Saturday, November 27, 2010

Configuring Openvpn on Openbsd4.8

I'm in the process of setting up my virtual test network starting with my openbsd firewall running openvpn. This is a quick tutorial on how to setup and configure openvpn on openbsd 4.8 (or any other version of openbsd). Im not going to get into the details of how to install and configure openbsd. The openbsd crew has great documentation on how to install and configure the OS at http://openbsd.org/. Ok now that is out of the way lets get started on installing and configuring openvpn shall we.

############
#Disclaimer
############

This tutorial is the way that i got openvpn to work on openbsd i am not saying that this method will definitly work for you so keep that in mind when going through this tutorial.

First lets install openvpn from the ports tree in openbsd which is pretty simple by doing the following:

1. cd /usr/ports/net/openvpn

2. make && make install

3. cd /usr/local/share/examples/openvpn/easy-rsa/1.0

(Don’t bother with the 2.0 directory, I spent a good 3days hacking around with the scripts and config files there only to find they just don’t work. A big thank you goes to BasketCase on #openvpn of Freenode for pointing in the right direction at this point.

4. vi vars and set the last 6 exports to your liking

KEY_SIZE
KEY_COUNTRY
KEY_PROVINCE
KEY_CITY
KEY_ORG
KEY_EMAIL

The default KEY_SIZE is okay, but if you’re paranoid you can set it to 2048.

5. source the vars file

. ./vars

6. ./clean-all

7. Build Certificate Authority cert if your self-signing (aka not using Thawte, VeriSign etc.)

./build-ca

8. Build your Diffie/Hellman PEM file

./build-dh

9. Build your Server key. Pay attention here, this is your server/endpoint key pair.

./build-key-server

10. mkdir -p /etc/openvpn/private

11. cd /etc/openvpn/private

12. cp /usr/local/share/examples/openvpn/easy-rsa/1.0/keys/* .

13. mv *.crt ../

14. openvpn –genkey –secret ta.key

15. cd ../ && chmod -R 700 *

16. cp /usr/local/share/examples/openvpn/sample-config-files/server.conf .

17. vi server.conf to your liking.

change dev tun to dev tun0

provide explicit paths for ca, cert, key and dh

change server to an approprate subnet and mask for your vpn clients

Enable tls-auth

uncomment user and group. Dropping privileges should be done without a second thought.

18. Test it all out.

openvpn –config server.conf


19. Add the following to /etc/rc.local

if [ -x /usr/local/sbin/openvpn ]; then

echo -n ‘ openvpn ‘

/usr/local/sbin/openvpn –config /etc/openvpn/server.conf > /dev/null 2>&1

fi

That gets the server up and running.


I hope you find this tutorial helpful. and if you run into trouble after reading this guide remember google first :)

Wednesday, November 24, 2010

Oracle cashes in with 1.3 billion

I Thought that this would be something of interest for all oracle lovers out there :). SAP AG must pay $1.3 billion to rival Oracle Corp. for copyright infringement, a federal jury ruled Tuesday, following a high-profile court battle between the business-software makers. All i can say is Merry Xmas early for Oracle :) Larry is smiling from ear to ear hell i would be too with all that money.

Red Hat Exam Changes

Earlier this month Red Hat released RHEL6. This release has a significant number of changes, updates, and fixes. The scalability for RHEL6, particularly in the data center, has been improved as well. One thing however that many people were not aware was coming is a complete change to the Red Hat certifications.

First up the RHCT has been immediately retired :(. It has been replaced with a new certification called the Red Hat Certified System Administrator (RHCSA). For those that already hold an RHCT certification will receive this new one in its place. Red Hat claims that being certified with a title of "System Admin" vs "Technician" makes a large difference when searching for a job (as well as peoples egos). While this may be true, the new exam also includes a completely revamped set of requirements. Also as a complete surprise the RHCSA is now a pre-req to anyone going for the more advanced RHCE exam (you can take the RHCE without an RHCSA, but you won't receive the actual certificate until you have your RHCSA). The cost for this new exam is $400. You can find the new exam objectives here:

https://www.redhat.com/certification/rhcsa/objectives/

Second, the RHCE exam has changed as well. While a great deal of material stayed the same (I'd say about 60%) for the RHCE, the services that you are required to know also became more detailed in the amount of topics you need to know. Due to this exam now having a pre-req the cost for the RHCE has dropped to $400 (down from $800), making it easier to obtain each exam for the price of $800. The downfall here is that you are required to know more for each exam. You can find the new exam objectives here:

https://www.redhat.com/certification/rhce/objectives/

For anyone that already has version 5 of either Red Hat exam already schedule I would recommend checking with your testing provider as there are conflicting reports of which version of the exam you will actually be allowed to sit for. According to Red Hat's website about 90% of testing centers will no longer allow you to book the old exam. While I welcome a revamp to the Red Hat certification program I think there could have been a warning to those in the process of studying. You can't change an entire program over night and expect that everyone will be alright with it, not to mention that the new exams are harder and cover more material. I think that the biggest downfall here is that there is currently no books or study material on the market for these new exams and while Red Hat has also re-done all of their training courses they are each about $3000 (there are three training courses covering all the material from RCHSA to RHCE for a total of about $6000). It is still too early to tell what kind of impact these exam changes will have, but I can tell that changing the exams and certification process without warning has left a bad taste in many peoples mouth.

Friday, November 12, 2010

New Pricing for RedHat 6

Well i know it has been a while since ive last been on here and posted anything. just been working on real life right now. :) how every ive stumbled across the new pricing for red hat 6 which i think is still in its beta stages right now im not sure. but however the pricing for red hat 6 will be as follows:

* Number of pairs of sockets
* Support level - Standard or Premium
* Number of virtual guests - 1, 4 or unlimited

Two procs premium subscription with unlimited guests costs you $3.249. Four socket premium/unlimited guests costs you $6498. I didn't found a price for a one-socket system, so it looks like you have to purchase support in chunks of two. BTW: As expected and announced by RHEL there is no Itanium support.

Just for the protocol: 2 sockets premium Solaris support on third party hardware costs you $2000, 4 sockets premium Solaris will cut $4000 from your budget. For Oracle hardware it's even cheaper, as you have the 8% net system price rule. And those both kinds of licenses are always "unlimited guests" and the ones on Sun ... errr, sorry ...Oracle Hardware even includes Oracle Linux and Oracle VM.

All pricing information get be found at the following url https://www.redhat.com/apps/store/server/

Cracking Kerberos Service Tickets (TGS) Using Kerberoasting

As of late I've been spending a lot of time researching and learning different techniques when it comes to attacking Active Directory En...