Novell and OpenNet - Corporate seminar

Linux, Open Source and IT related events in Pakistan (news and reports)
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

and i am not going to teach you
you can check ot by your self or keep silence
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear kbukhari,
Salam,
kbukhari wrote:and i am not going to teach you
you can check ot by your self or keep silence
Give respect and in return you will get respect :)

Best Regards.
Farrukh Ahmed
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

dear farukh i respect you and recpect linuxpakistan.net and all members exapt one
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

kbukhari wrote:and i am not going to teach you
you can check ot by your self or keep silence
i've said this before, and i'll say it again: your claims are useless unless you have facts to back them up. if you say something, be prepared to present proof. if you refuse to present facts, even a simple google link or two that proves your point (and how hard can that be, if suse's scripting support is as broken as you claim it is?), i'm simply forced to assume that you don't know what you're talking about. this feeling is reinforced by the fact that i've proven several of your your claims incorrect in the past year when it comes to basic solutions to simple tasks.

are you honestly trying to tell me that everyone else on the entire planet has problems with scripting on suse? i see no evidence of that on google! how hard can it be to find one link, just one link on google that supports your claim?

unless, of course, it's not true.
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

oh, one more thing: linuxfreak can tell you that i ask for proof every time someone makes ludicrous comments, not just you. he's seen me do this for years. so if you think i'm picking on you, it's just because lately you've been the only person making such illogical and outlandish claims.

stop and learn from your mistakes.
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

i send you the script check by your self

i have many other scripts which can not be run on suse if u have no time to install suse then beter keep quit
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

Zaheer wrote:AA,
Redhat peoples dont want Suse to be popular.Here in Karachi peoples even dont know and there are many distros but they only know redhat.
Dear Zaheer,

I used

Suse 8.0 , 9.0
SLES 10
SLED 10

Their focus is only GUI, thinks are not properly working like other linux, for example some scripts are properly not working, and some times password changing giving problem, but on the other hand there are other linux like debian,slackware,mandriva,yoper,turbolinux,yellowdog, all have no issue like that, it will take time to clear out these things, persons are only running it for small time, but if you will run servers 24/7 and do deep R&D on that, then you can understand those things, i

am not saying SUSE is bad operating system, sue is really a nice operating system but some it will take time that suse will work like other linux flavours.

I am also using suse and doing deep R&D now a days.

i'll share my ideas with you and whole linux pakistan forum.

Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

noman run my script on suse and send me the output
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

kbukhari wrote:i send you the script check by your self
all right. i found a suse box. give me the contents of this "/usr/local/kashif/arp" file, and i'll run it.
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

i have poswer failur at my home ATM
u can check this

Code: Select all

#!/bin/sh
#This fire wall is Writen By Kashif Ali Bukhari Please Contact him if you have
#any query Cell 0300-4295604 kbukhari@gmail.com

# Flushing the firewall.
iptables -F
iptables -F -t mangle
iptables -X
iptables -F -t nat
echo 1 > /proc/sys/net/ipv4/ip_forward

# Rediract web traffic on squid cache.
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

# Accepting RELATED & ESTABLISHED connections.
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# getting high preority
iptables -t nat -A PREROUTING -s 192.168.2.0/24 -d 192.168.2.0/24 -j RETURN

iptables -t mangle -A FORWARD -p udp -d 0/0 --dport 53 -j TOS --set-tos Minimize-Delay
iptables -t mangle -A FORWARD -p tcp -d 0/0 --dport 443 -j TOS --set-tos Minimize-Delay


# Script for allowing the safe ports.
pa=$(cat /etc/ipt/port-allow.conf)
for pas in $pa
do
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -p tcp   --dport $pas -j  MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -p udp   --dport $pas -j  MASQUERADE

echo "Port Allowed" $pas
done
echo "Allowing Ports done.........................."
echo ""
echo ""
#own
iptables -N port-scan
iptables -N syn-flood
iptables -A INPUT -i eth1 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j syn-flood
iptables -A INPUT -i eth1 -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -m state --state NEW -j DROP
iptables -A INPUT -i eth1 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j port-scan
iptables -A port-scan -m limit --limit 1/sec --limit-burst 4 -j RETURN
iptables -A port-scan -j DROP
iptables -A syn-flood -m limit --limit 1/sec --limit-burst 4 -j RETURN
iptables -A syn-flood -j DROP
iptables -A FORWARD -d 69.56.166.50 -j DROP
iptables -A FORWARD -d 200.183.0.43 -j DROP
iptables -A FORWARD -d 200.183.0.44 -j DROP
iptables -A FORWARD -p icmp -j DROP

# Script for allowing the safe ports.
pd=$(cat /etc/ipt/port-deny.conf)
for pds in $pd
do
iptables -t nat -A PREROUTING -p tcp -m tcp -j DROP --dport $pds
iptables -t nat -A PREROUTING -p udp -m udp -j DROP --dport $pds
echo "Port Blocked" $pds
done
echo "Blocking ports done........................."
echo ""
echo ""

# Script for adding Users in voice chat
vc=$(cat /etc/ipt/pm.conf)
for vcs in $vc
do
iptables -t nat -A POSTROUTING -j MASQUERADE  -s $vcs
echo "IP address" $vcs "is allowed in voice chat"
done
echo "Users Allowing is Done........................."
echo ""
echo ""

exit
/etc/ipt/pm.conf

Code: Select all

92.168.2.1
/etc/ipt/port-allow.conf

Code: Select all

20
21
23
25
110
143
443
456
777
7777
1863
2628
5050
5060
5061
5190
5191
5192
5193
5222
5269
6665
6666
6667
6668
6669
6891
6892
6893
6894
6895
6896
6897
6898
6899
6900
5005
5222
8602

/etc/ipt/port-deny.conf

Code: Select all

3135
1214
445
135:140
8888
5554
3128
9996
9604
5300
3306
2745
1025
6556
6129
1433
1025
1090
2745
3127
6129
8200
1433:1434
2000:2094
5200:5221
5223:6000
7780:8000
6345:6349
6881:6999
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

i don't have root access to the box, so i can't run iptables. give me something else.
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

lambda wrote:
kbukhari wrote:i send you the script check by your self
all right. i found a suse box. give me the contents of this "/usr/local/kashif/arp" file, and i'll run it.
ok
/usr/local/kashif/arp

Code: Select all

00:A0:C9:85:BE:84:102:adnan-112-nca-ip-102-Boy
11:10:5A:1F:0C:E9:103:ab-nca-214-ip-103-Boy-06-10-06
11:3A:45:A6:9A:72:104:Akber-NCA-ip-104-Boy-116-1-DDD-25-11
00:A0:C9:85:C0:CF:105:mariyamgul-ip-105-nca-Girl-20-11-06
00:00:94:7B:06:D7:106:sahar-ashraf-ip-106-nca-Girl-24-08-06-DD-19-09
00:11:10:55:04:6E:107:masum-nca-218-Boy-DDD
11:0D:87:D0:09:11:108:rahemkhan-nca-305-Boy-DDD
00:50:8B:49:CE:03:109:warden-nca-FFFF-ip-109
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

if you want a script for adding contants in
/usr/local/kashif/arp

then see

Code: Select all

#!/bin/bash

ROOT_UID=0
E_NOTROOT=67
KASHIFARP=/usr/local/kashif/arp
VCALLOW=/etc/ipt/user-vc.conf
if [ "$UID" -ne "$ROOT_UID" ]
then
  echo "Must be root to run this command."
  exit $E_NOTROOT
fi

echo "Enter client name ";read CLNAME
echo "Enter Last number of ip 204.15.15.";read CLIP
echo "Enter MAC/Physical Address E.G:- 00:AA:DD:EE:CC:FF";read MAC
if [[ $MAC =~ "[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]"  ]]
then
echo "$MAC:$CLIP:$CLNAME" >> $KASHIFARP
else
echo "BAD MAC ADDRESS"
exit
fi
echo "Allow User In Voice Chat ? (y/n)"
read CHVC
if [ $CHVC = y ]
  then
  echo  "204.15.5.$CLIP" >> $VCALLOW
        elif [ $CHVC = n ]
        then
        /usr/local/bin/kbs
        exit
  else
        echo "bad option selected "
        grep -v $MAC:$CLIP:$CLNAME $KASHIFARP > /tmp/arp
        mv /tmp/arp $KASHIFARP
fi
/usr/local/bin/kbs
exit
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

i don't know why i waste time on you, kbukhari. the following is the output of your script run on SLES9SP3-3 Revision 2 ia32e (x86_64). i changed some of the paths (like /etc/dhcpd.conf) to files in /tmp because i don't have root access, but you can confirm that it is otherwise the same script you posted up above.

Code: Select all

Script started on Wed 29 Nov 2006 12:25:45 AM PST
~ 202> uname -r
2.6.5-7.276.PTF.196309.1-smp
~ 203> cat /tmp/suse.sh
#!/bin/bash
DHCP=/tmp/dhcpd.conf
NAMED=/tmp/named.broadcast
NAMED1=/tmp/named.broadcast1
COUNT=$(cat /tmp/arp)
KASHIFARP=/tmp/arp.txt
MAC="awk -F: '{ print $1":" $2":"$3":"$4":"$5":"$6 }' /tmp/grb"
IPADDR="awk -F: '{ print "204.15.5"$7 }' /tmp/grb"
CLNAME="awk -F: '{ print $8 }' /tmp/grb"
echo "" > $DHCP
echo "" > $NAMED
echo "" > $NAMED1
echo "#ARP List For Cache" > $KASHIFARP
echo "deny unknown-clients;" > $DHCP
echo "default-lease-time 3600;" >> $DHCP
echo "ddns-update-style none;" >> $DHCP
echo "max-lease-time 7200;" >> $DHCP
echo "subnet 204.15.5.0 netmask 255.255.255.0 {" >> $DHCP
echo "        option domain-name-servers 204.15.5.1, 204.15.6.1;" >> $DHCP
echo "        option routers 204.15.5.1;" >> $DHCP
echo "        range 204.15.5.201 204.15.5.201;" >> $DHCP
echo "        }" >> $DHCP
echo "#################################################################" >> $DHCP
echo "" >> $DHCP 
echo "" >> $DHCP
  
echo """$""TTL    86400" > $NAMED
echo "@ IN      SOA     ns.namjee.net.pk root.najmee.net.pk (" >> $NAMED
echo "                          60" >> $NAMED
echo "                          3H" >> $NAMED
echo "                          15M" >> $NAMED
echo "                          1W" >> $NAMED
echo "                          1D )" >> $NAMED
echo "" >> $NAMED
echo "          IN      NS      ns.najmee.net.pk." >> $NAMED


echo """$""TTL    86400" > $NAMED1
echo "@ IN      SOA     ns.namjee.net.pk root.najmee.net.pk (" >> $NAMED1
echo "                          60" >> $NAMED1
echo "                          3H" >> $NAMED1
echo "                          15M" >> $NAMED1
echo "                          1W" >> $NAMED1
echo "                          1D )" >> $NAMED1
echo "" >> $NAMED1
echo "          IN      NS      ns.najmee.net.pk." >> $NAMED1

for I in $COUNT
do
echo $I > /tmp/grb
echo "host  $(awk -F: '{ print $8 }' /tmp/grb) {" >> $DHCP
echo "        hardware ethernet $(awk -F: '{ print $1":" $2":"$3":"$4":"$5":"$6 }' /tmp/grb);" >> $DHCP
echo "$(awk -F: '{ print $1":" $2":"$3":"$4":"$5":"$6 " #"$8 }' /tmp/grb);" >> $KASHIFARP
echo "        fixed-address $(awk -F: '{ print "204.15.5."$7 }' /tmp/grb);" >> $DHCP
echo "        }" >> $DHCP
echo "$(awk -F: '{ print $7 }' /tmp/grb ) IN    PTR     $(awk -F: '{ print $8 }' /tmp/grb)." >> $NAMED
echo "$(awk -F: '{ print $7 }' /tmp/grb ) IN    PTR     $(awk -F: '{ print $8 }' /tmp/grb)." >> $NAMED1
done
# service server restart
exit 0

~ 204> cat /tmp/arp
00:A0:C9:85:BE:84:102:adnan-112-nca-ip-102-Boy
11:10:5A:1F:0C:E9:103:ab-nca-214-ip-103-Boy-06-10-06
11:3A:45:A6:9A:72:104:Akber-NCA-ip-104-Boy-116-1-DDD-25-11
00:A0:C9:85:C0:CF:105:mariyamgul-ip-105-nca-Girl-20-11-06
00:00:94:7B:06:D7:106:sahar-ashraf-ip-106-nca-Girl-24-08-06-DD-19-09
00:11:10:55:04:6E:107:masum-nca-218-Boy-DDD
11:0D:87:D0:09:11:108:rahemkhan-nca-305-Boy-DDD
00:50:8B:49:CE:03:109:warden-nca-FFFF-ip-109
~ 205> chmod +x /tmp/suse.sh
~ 206> /tmp/suse.sh
~ 207> cat /tmp/dhcpd.conf
deny unknown-clients;
default-lease-time 3600;
ddns-update-style none;
max-lease-time 7200;
subnet 204.15.5.0 netmask 255.255.255.0 {
        option domain-name-servers 204.15.5.1, 204.15.6.1;
        option routers 204.15.5.1;
        range 204.15.5.201 204.15.5.201;
        }
#################################################################


host  adnan-112-nca-ip-102-Boy {
        hardware ethernet 00:A0:C9:85:BE:84;
        fixed-address 204.15.5.102;
        }
host  ab-nca-214-ip-103-Boy-06-10-06 {
        hardware ethernet 11:10:5A:1F:0C:E9;
        fixed-address 204.15.5.103;
        }
host  Akber-NCA-ip-104-Boy-116-1-DDD-25-11 {
        hardware ethernet 11:3A:45:A6:9A:72;
        fixed-address 204.15.5.104;
        }
host  mariyamgul-ip-105-nca-Girl-20-11-06 {
        hardware ethernet 00:A0:C9:85:C0:CF;
        fixed-address 204.15.5.105;
        }
host  sahar-ashraf-ip-106-nca-Girl-24-08-06-DD-19-09 {
        hardware ethernet 00:00:94:7B:06:D7;
        fixed-address 204.15.5.106;
        }
host  masum-nca-218-Boy-DDD {
        hardware ethernet 00:11:10:55:04:6E;
        fixed-address 204.15.5.107;
        }
host  rahemkhan-nca-305-Boy-DDD {
        hardware ethernet 11:0D:87:D0:09:11;
        fixed-address 204.15.5.108;
        }
host  warden-nca-FFFF-ip-109 {
        hardware ethernet 00:50:8B:49:CE:03;
        fixed-address 204.15.5.109;
        }
~ 208> cat /tmp/named.broadcast
$TTL    86400
@ IN      SOA     ns.namjee.net.pk root.najmee.net.pk (
                          60
                          3H
                          15M
                          1W
                          1D )

          IN      NS      ns.najmee.net.pk.
102 IN    PTR     adnan-112-nca-ip-102-Boy.
103 IN    PTR     ab-nca-214-ip-103-Boy-06-10-06.
104 IN    PTR     Akber-NCA-ip-104-Boy-116-1-DDD-25-11.
105 IN    PTR     mariyamgul-ip-105-nca-Girl-20-11-06.
106 IN    PTR     sahar-ashraf-ip-106-nca-Girl-24-08-06-DD-19-09.
107 IN    PTR     masum-nca-218-Boy-DDD.
108 IN    PTR     rahemkhan-nca-305-Boy-DDD.
109 IN    PTR     warden-nca-FFFF-ip-109.
~ 209> cat /tmp/named.broadcast1
$TTL    86400
@ IN      SOA     ns.namjee.net.pk root.najmee.net.pk (
                          60
                          3H
                          15M
                          1W
                          1D )

          IN      NS      ns.najmee.net.pk.
102 IN    PTR     adnan-112-nca-ip-102-Boy.
103 IN    PTR     ab-nca-214-ip-103-Boy-06-10-06.
104 IN    PTR     Akber-NCA-ip-104-Boy-116-1-DDD-25-11.
105 IN    PTR     mariyamgul-ip-105-nca-Girl-20-11-06.
106 IN    PTR     sahar-ashraf-ip-106-nca-Girl-24-08-06-DD-19-09.
107 IN    PTR     masum-nca-218-Boy-DDD.
108 IN    PTR     rahemkhan-nca-305-Boy-DDD.
109 IN    PTR     warden-nca-FFFF-ip-109.
~ 210> rm /tmp/arp /tmp/dhcpd.conf /tmp/named.broadcast /tmp/named.broadcast1 
rm: remove regular file `/tmp/arp'? y
rm: remove regular file `/tmp/dhcpd.conf'? y
rm: remove regular file `/tmp/named.broadcast'? y
rm: remove regular file `/tmp/named.broadcast1'? y
~ 211> exit
exit

Script done on Wed 29 Nov 2006 12:27:50 AM PST
what do you say now, kbukhari?
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

ok
but same thing where not running for me
i will post you tomorow about my result
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
Post Reply