Monday 16 December 2013

Linux - Disable Root SSH Access

Disable Root SSH Access

I needed to disable root ssh access without disabling root user or su - root.

in order to do this, it really is easy.

edit /etc/ssh/sshd_config

To do this you can use vi:
vi /etc/ssh/sshd_config

find the line that says:
#PermitRootLogin yes

change that line to
PermitRootLogin no

save and restart sshd
you can do that by:
/etc/init.d/sshd restart

now root cannot be logged in through ssh anymore.

#bearMan

Friday 13 December 2013

Auto login Wallet - Create from .key


Self Signed Wallet - Create from .key


There are a few steps to creating this:

  1. Convert certificates and key to correct format
  2. Create .p12 from certificate and key
  3. Create Auto login Wallet from .p12

What tools we are going to be using

To convert Keys and Certificate to PEM

  • X509
  • Rsa
To Convert to .p12

  • openssl
To Convert .p12 to .sso

  • orapki

Steps


Convert to PEM

We need to make sure your key and certificates are in PEM format.
To convert a certificate from DER to PEM:
  •  x509 –in in.crt –inform DER –out out.crt –outform PEM

To convert a key from DER to PEM:
  • rsa –in in.key –inform DER –out out.key –outform PEM


Create Wallet

Once we have out PEM formatted Keys and Certificates, we need to create the .p12
There are two commands we can use here, one if we only have one certificate and the other if we have a root certificate as well.

Option 1

openssl pkcs12 -export -in in.crt -inkey in.key -out bundle.p12

Option 2

openssl pkcs12 -export -in in.crt -inkey in.key -certfile root.crt -out bundleRoot.p12


You will be prompted to enter a password, let’s assume we used password.

Create Auto Login

Then we have to create the Auto login wallet, to do this you need JAVA_HOME other wise you may get an error similar to this:
$JAVA_HOME should point to valid Java runtime

My Java Home was at: /u01/app/oracle/product/jvm/
Thus
export JAVA_HOME=/u01/app/oracle/product/jvm

if you don’t know where “orapki” is, search for it, it is most probably in the oracle_common.

Mine was at: /u01/app/oracle/product/fmw/oracle_common/bin/orapki

Thus I ran
/u01/app/oracle/product/fmw/oracle_common/bin/orapki  wallet create -wallet bundleRoot.p12 -auto_login -pwd password

This creates a cwallet.sso file.

Edit:

When I tried this again on another server I got an error. 
Exception in thread "main" java.lang.NullPointerException
        at oracle.security.pki.C14.d(C14)
        at oracle.security.pki.OracleWallet.createSSO(OracleWallet)
        at oracle.security.pki.textui.OracleWalletTextUI.create(OracleWalletTextUI)
        at oracle.security.pki.textui.OracleWalletTextUI.command(OracleWalletTextUI)
        at oracle.security.pki.textui.OraclePKITextUI.main(OraclePKITextUI)


so I ran this:
/u01/app/oracle/product/fmw/oracle_common/bin/orapki  wallet create -wallet ./ -auto_login

Note: I was in the same Directory as my bundleRoot.p12.

My complete commands looked like this:

cd /u01/app/oracle/product/fmw/asinst_1/config/OHS/ohs1/keystores/
openssl pkcs12 -export -in domain.co.za.crt -inkey certKey.key -certfile gd_bundle.crt -out bundleRoot.p12
cd /
find -iname orapki
export JAVA_HOME=/u01/app/oracle/product/jvm
/u01/app/oracle/product/fmw/oracle_common/bin/orapki wallet create -wallet bundleRoot.p12 -auto_login -pwd password

Resources:

http://docs.oracle.com/cd/E11882_01/network.112/e10746/asoappf.htm#ASOAG9831

Notes:


  • If you are creating this for EBS, dont create the bundleRoot.p12 but rather a ewallet.p12.
  • To view the wallets details run this:
    • /u01/app/oracle/product/fmw/oracle_common/bin/orapki wallet display -wallet ewallet.p12


#bearMan saving you.

Wednesday 11 December 2013

OID - unable to locate message file: ldap.msb

unable to locate message file: ldap<language>.msb

The resolution to this error is to
export ORACLE_HOME=<Instance Path>

Example
export ORACLE_HOME=/u01/app/oracle/Oracle_IDM1/

#bearMan

Monday 9 December 2013

OHS: Virtual Host With Redirect

Apache: Virtual Host With Redirect

In your httpd.conf, under Virtual Hosts

In this example we will be redirecting example.website.com to example.website.com/prac/
This redirect only works when landing on / with no additional URI

<VirtualHost *:80>
 ServerName  example.website.com
 RewriteEngine on
 RewriteRule ^/$ /prac/ [R]
</VirtualHost>

#bearMan

Friday 6 December 2013

Windows: Run A Little More Advanced

Run A Little More Advanced

Do you ever need more than one piece of information, when you run?

Run Window

Do you ever want to run more than one command? Wither it be setting the title of the Terminal Window, or using the pause command?
Here is the trick!
Run the commands between &&

For example
cmd /k title ipconfig /all && ipconfig /all

This will set the title of the terminal window with the ipconfig \all and then run ipconfig \all

cmd /k @ECHO OFF && ipconfig && echo User Name: %username%

This will turn off echo, print ipconfig and then the username.



#bearMan

Thursday 5 December 2013

Windows: Grep Alternative

Grep - Things I think every Windows User should know

So I have just come from Linux to windows after running linux for a few months, and the one this I really missed was grep.

SO I found the alternative: findstr

findstr uses regex to search.

Here is an example I used:
tree | findstr /R /C:"Intel"

Regards
the #bearMan

Wednesday 4 December 2013

Windows: Run ipconfig

Run ipconfig

Have you ever needed or wanted to run a command from your run window?

win+r

run caption
Have you ever wanted to run a cmd command from there?

cmd /k <command> will allow you to run the command in terminal and keep terminal displaying.

For convenience I like to set this up to run my "ipconfig"

to do this all I do is:
cmd /k ipconfig /all

If you want to do more than this, and store your config somewhere, you can run this
cmd ipconfig /all > C:\Users\%username%\Desktop\ipconfig.txt

This will right the stats to the text file on your Desktop

#bearMan

Monday 2 December 2013

Windows: Cannot open folder Access Denied

Cannot open folder Access Denied

Have you ever given your flash disk to someone and when you get it back, you cannot access files or folders again?

If yes there is a simple solution:
You need a registry key called TakeOwnership, what this does it when you right click on the folder there is a menu item that allows you to take ownership of the file/folder.

The registry Key looks like this:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\Directory\shell\runas]
@="Take Ownership"
"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\Directory\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"

#bearMan, Saving you time in windows.

Windows: Enabling CMD on all Right Clicks

Windows: Enabling CMD on all Right Clicks


This task is fairly simple, open regedit
Go to:
HKEY_CLASSES_ROOT\Directory\shell\cmd
HKEY_CLASSES_ROOT\Directory\Backgroud\shell\cmd
HKEY_CLASSES_ROOT\Drive\shell\cmd



Click on the Extended String Value and delete it, if you want it to go away again Put these String values back.

You can also rename them.

#bearMan