Convert IMAP Folder names to readable text (UTF-7 to UTF-8)

echo "&BB0ENQQ2BDUEOwQwBEIENQQ7BEwEPQQwBE8- &BD8EPgRHBEIEMA-" | tr "&" "+" | iconv -f UTF7 -t UTF-8 

How to block all incoming frames from particular mac-address on Cisco 2960 switches.

There is only one useful command I've found:

mac address-table static HHHH.HHHH.HHHH vlan 1 drop

Was taken here.

How to install Java plugin in Chrome browser under Linux

From here: http://superuser.com/questions/44827/how-do-i-get-java-support-on-google-chrome-in-linux

Just link libnpjp2.so which is in <your-java-dir>/lib/i386 to/opt/google/chrome/plugins (you need to create this directory beforehand).

Example:

mkdir /opt/google/chrome/plugins
cd /opt/google/chrome/plugins

Restart Chrome and enjoy!

Sqldeveloper: couldn't find NSL files

In sqldeveloper.conf add line: AddVMOption -Duser.region=US

Удаление всех писем старше года

В дополнение к старому-старому посту.

Проверенная строчка:

find -depth -type f -mtime +365 -path "*/var/mail/domain_name/user_name/Maildir/*/cur/*" -printf "%Ty%Tm%Td-%p\n" -delete

Для тотальной чистки можно user_name заменить на *

P.S.: Чистка корзин -

find /var/mail/domain_name -depth -path "*/Maildir/\&BCMENAQwBDsENQQ9BD0ESwQ1-/cur/*" -type f -print -delete

IPsec over a GRE tunnel

Cisco VPN (ISAKMP + IPSec)

Yesterday I have found a great channel on youtube: CBTvideochannel. There are a lot of video about Cisco CCNA espetially about security.
Youtube playlist: http://www.youtube.com/playlist?list=PL6ED021B0FA97EFB1
CBT Nuggets official website: http://www.cbtnuggets.com/

Here is a checklist to make Site-to-Site VPN using IPSec (c) CBTNuggets:

Creating Site‐to‐Site VPNs with Pre‐Shared Keys 

Documentation: 

1. Document your IKE Phase 1 negotiation criteria (example below)
• Hashing: SHA‐1
• Authentication: pre‐shared
• Key exchange: Diffie‐Hellman Group 2

2. Document your IPSec (IKE Phase 2) negotiation criteria (example below)
• Encryption algorithm: esp‐aes 128
• Authentication: esp‐sha‐hmac

Configuring IKE Phase 1: 

1. Enable ISAKMP
• Router(config)#crypto isakmp enable

2. Create ISAKMP Policy :
• Router(config)#crypto isakmp policy <1-10000>
• Router(config)#crypto isakmp policy 100
• Router(config-isakmp)#encryption aes 128
• Router(config-isakmp)#authentication pre-share
• Router(config-isakmp)#group 2
• Router(config-isakmp)#hash sha
• Router(config-isakmp)#exit

3. Configure ISAKMP Identity:
• Router(config)#crypto isakmp identity <address/hostname>
• Router(config)#crypto isakmp identity address

4. Configure ISAKMP Key:
• Router(config)#crypto isakmp key 0 <Pre-Shared-Key> address <remote IP address>
• Router(config)#crypto isakmp key 0 SUPERSECRETKEY address

Configuring IKE Phase 2: 

1. Create transform sets:
• Router(config)#crypto ipsec transform-set <name> <methods>
• Router(config)#crypto ipsec transform-set SET-NAME esp-aes 128 esp-sha-hmac
• Router(cfg-crypto-trans)#mode tunnel
• Router(cfg-crypto-trans)#exit

2. (optional) Configure IPSec lifetime :
• Router(config)#crypto ipsec security-association lifetime <seconds/kilobytes> <value>
• Router(config)#crypto ipsec security-association lifetime seconds 86400

3. Create mirrored ACLs defining traffic to be encrypted and the traffic expected to be received
encrypted.
• Router(config)#ip access-list extended <name>, Router(config)#permit ip <source network | wildcard> <destination network | wildcard>
• Router(config)#ip access-list extended S2S-VPN-TRAFFIC
• Router(config-ext-nacl)#permit ip 172.30.2.0 0.0.0.255 192.168.1.0 0.0.0.255
• Router(config-ext-nacl)#exit

4. Set up IPSec crypto‐map : Router(config)#crypto map <name> <seq> ipsec-iskmp
• Router(config)#crypto map S2S-VPN 100 ipsec-isakmp
   o Router(config-crypto-map)#match address S2S-VPN-TRAFFIC
   o Router(config-crypto-map)#set peer 1.1.1.2 <remote IP>
   o Router(config-crypto-map)#set pfs group2 <group1/2/5 optional>
   o Router(config-crypto-map)#set transform-set SET-NAME <set>

Apply to Interface: 

1. Apply crypto‐map to interface
• Router(config)#int fa4
• Router(config-int)#crypto map S2S-VPN

Create Interesting Traffic: 

1. Ping from source network to destination network.
Verify:
2. Show and debug commands (QM_IDLE is good)
• Router#show crypto isakmp sa
• Router#show crypto ipsec sa
• Router#debug crypto isakmp
• Router#debug crypto ipsec
• Router#show crypto map
• Router#show crypto isakmp policy
• Router#show crypto ipsec transform-set
• Router#clear crypto sa

Java: установка проприетарщины на debian

Оказывается, есть замечательный пакет под названием java-package, который позволяет собрать пакеты из файлов .tar.gz, скаченных с http://www.oracle.com
Пример использования:

make-jpkg jre-7u25-linux-x64.tar.gz
sudo dpkg -i oracle-java7-jre_7u25_amd64.deb

Cygwin + SSHd + Windows 2012 = login error?

When I was installing Cygwin under Windows 2012 I met trouble with connecting to SSH-server. Every time I tried to connect to server via SSH I got messages "Operation not permitted" and "Connection closed".

That problem was because Windows 2012 as Windows 7 and Vista has UAC (User Account Control). So special account (cyg_server) hasn't enough rights to utilize SSH-server.

The solution is to give some more rights: SeAssignPrimaryTokenPrivilege, SeCreateTokenPrivilege, SeTcbPrivilege, and SeServiceLogonRight.

List of current token rights can be got with command: 

editrights -l -u cyg_server

By next commands you can add missing rights:

editrights -a SeAssignPrimaryTokenPrivilege -u cyg_server
editrights -a SeCreateTokenPrivilege -u cyg_server
editrights -a SeTcbPrivilege -u cyg_server
editrights -a SeServiceLogonRight

That's all.

Source: http://www.evalumation.com/index.php/blog/86-cygwin-windows7-sshd

Install Sun JDK 1.7 on Debian

There are a couple of things that you need to be sure prior to upgrade. The most important that your app is supported by the latest Sun JDK. Once you are sure start up by downloading the latest JDK package direct from sun.

Using wget:
http://download.oracle.com/otn-pub/java/jdk/7u3-b04/jdk-7u3-linux-x64.tar.gz

In the above example we downloaded the latest 64bit version of JDK for Linux.
Extract the tar file let's say in your /home directory and follow the instructions below:

cd /home/
tar xzvf jdk-7u3-linux-x64.tar.gz
update-alternatives --install /usr/bin/java java /home/jdk1.7.0_03/bin/java 1
update-alternatives --install /usr/bin/javac javac /home/jdk1.7.0_03/bin/javac 1
update-alternatives --set java /home/jdk1.7.0_03/bin/java
update-alternatives --set javac /home/jdk1.7.0_03/bin/javac

That's all, verify that is working properly and that the right binary is called:

$:/home# java -version

java version "1.7.0_03"

Java(TM) SE Runtime Environment (build 1.7.0_03-b04)

Java HotSpot(TM) 64-Bit Server VM (build 22.1-b02, mixed mode)

Взято отсюда: http://linux-knowledgebase.com/en/Linux/HOWTO/sun%20java%20debian%20squeeze

Monitoring DNS Query with TCPDUMP

В логах DNS-сервера встречались ошибки связанные с резольвированием tassweq. Google подсказал, что такой и подобные запросы генерирует злой троян. Осталось найти зараженную банку. Для этого решил изучить DNS-запросы с этим доменом.

tcpdump -vvv -s 0 -l port 53 | grep tassweq

-s - не обрезать пакет

-l - выводить результаты полинейно в stdout

-vvv - большой объем выводимых данных