Friday, April 8, 2016

RIP routing protocol


The Routing Information Protocol (RIP) is one of the oldest distance-vector routing protocols which employ the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from source to destination.

RIP is a relatively old but still commonly used interior gateway protocol created for use in small, homogeneous networks.
RIP uses broadcast User Datagram Protocol (UDP) data packets to exchange routing information. This RIP routing protocol updates routing in every 30 seconds to active interface, which is termed advertising. If a router does not receive an update from another router for 180 seconds or more, it marks the routes served by the non updating router as being unusable. If there is still no update after 240 seconds, the router removes all routing table entries for the non updating router.

RIP sends updates to the interfaces in the specified networks. If the network of an interface network is not specified, it will not be advertised in any RIP update.

RIP Version 2 supports authentication, key management, route summarization, CIDR, and VLSMs.
In One sentence RIPv1 is a classful routing protocol but RIP v2 is a classless routing protocol.

(This information is enough for CCNA. For more information go to http://www.9tut.com/rip-routing-protocol-tutorial. There is no any LAB of RIP in CCNA Exam).





***R0***

Router#
Router#conf t
Router(config)#router rip
Router(config-router)#ver
Router(config-router)#version 2
Router(config-router)#network 1.1.1.0
Router(config-router)#exit
Router(config)#exit
Router#

***R1***

Router#
Router#conf t
Router(config)#router rip
Router(config-router)#ver
Router(config-router)#version 2
Router(config-router)#network 1.1.1.0
Router(config-router)#exit
Router(config)#exit
Router#


</div>

RHCE exam Syllabus

 RHCE  Syllabus
    System configuration and management
   Route IP traffic and create static routes.
    Use iptables to implement packet filtering and configure network address translation (NAT).
    Use /proc/sys and sysctl to modify and set kernel runtime parameters.
    Configure a system to authenticate using Kerberos.
    Build a simple RPM that packages a single file.
    Configure a system as an iSCSI initiator that persistently mounts an iSCSI target.
    Produce and deliver reports on system utilization (processor, memory, disk, and network).
    Use shell scripting to automate system maintenance tasks.
    Configure a system to log to a remote system.
    Configure a system to accept logging from a remote system.

Network services
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
    Install the packages needed to provide the service.
    Configure SELinux to support the service.
    Configure the service to start when the system is booted.
    Configure the service for basic operation.
    Configure host-based and user-based security for the service.

HTTP/HTTPS
    Configure a virtual host.
    Configure private directories.
    Deploy a basic CGI application.
    Configure group-managed content.

DNS
    Configure a caching-only name server.
    Configure a caching-only name server to forward DNS queries.
    Note: Candidates are not expected to configure master or slave name servers.

FTP
    Configure anonymous-only download.

NFS
    Provide network shares to specific clients.
    Provide network shares suitable for group collaboration.

SMB
    Provide network shares to specific clients.
    Provide network shares suitable for group collaboration.

SMTP
    Configure a mail transfer agent (MTA) to accept inbound email from other systems.
    Configure an MTA to forward (relay) email through a smart host.

SSH
    Configure key-based authentication.
    Configure additional options described in documentation.

NTP
    Synchronize time using other NTP peers.
    Provide network shares to specific clients.
    Provide network shares suitable for group collaboration.

SMB
    Provide network shares to specific clients.
    Provide network shares suitable for group collaboration.

SMTP
    Configure a mail transfer agent (MTA) to accept inbound email from other systems.
    Configure an MTA to forward (relay) email through a smart host.

SSH
    Configure key-based authentication.
    Configure additional options described in documentation.

NTP
   Synchronize time using other NTP peers.

Security Attack

Types of attack:
There are five types of attack:

Passive Attack
 "Passive attack" is a attack where attacker attempts to learn information from the network to further attack but does not affect network resources. A passive attack monitors unencrypted traffic and looks for clear-text passwords and sensitive information that can be used in other types of attacks. Passive attacks include traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Passive interception of network operations enables adversaries to see upcoming actions. Passive attacks result in the disclosure of information or data files to an attacker without the consent or knowledge of the user.

Active Attack
"Active attack" is a attack where attacker attempts to alter system resources or affect their operation.In an active attack, the attacker tries to bypass or break into secured systems. This can be done through stealth, viruses, worms, or Trojan horses. Active attacks include attempts to circumvent or break protection features, to introduce malicious code, and to steal or modify information. These attacks are mounted against a network backbone, exploit information in transit, electronically penetrate an enclave, or attack an authorized remote user during an attempt to connect to an enclave. Active attacks result in the disclosure or dissemination of data files, DoS, or modification of data.

Distributed Attack
A distributed attack requires that the adversary introduce code, such as a Trojan horse or back-door program, to a “trusted” component or software that will later be distributed to many other companies and users Distribution attacks focus on the malicious modification of hardware or software at the factory or during distribution. These attacks introduce malicious code such as a back door to a product to gain unauthorized access to information or to a system function at a later date.

Insider Attack
An insider attack involves someone from the inside, such as a disgruntled employee, attacking the network Insider attacks can be malicious or no malicious. Malicious insiders intentionally eavesdrop, steal, or damage information; use information in a fraudulent manner; or deny access to other authorized users. No malicious attacks typically result from carelessness, lack of knowledge, or intentional circumvention of security for such reasons as performing a task

Close-in Attack
A close-in attack involves someone attempting to get physically close to network components, data, and systems in order to learn more about a network Close-in attacks consist of regular individuals attaining close physical proximity to networks, systems, or facilities for the purpose of modifying, gathering, or denying access to information. Close physical proximity is achieved through surreptitious entry into the network, open access, or both.
One popular form of close in attack is social engineering in a social engineering attack, the attacker compromises the network or system through social interaction with a person, through an e-mail message or phone. Various tricks can be used by the individual to revealing information about the security of company. The information that the victim reveals to the hacker would most likely be used in a subsequent attack to gain unauthorized access to a system or network.

Phishing Attack
In phishing attack the hacker creates a fake web site that looks exactly like a popular site such as the SBI bank or paypal. The phishing part of the attack is that the hacker then sends an e-mail message trying to trick the user into clicking a link that leads to the fake site. When the user attempts to log on with their account information, the hacker records the username and password and then tries that information on the real site.

Hijack attack
Hijack attack In a hijack attack, a hacker takes over a session between you and another individual and disconnects the other individual from the communication. You still believe that you are talking to the original party and may send private information to the hacker by accident.

Spoof attack
Spoof attack In a spoof attack, the hacker modifies the source address of the packets he or she is sending so that they appear to be coming from someone else. This may be an attempt to bypass your firewall rules.

Buffer overflow
Buffer overflow A buffer overflow attack is when the attacker sends more data to an application than is expected. A buffer overflow attack usually results in the attacker gaining administrative access to the system in a ommand prompt or shell.

Exploit attack
Exploit attack In this type of attack, the attacker knows of a security problem within an operating system or a piece of software and leverages that knowledge by exploiting the vulnerability.

Password attack
Password attack An attacker tries to crack the passwords stored in a network account database or a password-protected file. There are three major types of password attacks: a dictionary attack, a brute-force attack, and a hybrid attack. A dictionary attack uses a word list file, which is a list of potential passwords. A brute-force attack is when the attacker tries every possible combination of characters.

Brute force attack:  
Brute force attack is a term of attack which work by calculating every possible combination that could make up a password and apply it to see whether it is correct password or not. As the password’s length increases, the amount of time to find the correct password increases exponentially. Some common popular tools or software used for penetration testing are hydra, hydra-gtk, rainbowcrack, john the ripper etc.

Friday, April 1, 2016

Shell Scripting for Dovecot configuring in Linux

Dovecot is an open-source IMAP and POP3 server for Linux/UNIX-like frameworks, composed essentially with security in mind. Timo Sirainen began Dovecot and first discharged it in July 2002. Dovecot engineers basically mean to deliver a lightweight, quick and simple to-set-up open-source mailserver.
 
 
echo "****  Configuring Dovecot    **************************"
   if rpm -qa|grep dovecot
   then
   {
   echo "**************   Dovecot Installation  ****************"
   echo  '!include conf.d/*.conf' > /etc/dovecot/dovecot.conf
   echo "protocols = imap pop3 lmtp">>/etc/dovecot/dovecot.conf
   echo 'mbox_write_locks = fcntl
   mail_location = maildir:~/Maildir
   '>/etc/dovecot/conf.d/10-mail.conf
   echo 'disable_plaintext_auth = no
   !include auth-system.conf.ext
   auth_mechanisms = plain login'>/etc/dovecot/conf.d/10-auth.conf
 
   echo "********* Service Dovecot Restart *********************"
   clear
   echo ""
   echo ""
   service dovecot restart
   echo ""
   echo "  *************************************************************"
   echo "  *    Dovecot configuration has benn completed               *"
   echo "  *                Enjoy it                                   *"
   echo "  *************************************************************"
   }
 else
  echo "   *************************************************************"
  echo "   *           There is no rpm for dovecot                     *"
  echo "   *           So please install rpm first                     *"
  echo "   *************************************************************"
  fi
 
 

For Basic Configuration This is enough to receive mail. We will must add rules in IPTABLES for this.
 

Scripting for Postfix Mail Server configuration

echo "    *************** First RPM check ***********"
if rpm -qa|grep postfix
 then
 {
  echo "Write down your domain name"
  read "l"
  echo "write down your hostname"
  read "h"
  echo "write down your network like 192.168.1.0/24"
  read "n"
  echo ""
  echo '
  inet_interfaces = all
  myhostname = '$h'
  myorigin = '$l'
  mydomain = '$l'
  mydestination = $myhostname, $mydomain, $myorigin
  relayhost = [smtp.'$l']
  mynetworks = '$n' 127.0.0.0/8
  ' > /etc/postfix/main.cf


  #************************
  echo "which one u use ?"
  echo "  1: Squirrel"
  echo "  2: Open Webmail"
  echo "  3: Other"
  read a
  if [ $a -eq 1 ]
    then 
    {
     echo "home_mailbox = Mailbox" >>/etc/postfix/main.cf
    }
  elif [ $a -eq 2 ]
    then
    {
     echo "#home_mailbox = !default" >>/etc/postfix/main.cf
    }
  else
    {
     echo "home_mailbox = Maildir">>/etc/postfix/main.cf
    }
  fi
  echo ""
  clear
  echo ""
  echo ""
  service postfix restart
  echo ""
  echo "************************************************************"
  echo "*    Postfix configuration has been completed              *"
  echo "*                   Enjoy It                               *"
  echo "************************************************************"
 }
else 
 {
 clear
 echo ""
 echo ""
 echo "  *************************************************************"
 echo "  *          No rpm installed for postfix                     *"
 echo "  *          Please install the rpm first                     *"
 echo "  *************************************************************"
 }
fi
echo "******  Do u want to configure dovecot ?  **********************"
echo "  1 > press 1 for yes"
echo "  2 > press 2 for no "
echo ""
read a
if [ $a -eq 1 ]
 then
  {
   ./dovecot.sh
  }
else 
 echo "***** Ok Dovecot is not configured *******"
fi