Friday, 13 September 2019

MySQL/Maria Database

MySQL/Maria Database

%Change password of existing user
SET PASSWORD FOR 'bob'@'%.loc.gov' = PASSWORD('newpass');

%create user
CREATE USER foo2@test IDENTIFIED BY 'password';
CREATE OR REPLACE USER foo2@test IDENTIFIED BY 'password';
CREATE USER IF NOT EXISTS foo2@test IDENTIFIED BY 'password';


%remove user
DROP USER bob;

%create user and then grant prevalence 
CREATE USER 'dba'@'%' IDENTIFIED BY 'strongpassword';
GRANT ALL PRIVILEGES ON *.* TO 'dba'@'%' ;


%show all the users and details 
SELECT User FROM mysql.user;
SELECT host, user, password FROM mysql.user;
show grants for 'vivek'@'%';



%show all databases 
show databases;

Monday, 9 September 2019

Learn Programing





https://www.geeksforgeeks.org/

https://www.ntu.edu.sg/home/ehchua/programming/index.html


Friday, 22 February 2019

Installation

Installation

1) ndnSIM -Importing new ndnSIM with visulizer in eclipse
----->mercurialeclipse / main / wiki / Installation and Configuration — Bitbucket
----->Install Oracle Java 8 In Ubuntu Or Linux Mint Via PPA Repository [JDK8] ~ Web Upd8: Ubuntu / Linux blog

2) Installing R

3) Openflow with ns-3

4) Installing tor browser in ubuntu 14.04

5) Ns-2 installation

Steps for installing ns-2.35 on Ubuntu 13.04 and before versions.

Open Terminal

[Step 1]
Install some Essential Libraries and Softwares:
sudo apt-get install tcl8.5-dev tk8.5-dev

sudo apt-get install gcc-4.4 g++-4.4

sudo apt-get install build-essential autoconf automake

sudo apt-get install perl xgraph libxt-dev libx11-dev libxmu-dev

[Step 2]
Download ns-2.35

Download ns-2.35 from
http://sourceforge.net/projects/nsnam/files/latest/download

Unpack ns2 to your Desktop directory  
tar -zxvf ns-allinone-2.35.tar.gz -C /home/khawajaali/Desktop

(or simply unzip the package on your desktop)

[Step 3]
Modify the OTcl makefile

Open /home/khawajaali/Desktop/ns-allinone-2.35/otcl-1.14/Makefile.in

Change CC = @CC@ to CC=gcc-4.4

Save the file

[Step 3.1]
installation errors

If you get installation errors modify the specified files in ns-allinone-2.35 folder as specified below:
Go to ns-allinone-2.35/ns-2.35/linkstate/ 2. Edit ls.h In line number 137, in place of void eraseAll() { erase(baseMap::begin(), baseMap::end()); } make it void eraseAll() { this->erase(baseMap::begin(), baseMap::end()); }



[Step 4] Install ns2

cd /home/khawajaali/Desktop/ns-allinone-2.35

./install

(this will take a while)

[Step 5] Modify ~/.bashrc

Once the installation is successful (without any errors), we need to add the path information to the file ~/.bashrc

gedit ~/.bashrc

Now Add these lines in the end of the file

    #LD_LIBRARY_PATH
    OTCL_LIB=/home/khawajaali/Desktop/ns-allinone-2.35/otcl-1.14
    NS2_LIB=/home/khawajaali/Desktop/ns-allinone-2.35/lib
    X11_LIB=/usr/X11R6/lib
    USR_LOCAL_LIB=/usr/local/lib
    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$OTCL_LIB:$NS2_LIB:$X11_LIB:$USR_LOCAL_LIB
    # TCL_LIBRARY
    TCL_LIB=/home/khawajaali/Desktop/ns-allinone-2.35/tcl8.5.10/library
    USR_LIB=/usr/lib
    export TCL_LIBRARY=$TCL_LIB:$USR_LIB
    # PATH
    XGRAPH=/home/khawajaali/Desktop/ns-allinone-2.35/bin:/home/khawajaali/Desktop/ns-allinone-2.35/tcl8.5.10/unix:/home/khawajaali/Desktop/ns-allinone-2.35/tk8.5.10/unix
    # Note: the above two lines starting from XGRAPH should come in the same line
    NS=/home/khawajaali/Desktop/ns-allinone-2.35/ns-2.35/
    NAM=/home/khawajaali/Desktop/ns-allinone-2.34/nam-1.15/
    PATH=$PATH:$XGRAPH:$NS:$NAM

Save the modification and close the file

source ~/.bashrc

end of installation



Install Behind Proxy

Install Behind Proxy

PIP

sudo pip install --proxy  http://edcguest:edcguest@172.31.100.14:3128 pygraphviz

Add Apt Repository

export http_proxy=http://edcguest:edcguest@172.31.100.14:3128
export https_proxy=http://edcguest:edcguest@172.31.100.14:3128
sudo -E add-apt-repository name_of_ppa
 
sudo apt-get update 
 
 

Download whole site

wget  -r --proxy-user=cs1123 --proxy-password=chinu http://upscguide.com
wget -A pdf -m -p -E -k -K -np http://www.xyz.com/

Git

export http_proxy=http://edcguest:edcguest@172.31.100.14:3128
export https_proxy=http://edcguest:edcguest@172.31.100.14:3128
 
git clone url folderName 


https://github.com/qinshulei/ubuntu-install

Security Material

Tuesday, 12 February 2019

Enable AAA Security on Router

Enable AAA Security on Router

Open console of router by default you are in user mode
Router>

Write command enable to enter privilege mode
Router>enable                                
Router#    

Write command configure terminal to enter global config mode
Router#configure terminal
Router(config)#

All the configuration are done in  global config mode

Introduction

AAA security can be enabled in two ways--
1) Using local data base of the router
2) Using a third party server (Server-based Authentication)
  1. Using TACACS+ server
  2. Using RADIUS server

AAA Using local data base of the router

The rest of the discussion is done through  the example scenario given below--


1) Initial Setting

    Change the hostnames of routers to R1, R2, and R3 as shown in the figure above.
    Router1(config)#hostname R1
    Router2(config)#hostname R2
    Router3(config)#hostname R3 


    Assign all the IP addresses.
    Configure all the routers using RIP.
    Set enable password for each router R1, R2, and R3 to cisco. 
    R1(config)#enable password cisco
    R2(config)#enable password cisco
    R3(config)#enable password cisco

    Create new usernames and passwords for R1, R2, and R3 using the following commands--
    R1(config)#username Admin1 secret admin1
    R2(config)#username Admin2 secret admin2
    R3(config)#username Admin3 secret admin3

AAA Authentication using the local database

2) Configure the line console to use AAA authentication.

    Create new usernames and passwords for R1

    R1(config)#username Admin1 secret admin1

    Enable AAA on R1 and configure AAA authentication for the console login to use default method list
    R1(config)#aaa new-model
    R1(config)#aaa authentication login default local
    R1(config)#line console 0
    R1(config-line)#login authentication default


    Verify the setting by exiting from router's console and re-login using R1's console

 3) Configure the line vty to use AAA authentication.

 
     Configure the domain name and generate RSA key to use with SSH
     R1(config)#ip domain-name ccnasecurity.com
     R1(config)#crypto key generate rsa
     Enter 1024 on prompt

    Create a name-list AAA authentication method for the vty line
    R1(config)#aaa authentication login SSH-LOGIN local


    Configure the vty line to use the defined AAA authentication method named SSH-LOGIN

    R1(config)#line vty 0 4
    R1(config-line)#transport input ssh
    R1(config-line)#login authentication SSH-LOGIN


    Verify the setting form PC-A by doing ssh from the command prompt

    PC-A>ssh -l Admin1 192.168.1.1

Server-based Authentication using TACACS+ Server

    For backup purposes, configure a local username of Admin2 having
    password admin2 on R2.

    R2(config)#username Admin2 secret admin2


    TACACS+ Server configuration
   Click the TACACS+ Server. On the Services tab, click AAA.

 
   Add network configuration entry.

   Client Name: R2
   Client IP: 192.168.2.1
   Secret: tacacspass
   Choose Server type as TACACS
   Click Add button

  Add username and password corresponding to R2.

  Username: Admin2
  Password: admin2
  Click Add button

 
  On the service by clicking ON radio button near Service label
   Configure the AAA TACACS server IP address and secret key on R2

   R2(config)#tacacs-server host 192.168.2.2
   R2(config)#tacacs-server key tacacspass

   Configure AAA login authentication for console access on R2.
   R2(config)#aaa new-model
   R2(config)#aaa authentication login default group tacacs+ local
   R2(config)#line console 0
   R2(config-line)#login authentication default

    


Monday, 4 February 2019

Access Control List

Access Control List (ACL)

Open console of router by default you are in user mode
Router>

Write command enable to enter privilege mode
Router>enable                                
Router#    

Write command configure terminal to enter global config mode
Router#configure terminal
Router(config)#

All the configuration are done in  global config mode

Introduction

ACL is used for denying traffic for an IP or a group of IPs.

TODO

Types of Traffic 

Inbound Traffic - Traffic or packets going into the router
Outbound Traffic - Traffic or packets coming out of the router

Types of ACL 

There are two types of ACL
1. Standard ACL (1-99)
  •         applied closest to the destination
  •         denies or permits source IP address

2. Extended ACL (100-199)
  •         applied closest to the source
  •         denies or permits source IP address
  •         denies or permits destination IP address
  •         denies or permits port (service)

Standard ACL

Consider two networks having subnets  Source Network ID (SNID) and Destination Network ID (DNID) attached to the routers RSource and RDestination respectively
Suppose you want to deny a host from the SNID network having IP IPsource to access the DNID network. This can be done through Standard ACL by creating an ACL which denies the host having IP IPsource. 




1. Creating an ACL

Open console of router RDestination
                
      Go to global config mode
      Router(config)#
                
      Enter command ->access-list ACLNumber deny IPsource WildCardBits
      Router(config)#access-list 1 deny 10.0.2.3 0.0.0.0    
                           % 1 for standard ACL. Deny only one IP address
                
      Enter command ->access-list ACLNumber  permit any
      Router(config)#access-list 1 permit any  
                           % Permit all other traffic
        
2. Applying the ACL to the interface
                
       Go to global config mode
       Router(config)#
                
       Enter command ->interface interfaceName   
       Router(config)#interface fa0/0  
                          % fa0/0 is the interface on which the ACL will be applied
                
       Enter command ->ip access-group ACLName InBoundOrOutBound
       Router(config)#ip access-group 1 out   
                          % Here out is for outbound traffic 



Extended ACL

TODO

   Source:- Cisco CCNA Security
                
                

Virtual Private Network

Virtual Private Network (VPN)

Open console of router by default you are in user mode
Router>

Write command enable to enter privilege mode
Router>enable                                
Router#    

Write command configure terminal to enter global config mode
Router#configure terminal
Router(config)#

All the configuration are done in  global config mode


Create VPN


Suppose you want to create a VPN between interface IRi and interface IRj of router Ri and router Rj respectively.

  • Assign IP address to all the interfaces.
  • Insert forwarding entries in routers either statically or using RIP.
  • First check from the router Ri that if you are able to ping on interfaces IRj. 
  • Then check from the router Rj that if you are able to ping on interfaces IRi.
  • Open console of  Ri

                Go to global config mode
                Router(config)#
                
                Enter command ->interface tunnel tunnelNumber
                Router(config)#interface tunnel 0

                Enter command ->ip address IPAddressOfTunnel  SubnetMask
                Router(config-if)#ip address 100.0.0.1 255.255.255.0

                Enter command ->tunnel source interfaceIDof-IRi
                Router(config-if)#tunnel source se0/0/0

                Enter command ->tunnel destination IPAddressof-IRj
                Router(config-if)#tunnel destination 10.0.3.1

                Enter command ->no shutdown 
                Router(config-if)#no shutdown




  •  Open console of  Rj
                Go to global config mode
                Router(config)#

                Enter command ->interface tunnel tunnelNumber
                Router(config)#interface tunnel 0

                Enter command ->ip address IPAddressOfTunnel  SubnetMask
                Router(config-if)#ip address 100.0.0.2 255.255.255.0

                Enter command ->tunnel source interfaceIDof-IRj
                Router(config-if)#tunnel source se0/0/0

                Enter command ->tunnel destination IPAddressof-IRi
                Router(config-if)#tunnel destination 10.0.1.1

                Enter command ->no shutdown 
                Router(config-if)#no shutdown

note:- Tunnel number should be same for both tunnel source and tunnel destination

Friday, 1 February 2019

VLAN

VLAN

Open console of router by default you are in user mode
Switch>

Write command enable to enter privilege mode
Switch>enable                                
Switch#    

Write command configure terminal to enter global config mode
Switch
#configure terminal
Switch(config)#

All the configuration are done in  global config mode


Show all the vlan of a switch
Go to  privilege mode
Switch#

Enter command ->show valn
Switch#show valn

Create a vlan
Go to  global config mode
Switch(config)#

Enter command ->vlan vlanNumber
Switch(config)#vlan 50

Enter command ->name vlanName
Switch(config-vlan)#name data

Enter command ->exit for switching to global config mode
Switch(config-vlan)#exit


Assign ports of switch to a vlan
Go to  global config mode
Switch(config)#

Enter command ->interface interfaceName
Switch(config)#interface fa0/10

Enter command ->switchport mode access
Switch(config-if)#switchport mode access

Enter command ->switchport access vlan vlanNumber
Switch(config-if)#switchport access vlan 50
 
Enter command ->exit for switching to global config mode
Switch(config-if)#exit

Assign IP address to vlan interface
Go to  global config mode
Switch(config)#

Enter command ->interface vlan vlanNumber
Switch(config)#interface valn 99

Enter command ->ip address VlanIP netMask 
Switch(config-if)#ip address 192.168.99.2 255.255.255.0

Enter command ->no shutdown
Switch(config-if)#no shutdown

Makeing a port trunk
Go to  global config mode
Switch(config)#

Enter command ->interface interfaceName
Switch(config)#interface fa0/10

Enter command ->switchport mode trunk
Switch(config-if)#switchport mode trunk

Enter command ->switchport trunk allowed valn from-to
Switch(config-if)#switchport trunk allowed valn 1-99
 
Enter command ->exit for switching to global config mode
Switch(config-vlan)#exit

Config Native Vlan

Go to  global config mode
Switch(config)#

Enter command ->vlan vlanNumber
Switch(config-if)#vlan 80

Enter command ->name native
Switch(config-vlan)#name native

Enter command ->switchport trunk native vlanNumber
Switch(config-vlan)#switchport trunk native 80

Show details of interfaces of switch
Go to  privilege mode
Switch#

Enter command ->show interfaces switch-port
Switch#show interfaces switch-port

Show details of spanning tress of switch
Go to  privilege mode
Switch#

Enter command ->show spanning-trees
Switch#show interfaces spanning-trees

Enable security on interfaces
Go to  global config mode
Switch(config)#

Enter command -> interface interface-name0/fromInt-ToInt
eg. Below command will configure interface 1 to 3
Switch(config)#interface range fa0/1-3

Change switch port mode to access  mode
Switch(config-if-range)#switchport mode access

Assign vlan interfaces to a vlan (this command automatically creates vlan if they does not exist)
Switch(config-if-range)#switchport mode access vlan 22

Disable CDP on all port
Switch(config-if-range)#no cdp enable

Enable BPDU gaurd
Switch(config-if-range)#spanning-tree bpduguard enable

Close
Switch(config-if-range)#shutdown

Access security on port  
Go to  global config mode
Switch(config)#

Enter command -> interface interface-name0/fromInt-ToInt
eg. Below command will configure interface 1 to 3
Switch(config)#interface range fa0/1-3

Enter command ->switchport port-security maximum num
Here num is number of mac or devices allowed in single port
Switch(config-if-range)#switchport port-security maximum 1

Enter command ->switchport port-security violation shutdown
It will shutdown interface on voilation of  security
Switch(config-if-range)#switchport port-security violation shutdown


Enter command ->strom-control broadcast level percentage
Here percentage in amount of broadcast traffic allowed  
Switch(config-if-range)#strom-control broadcast level 75