CA server set up in ubuntu

This post is regarding CA server setup in ubuntu linux.

• Go to /usr/lib/ssl/misc
• any specific configuration please edit /usr/lib/ssl/openssl.cnf
• sh CA.sh -newca
• Now give distinguish name attributes (subject name)
• Go to demoCA folder
• find cacert.pem this is your CA certificate
• to generate a CA signed certificate use the following commads

openssl x509 -req -days 365 -in .cer -CA cacert.pem -CAkey private/cakey.pem -CAcreateserial -outform PEM -out .pem

How to reset fortigate firewall password

Do the following things to reset the fortigate firewall password

1. Connect serial port(Baud 9600, 8 bit , none , 1 none)
   
2. Type in the username: maintainer
3. The password is bcpb + The serienumber of the firewall (remember CAPS letters)
   1. Note that on some devices, after the device boots, you have 14 seconds to type in the username and password. It might, therefore, be necessary to have them ready in a text editor, and then copy and paste them into the login screen.
4. Now you should be connected to the firewall, and to change the admin password you type the following.
   1. config system admin
   2. edit admin
   3. set password
   4. end

from website http://www.afterschool.dk/documents/network/fortigate-password-reset/

How to upgrade a cisco IOS image

With working image:

1. Install/prepare a tftp server like 3CDaemon and make sure that it is reachable from router

2. First of all before upgrading any working image take a backup

3. For taking a backup use following commands

     2600#copy flash tftp

give the tftp server ip address, destination file name

4. For uploading run following commands

      2600#copy tftp flash

give source and destination file names and tftp server ip address

In case you don't have a working image and unable to boot router

1. Reboot Router and press cntrl+break . Now you will be in rommon mode.

2. Now give IP_ADDRESS, IP_ADDRESS_NETMASK, DEFAULT_GATEWAY,TFTP_SERVER,TFTP_FILE

3. finally give commands tftpdnld

4. Now rommon > confreg 0x2102

5 rommon >reset

6 set boot image from

2600(config)#no boot system
2600(config)#boot system flash 

Now you have done !!

How to dump postgres database

1. use pg_dump to dump database

pg_dump dbname | gzip > filename.gz

2.   The restore it 
createdb dbname
gunzip -c filename.gz | psql dbname

How to install an application in linux using tar.gz file

1. copy in a suitable location mainly /usr/local/ then run following command
tar -zxvf .tar.gz

2. change dir to /usr/local/

3. run ./configure --help

4. set appropriate options and run ./configure --[options]

5. run command make

6. if available run make test

7. at last run make install

8. here you have done

9. set the PATH to include the lib files of above application

10 Good luck

How to configure IPSEC on linux

Scientific Linux or fedora/RHEL comes with ipsec-tools.
Host-to host config:
configure ifcfg-ipsec[number] on both machine

DST=X.X.X.X
TYPE=IPSEC
ONBOOT=yes
IKE_METHOD=PSK

Configure keys-ipsec[number]
IKE_PSK=secretkey

use setkey -f [filename] to set policy

use ifup ipsec[number] to start encryption.

use command tcpdump -n -i host [IPaddress of other machine] to find out whether encryption is taking place or not.

How to start service in LINUX on startup

To start a service in Linux on startup there are two methods.

i) if it is standard service and has a script in /etc/init.d just check its status

chkconfig --list service name

if is off

make it on by the following commands

chkconfig service name on

Similarly you can make a service off by following command

chkconfig service name off

other way write a script put it in /etc/init.d

add run following command

chkconfig --add service name
chkconfig service name on

simlarly you can remove a service for the list

chkconfig --del service name

ii) put the startup code in rc.local file.