to mp3 format. Not a problem though, the one-liner below will find all files ending with .mb4 in the current folder and convert them to .mp3 files preserving the filenames.

find . -iname "*.m4b" -exec ffmpeg -i {} -acodec libmp3lame {}.mp3 \;

MAC finder script

While I don’t like going down to Layer 2 , recently I had to do it – I didn’t know IP address of the Cisco router I wanted to connect to but I had access to the Cisco router sitting in the same network. That would be pretty easy to do #show arp on this router and then search on Google to whom belongs each MAC if it wasn’t the subnet mask of /26. Copy pasting each entry of the ARP table into Google didn’t look like a lot of fun. So I wrote a python script that reads MAC addresses in bulk from command line and using downloaded beforehand database of MAC-vendor translations prints vendor for each MAC address. It works for #show arp on CIsco,#show mac-address-table on CIsco switches, #arp -en on Linux (means including Checkpoint), #arp -a on Freebsd ,#show arp of Junos from Juniper, #get sys arp on Fortigate.
Below is the script.
Here:
mac-database.txt – file containing MAC-vendor translation in format <MAC 6 hex digits as a sequence> <VENDOR>, I used standards.ieee.org/regauth/oui/oui.txt as the source with a bit of sed, but if you want ready to use file I recommend nmap-mac-prefixes from nmap source-code distribution http://nmap.org/svn/nmap-mac-prefixes
Download script (to make sure formatting is preserved, an important thing for Python)
http://yurisk.info/scripts/mac-finder.py
Script AND mac database from nmap project – http://yurisk.info/scripts/mac.tar.gz

#!/usr/bin/python
#This script accepts MAC addresses from the command line and
#prints vendor for each mac address
# Author:Yuri, yurisk@yurisk.info,06.2010
import sys
import re
#This function removes from MACs colon or dot and returns MAC as a sequence of HEX chars
def dotreplace(matchobj):
         if matchobj.group(0) == '.':
                return ''
         elif  matchobj.group(0) == ':':
                return ''
#open file with MAC addresses and vendors database,it has form xxxx <Vendor>
macs=open('mac-database.txt','r')
macs_lines=macs.readlines()
#Read from stdinput
data = sys.stdin.readlines()
for ppp in data:
       popa=re.search('.*([a-f0-9]{4}\.[a-f0-9]{4}\.[a-f0-9]{4}).*',ppp,re.IGNORECASE)
       if popa:
             newpopa=re.sub('\.', dotreplace,popa.group(1))[0:6]
             newpopa_re=re.compile(newpopa,re.IGNORECASE)
             for mac_db in macs_lines:
                 vendor=re.search(newpopa_re,mac_db)
                 if vendor:
                    print ppp.strip(),mac_db[7:]
       popalinux = re.search('.*([a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}).*',ppp,re.IGNORECASE)
       if popalinux:
             newpopalinux=re.sub(':',dotreplace,popalinux.group(1))[0:6]
             newpopalinux_re=re.compile(newpopalinux,re.IGNORECASE)
             for mac_db in macs_lines:
                 vendor=re.search(newpopalinux_re,mac_db)
                 if vendor:
                    print ppp.strip(),mac_db[7:]

       popadash = re.search('.*([a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}).*',ppp,re.IGNORECASE)
       if popadash:
             newpopadash=re.sub('-',dotreplace,popadash.group(1))[0:6]
             newpopadash_re=re.compile(newpopadash,re.IGNORECASE)
             for mac_db in macs_lines:
                 vendor=re.search(newpopadash_re,mac_db)
                 if vendor:
                    print ppp.strip(),mac_db[7:]

Running it:

[root@darkstar ]# ./mac-finder.py
<now I copy paste output from arp -a in BSD>
$ arp -a
(10.99.99.150) at 00:50:56:95:74:72 on em0 [ethernet]
(10.99.99.254) at 00:09:0f:31:c8:24 on em0 [ethernet]
<Hit CTRL+D to signal the end of input>
(10.99.99.150) at 00:50:56:95:74:72 on em0 [ethernet] VMware, Inc.
(10.99.99.254) at 00:09:0f:31:c8:24 on em0 [ethernet] Fortinet Inc.

Solaris interfaces – create assign delete

Working with interfaces in Solaris is pretty much the same as in Linux – you’ve got ifconfig, netstat,route. It looks in outputs a bit different but if you’re used to the *BSD way of things you’ll find yourself at home. So the most basic thing follows – bring interface up, assign ipv4 address, save the change to survive reboot.
Plumb. First step sounds a bit strange – plumbing, but is actually very simple (no need to call for Mario) . You just plumb the interface (I talk about Ethernet-type interfaces) to the IP stack.
– Interface before plumbing :

bash-3.00# ifconfig e1000g2
ifconfig: status: SIOCGLIFFLAGS: e1000g2: no such interface

Even an unplumbed interface can be seen with:

bash-3.00# dladm show-link
e1000g0 type: non-vlan mtu: 1500 device: e1000g0
e1000g1 type: non-vlan mtu: 1500 device: e1000g1
e1000g2 type: non-vlan mtu: 1500 device: e1000g2

– Now plumbing:

bash-3.00# ifconfig e1000g2 plumb
bash-3.00# ifconfig e1000g2
e1000g2: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 0.0.0.0 netmask 0
ether 00:E0:9F:67:98:fb

Assing IP and bring it up. This one is well known.

bash-3.00# ifconfig e1000g2 inet 192.2.2.3/24 up
bash-3.00# ifconfig e1000g2
e1000g2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 192.2.2.3 netmask ffffff00 broadcast 192.2.2.255
ether 00:E0:9F:67:98:fb

Make this change permanent
So far so good. But if you do restart to the machine now it will lose its interface settings. To save them you create a text file named /etc/hostname.<interface name> In my case it will be /etc/hostname.e1000g2 , this alone would plumb interface on start, and now put the IP address inside it in the form ‘192.2.2.3/24’ . That is it.

To see if interface is up or down as a device and its duplex/speed parameters:

bash-3.00# dladm show-dev
e1000g0 link: up speed: 1000 Mbps duplex: full
e1000g1 link: up speed: 1000 Mbps duplex: full
e1000g2 link: up speed: 1000 Mbps duplex: full

Create/delete logical interface In Cisco world you would call it assigning secondary ip to the interface.

bash-3.00# ifconfig e1000g1 addif 193.92.13.3/24

Created new logical interface e1000g1:1

bash-3.00# ifconfig e1000g1:1 up
bash-3.00# ifconfig e1000g1:1
e1000g1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 193.92.13.3 netmask ffffff00 broadcast 193.92.13.255

Remove logical interface:

bash-3.00# ifconfig e1000g1 removeif 193.92.13.3
bash-3.00# ifconfig e1000g1:1
ifconfig: status: SIOCGLIFFLAGS: e1000g1:1: no such interface

Configure VLAN Solaris way

To create VLAN in Solaris you have to first decide where the Physical Point of Attachment (PPA) will be. In other words you have to attach VLAN to some physical interface on the server , as of now interface types that support VLANs are:
ce
bge
xge
e1000g
After you decided on the PPA and the VLAN ID using this formula the whole name for the new VLAN interface is calculated:

VLAN int name = physical interface driver name + VLAN ID *1000 + physical device instance

In my case creating vlan 777 attached to the physical interface e1000g0 yields this:

Int name = e1000g + 777*1000 + 0 = e1000g777000

Usual plumbing and IP assigning to do:

Solaris_star# ifconfig e1000g777000 plumb
Solaris_star# ifconfig e1000g777000 inet 10.11.11.2/24
Solaris_star# ifconfig e1000g777000 up

Verify:

Solaris_star# dladm show-link
e1000g0 type: non-vlan mtu: 1500 device: e1000g0
e1000g777000 type: vlan 777 mtu: 1500 device: e1000g0
e1000g1 type: non-vlan mtu: 1500 device: e1000g1
e1000g2 type: non-vlan mtu: 1500 device: e1000g2
Solaris_star# ifconfig e1000g777000
e1000g777000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 4
inet 10.11.11.2 netmask ffffff00 broadcast 10.11.11.255
ether 0:c:29:67:98:e7

md5 and sha1 hashing in Solaris

How do you calculate md5 hash ? md5sum of course, I thought ,coming from the Linux world and was wrong. In Solaris , again, all that comes from open source projects is add-at-your-own-risk paradigm. Instead the native crypto provider supplies hash calculations with digest command:

# digest -l
sha1
md5
sha256
sha384
sha512
Solaris_star# digest -v -a md5 sntp.py
md5 (sntp.py) = 0e306d35ef7da1a47c51590fe70b3144

Encrypting local files in Solaris

How do I encrypt local file in Solaris ? On Linux I use either OpenSSL or GPG but these are both open source projects not native in Solaris land. For this Solaris has encrypt/decrypt which do what their name say.
And of course we talk here about symmetric encryption. Options for encrypt/decrypt are succinct – list available algorithms, specify input/output file(s), and optional specify file containing the key or otherwise type it on terminal. Few examples are to follow.
– List algos

# encrypt –l
Algorithm Keysize: Min Max (bits)
——————————————
aes 128 256
arcfour 8 2048
des 64 64
3des 192 192

– Now let’s encrypt something (file smtp_send.py ) with AES algo .

# encrypt -a aes -i smtp_send.py -o smtp_send.py.enc
Enter key:
Solaris#
Solaris# file smtp_send.py.enc
smtp_send.py.enc: data

– And what about decrypting ?

# decrypt -a aes -i smtp_send.py.enc -o smtp_send.py.dec
Enter key:

– In case you wish to use key stored in a file (I personally don’t do it as it is too easy to forget to delete the key file).

# encrypt -a aes –k key_in_a_file.txt -i smtp_send.py -o smtp_send.py.enc
Older posts

© 2016 yurisk.info

Theme by Anders NorenUp ↑