The latest articles on DEV Community by OpenLAB (@openlab). https://dev.to/openlab https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F2337%2F200bb3a9-e3bf-4a5b-8123-ac6833538d73.png https://dev.to/openlab en Doğukan Eren Wed, 27 Sep 2023 13:21:19 +0000 https://dev.to/openlab/setting-and-displaying-patronis-max-connection-count-32dm https://dev.to/openlab/setting-and-displaying-patronis-max-connection-count-32dm <p>Patroni configuration are mainly stored in patroni.yaml. Find the path of that yaml.</p> <p><strong><em>Not: Patroni configurations are primarily stored in patroni.yaml. Find the path to that YAML file.</em></strong></p> <p>This command lists Patroni clusters and hosts.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>patronictl <span class="nt">-c</span> /etc/patroni.yml list </code></pre> </div> <p>To edit PostgreSQL settings in Patroni, you can use the 'edit-config' command.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>patronictl <span class="nt">-c</span> /etc/patroni.yaml edit-config </code></pre> </div> <p>Modify the '<strong>max_connections</strong>' line within 'postgresql.parameters', and create it if it does not already exist.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>. postgresql parameters max_connections: 200 . </code></pre> </div> <p>To display the maximum monitor count, you can connect to your Patroni cluster using psql, and then run the script below to show the maximum connection count.</p> <p><strong><em>To query to patroni server we can use below comamnd:</em></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>psql <span class="nt">-h</span> &lt;patroni_ha_ip&gt; <span class="nt">-U</span> &lt;username&gt; <span class="nt">-p</span> &lt;ha_db_port&gt; <span class="nt">-W</span> </code></pre> </div> <p>On psql<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SHOW</span> <span class="n">max_connections</span><span class="p">;</span> </code></pre> </div> <p>OR<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">current_setting</span><span class="p">(</span><span class="s1">'max_connections'</span><span class="p">);</span> </code></pre> </div> database postgres linux beginners Doğukan Eren Wed, 27 Sep 2023 08:37:24 +0000 https://dev.to/openlab/how-to-disable-ssl-control-on-redhat-subscriptions-1j8n https://dev.to/openlab/how-to-disable-ssl-control-on-redhat-subscriptions-1j8n <p>If you encounter an <strong>error</strong> during the subscription process on your RedHat systems, specifically the error message<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>'Unable to verify server's identity: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618),' </code></pre> </div> <p>You can resolve it by modifying the <strong>'insecure'</strong><br> label in the <strong>rhsm.conf</strong> configuration file. Change the value from 0 to 1 using the following commands located at <strong><em>/etc/rhsm/rhsm.conf</em></strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>vi /etc/rhsm/rhsm.conf </code></pre> </div> <p>Edit the insecure line 0 to 1<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Set to 1 to disable certificate validation:</span> insecure <span class="o">=</span> 1 </code></pre> </div> linux beginners tutorial security Rümeysa Öz Fri, 11 Aug 2023 11:29:16 +0000 https://dev.to/openlab/ubuntu-2204-using-ntp-and-disabling-it-31f1 https://dev.to/openlab/ubuntu-2204-using-ntp-and-disabling-it-31f1 <h1> 1. Configuring NTP with Netplan </h1> <p>Netplan is a tool used for network configuration management on Ubuntu. You can use Netplan to control the use of NTP over DHCP.</p> <p><strong>1.1. Opening the Netplan Configuration File:</strong></p> <p>The Netplan configuration file is usually found under the /etc/netplan/ directory. To edit this file, use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/netplan/00-installer-config.yaml </code></pre> </div> <p><strong>1.2. Adding NTP Settings:</strong></p> <p>In the opened file, you can prevent NTP from being used over DHCP by adding the following configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">network</span><span class="pi">:</span> <span class="na">ethernets</span><span class="pi">:</span> <span class="na">ens18</span><span class="pi">:</span> <span class="c1"># This should be changed according to your network adapter's name.</span> <span class="na">renderer</span><span class="pi">:</span> <span class="s">networkd</span> <span class="na">dhcp4</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">dhcp4-overrides</span><span class="pi">:</span> <span class="na">use-ntp</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">version</span><span class="pi">:</span> <span class="m">2</span> </code></pre> </div> <p>Save your changes and exit the file.</p> <h1> 2. Applying the Configuration </h1> <p>To apply the configuration, run the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>netplan apply </code></pre> </div> <p>This command will activate the changes you made.</p> <h1> 3. Default Usage of NTP </h1> <p>By default, Ubuntu has DHCP set to use NTP. However, in certain situations, you may want to disable this feature.</p> <p><strong>3.1. Default Usage of NTP over DHCP:</strong></p> <p>By default in Netplan, DHCP is set to use NTP with the <u><strong>use-ntp: true</strong></u> setting. However, if you want to disable this feature, you need to set the <u><strong>use-ntp: false</strong></u> value under <strong>dhcp4-overrides</strong>. This has been shown in the configuration mentioned above.</p> <p><strong>REFERENCES:</strong></p> <ul> <li><a href="https://netplan.readthedocs.io/en/latest/netplan-yaml/">https://netplan.readthedocs.io/en/latest/netplan-yaml/</a></li> <li><a href="https://cloudinit.readthedocs.io/en/latest/reference/network-config-format-v2.html">https://cloudinit.readthedocs.io/en/latest/reference/network-config-format-v2.html</a></li> </ul> ubuntu ntp timedatectl netplan Doğukan Eren Sun, 06 Aug 2023 20:32:15 +0000 https://dev.to/openlab/nexus-oss-create-postgresql-repository-using-apt-proxy-1423 https://dev.to/openlab/nexus-oss-create-postgresql-repository-using-apt-proxy-1423 <p>Using Nexus OSS, you can create, manage, and publish your own repositories. Additionally, you can utilize the "apt proxy" feature to publish existing repository content from your server.</p> <p>You can access our article on the <strong>installation</strong> of Nexus OSS from <a href="https://dev.to/aciklab/ubuntu-2204-nexus-oss-kurulumu-6gk">here</a>.<br> You can also access our article on <strong>creating</strong> an apt repository on Nexus OSS from <a href="https://dev.to/aciklab/nexus-oss-repository-apt-repository-proxy-olusturma-4mj1">here</a>.</p> <p>Let's proceed with creating the Postgresql repository on Nexus OSS.</p> <h1> 1- Log in to the Nexus OSS interface with an authorized user </h1> <p>After the installation, the default admin user is available, and you can find its password by using the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> /opt/sonatype/sonatype-work/nexus3/admin.password </code></pre> </div> <h1> 2- Creating a Repository </h1> <p>a- Let's go to the "Repository" page under the "Settings" section.</p> <p>b- After that, click on the "Repositories" tab under "Repository," and on the opened page, click the "Create Repository" button.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5js1gso1frxujgh8dqbs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5js1gso1frxujgh8dqbs.png" alt="Image description" width="633" height="185"></a></p> <p>Let's proceed by selecting the "apt proxy" option from the opened page.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3r4znmyvjgji9s7e8wok.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3r4znmyvjgji9s7e8wok.png" alt="Image description" width="361" height="278"></a></p> <h1> 3- Let's configure our Postgresql Repository. </h1> <p>Let's enter the address of the Postgresql repository as shown below in the <strong>Remote repository</strong> field:</p> <p><a href="http://apt.postgresql.org/pub/repos/apt/" rel="noopener noreferrer">http://apt.postgresql.org/pub/repos/apt/</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhi9eka3ya3oe502dcjzk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhi9eka3ya3oe502dcjzk.png" alt="Image description" width="800" height="784"></a></p> <h1> 4- Let's save it. </h1> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsny25vc45lhx3x8v8cay.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsny25vc45lhx3x8v8cay.png" alt="Image description" width="207" height="40"></a></p> <p>You can save it by clicking on the <strong>Create Repository</strong> button located at the bottom.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F71y7x6wexysgolwzhjrr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F71y7x6wexysgolwzhjrr.png" alt="Image description" width="800" height="92"></a></p> <p>When we navigate to the "Repositories" page, we will see the newly added repository listed. By clicking on the "Copy" button, we can access our newly created Postgresql repository on our server.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy571m5y619z3iid93edx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy571m5y619z3iid93edx.png" alt="Image description" width="428" height="188"></a></p> <p>When we visit the relevant URL, the repository will appear in front of us.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzujeij3dtfqbjv0s41m1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzujeij3dtfqbjv0s41m1.png" alt="Image description" width="635" height="194"></a></p> <h2> <strong><em>Optional</em></strong> </h2> <h1> Adding the new repository to Linux client machines. </h1> <p>If your client machine is Ubuntu 22, you can run the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="s2">"deb [trusted=yes] http://192.168.122.100:8081/repository/hosted-postgresql-hdd/ jammy-pgdg main"</span> <span class="o">&gt;</span> /etc/apt/sources.list.d/nexus.list </code></pre> </div> <p><em>Note: If not, you can proceed by customizing the <strong>jammy-pgdg</strong> part to match your own version.</em></p> <p>You can check if it is working by running the <strong>apt update</strong> command.</p> postgresq beginners tutorial linux oz9un Tue, 02 Nov 2021 05:14:07 +0000 https://dev.to/openlab/creating-opensslconf-for-windows-104g https://dev.to/openlab/creating-opensslconf-for-windows-104g <p>In this chapter, I will explain how to create <strong>openssl.conf</strong> file with the way that Windows can process it.</p> <h2> Parts to be changed in the default openssl.conf: </h2> <p>For creating a default <a href="https://jamielinux.com/docs/openssl-certificate-authority/appendix/root-configuration-file.html" rel="noopener noreferrer">openssl.conf</a>, Jamie's amazing <a href="https://jamielinux.com/docs/openssl-certificate-authority/" rel="noopener noreferrer">article</a> would be a good start point.</p> <p>There are many differences between original Windows certificates and those created with using OpenSSL on Linux:</p> <p> </p> <h3> Difference 1 → Issuer: </h3> <p>Issuer is one of the most important field in the certificates. This must be interpreted correctly in order to make Windows accept our handcrafted certificate. </p> <p>Difference between certificate created with default openssl.conf and original Windows certificate:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffvdm0htr8fjf39xt1ydu.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffvdm0htr8fjf39xt1ydu.png" alt="diff"></a></p> <p> </p> <h3> Solution for Difference 1: </h3> <p>In this part, we define the section for the <strong>req</strong> command. </p> <p>We can edit default_bits, default_md parts. But most importantly, we can change how to form the <strong>DN</strong> with editing the <strong>req_distinguished_name</strong> section.</p> <p>Default <strong>[ req ]</strong> part would be similar to:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> [ req ] default_bits = 2048 distinguished_name = req_distinguished_name string_mask = utf8only default_md = sha256 x509_extensions = v3_ca </code></pre> </div> <p>Corresponding default [ req_distinguished_name ] :</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="o">[</span> req_distinguished_name <span class="o">]</span> <span class="c"># See &lt;https://en.wikipedia.org/wiki/Certificate_signing_request&gt;.</span> countryName <span class="o">=</span> Country Name <span class="o">(</span>2 letter code<span class="o">)</span> stateOrProvinceName <span class="o">=</span> State or Province Name localityName <span class="o">=</span> Locality Name 0.organizationName <span class="o">=</span> Organization Name organizationalUnitName <span class="o">=</span> Organizational Unit Name commonName <span class="o">=</span> Common Name emailAddress <span class="o">=</span> Email Address </code></pre> </div> <p>As you can see, there are lots of fields like countryName, stateOrProvinceName, localityName...</p> <p>This is why we see lots of information in the 'Issuer' field of the certificates created with OpenSSL. </p> <p>Edited <strong>[ req_distinguished_name ]</strong> should be similar to:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="o">[</span> req_distinguished_name <span class="o">]</span> 1.DC <span class="o">=</span> com 0.DC <span class="o">=</span> company DC <span class="o">=</span> subdomain commonName <span class="o">=</span> Common Name </code></pre> </div> <p>And user should type in that order:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0lhyee9os78ht3c8nkon.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0lhyee9os78ht3c8nkon.png" alt="order"></a></p> <p>As a result, we successfully created a valid issuer:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg8sqrtvmudgi617pp2cu.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg8sqrtvmudgi617pp2cu.png" alt="result1"></a></p> <p> </p> <h3> Difference 2 → Missing Fields: </h3> <p>Two fields, "Certificate Template Name" and "CA Version", are not available on the certificate that created with OpenSSL on Linux.</p> <p>It is hard to know about which fields are precisely checked when tricking Windows to accept your handcrafted OpenSSL certificate, but I think it is a good practice to make your certificate look exactly like the original one.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faq7b29a6dx2wdz2kzmyt.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faq7b29a6dx2wdz2kzmyt.png" alt="missingfields"></a></p> <p> </p> <h3> Solution for Difference 2: </h3> <p>Firstly, define OID's at the top of our openssl.conf file:</p> <div class="highlight js-code-highlight"> <pre class="highlight scheme"><code> <span class="nv">oid_section</span> <span class="nv">=</span> <span class="nv">OIDs</span> <span class="p">[</span> <span class="nv">OIDs</span> <span class="p">]</span> <span class="nv">certificateTemplateName</span> <span class="nv">=</span> <span class="mf">1.3</span><span class="o">.</span><span class="mf">6.1</span><span class="o">.</span><span class="mf">4.1</span><span class="o">.</span><span class="mf">311.20</span><span class="o">.</span><span class="mi">2</span> <span class="nv">caVersion</span> <span class="nv">=</span> <span class="mf">1.3</span><span class="o">.</span><span class="mf">6.1</span><span class="o">.</span><span class="mf">4.1</span><span class="o">.</span><span class="mf">311.21</span><span class="o">.</span><span class="mi">1</span> </code></pre> </div> <blockquote> <p>We can skip the definition of the OID's and use the OID directly, of course. But defining them first and using them as variables would be a good practice.</p> </blockquote> <p>Secondly, create a new requirement in <strong>[ reg ],</strong> let's say <strong>v3_req</strong> :</p> <div class="highlight js-code-highlight"> <pre class="highlight scheme"><code> <span class="p">[</span> <span class="nv">req</span> <span class="p">]</span> <span class="nv">default_bits</span> <span class="nv">=</span> <span class="mi">2048</span> <span class="nv">distinguished_name</span> <span class="nv">=</span> <span class="nv">req_distinguished_name</span> <span class="nv">string_mask</span> <span class="nv">=</span> <span class="nv">default</span> <span class="nv">default_md</span> <span class="nv">=</span> <span class="nv">sha256</span> <span class="nv">x509_extensions</span> <span class="nv">=</span> <span class="nv">v3_ca</span> <span class="nv">req_extensions</span> <span class="nv">=</span> <span class="nv">v3_req</span> </code></pre> </div> <p>Lastly, define <strong>[ v3_req ]</strong> :</p> <div class="highlight js-code-highlight"> <pre class="highlight scheme"><code> <span class="p">[</span> <span class="nv">v3_req</span> <span class="p">]</span> <span class="nv">subjectKeyIdentifier</span> <span class="nv">=</span> <span class="nv">hash</span> <span class="nv">basicConstraints</span> <span class="nv">=</span> <span class="nv">critical,</span> <span class="nv">CA:true</span> <span class="nv">keyUsage</span> <span class="nv">=</span> <span class="nv">digitalSignature,</span> <span class="nv">cRLSign,</span> <span class="nv">keyCertSign</span> <span class="nv">certificateTemplateName</span> <span class="nv">=</span> <span class="nv">ASN1:PRINTABLESTRING:CA</span> <span class="nv">caVersion</span> <span class="nv">=</span> <span class="nv">ASN1:INTEGER:0</span> </code></pre> </div> <p>After that, you should create your certificate with the following parameter:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nt">-extensions</span> v3_req </code></pre> </div> <p>As a result, we successfully created our certificate fields:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F87i44tvxoysjt6cgyp7p.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F87i44tvxoysjt6cgyp7p.png" alt="result2"></a></p> <p> </p> <h2> Final: </h2> <p>We have successfully created our openssl.conf!<br> You can view the whole openssl.conf file from: <a href="https://gist.github.com/oz9un/60cb7d491989002578d7d763dfda333c" rel="noopener noreferrer">GitHub Gist</a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmedia4.giphy.com%2Fmedia%2FnCRkXBaeCPyeX1fkrc%2Fgiphy.gif%3Fcid%3Decf05e47k54y73o40fa5zl14tw2o0pgpq90lalfatqndx668%26rid%3Dgiphy.gif%26ct%3Dg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmedia4.giphy.com%2Fmedia%2FnCRkXBaeCPyeX1fkrc%2Fgiphy.gif%3Fcid%3Decf05e47k54y73o40fa5zl14tw2o0pgpq90lalfatqndx668%26rid%3Dgiphy.gif%26ct%3Dg" alt="final"></a></p> openssl windows certificate linux oz9un Thu, 21 Oct 2021 05:33:41 +0000 https://dev.to/openlab/sysmonforlinux-logging-file-create-events-2bck https://dev.to/openlab/sysmonforlinux-logging-file-create-events-2bck <p>In this article, I will explain how to use SysmonForLinux and how to create specific configurations to keep track of file creation events.</p> <p>For further information about events and configuration options; you can visit my github repository: <a href="https://github.com/oz9un/SysmonForLinux-Manual" rel="noopener noreferrer">oz9un</a></p> <p> </p> <h2> Sysmon in a nutshell: </h2> <p><strong>Sysmon</strong> (System Monitor) is a Windows system service that logs system activity to the Windows event log. Now, it is available for <strong>Linux</strong> too! </p> <p>It was developed by Microsoft as an open source project. Even though it is doubtful to see such a contribution, I am very glad about it 🤭</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmedia4.giphy.com%2Fmedia%2FANbD1CCdA3iI8%2Fgiphy.gif%3Fcid%3Decf05e47chlsv1aaptk03nsstucjmbytwln7w8t9locgvmfi%26rid%3Dgiphy.gif%26ct%3Dg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmedia4.giphy.com%2Fmedia%2FANbD1CCdA3iI8%2Fgiphy.gif%3Fcid%3Decf05e47chlsv1aaptk03nsstucjmbytwln7w8t9locgvmfi%26rid%3Dgiphy.gif%26ct%3Dg" alt="sus_gif"></a></p> <p> </p> <h2> File Create event: </h2> <p>As its name suggests, this event detects when a file is created on Linux systems.</p> <p>This event can be especially useful when tracking auto-startup folders and folders where everyone has a permission to create files. Because most of the time, they are the main targets of malicious users 👹.</p> <p>A normal file creation event log would looks like this:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4x8zf6qaw3r9m1164w7d.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4x8zf6qaw3r9m1164w7d.png" alt="FileCreation Event Log"></a></p> <p> </p> <h2> Configuring File Create event: </h2> <p>By default, SysmonForLinux logs every file creation events. But we are talking about Linux. Even if you connect to a server via SSH; that results in the creation of many tmp files.</p> <p>As a result, you can guess how chaotic the log file has become. This is why we don't want to log everything, especially in case of file creation event.</p> <p>File Create event has 7 different description fields that we can use as filters:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbw6rxk7loe0i65y60rx1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbw6rxk7loe0i65y60rx1.png" alt="Description Fields"></a><br> You can view all description fields for each event on my <a href="https://github.com/oz9un/SysmonForLinux-Manual" rel="noopener noreferrer">github</a> page!</p> <p>When creating a configuration file (xml) for SysmonForLinux, we can use this fields as a filter.</p> <p> </p> <h2> Example scenario: </h2> <p>Suppose you want to keep log of the every file creation event with the following properties:</p> <ul> <li>File should be created in <em>/tmp</em> or under <em>/home/secret</em> folder.</li> <li>File should be created in <em>October 2021</em>.</li> <li>File shouldn't be created with <em>/usr/sbin/cups-browsed</em> daemon (This printer daemon uses /tmp file quite often).</li> </ul> <p>Desired configuration file should looks like that:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="c">&lt;!-- Event ID 11 == FileCreate. Log what we want! --&gt;</span> <span class="nt">&lt;RuleGroup</span> <span class="na">name=</span><span class="s">""</span> <span class="na">groupRelation=</span><span class="s">"and"</span><span class="nt">&gt;</span> <span class="nt">&lt;FileCreate</span> <span class="na">onmatch=</span><span class="s">"include"</span><span class="nt">&gt;</span> <span class="nt">&lt;TargetFilename</span> <span class="na">condition=</span><span class="s">"contains any"</span><span class="nt">&gt;</span>/home/secret/;/tmp/<span class="nt">&lt;/TargetFilename&gt;</span> <span class="nt">&lt;UtcTime</span> <span class="na">condition=</span><span class="s">"contains"</span><span class="nt">&gt;</span>2021-10<span class="nt">&lt;/UtcTime&gt;</span> <span class="nt">&lt;/FileCreate&gt;</span> <span class="nt">&lt;FileCreate</span> <span class="na">onmatch=</span><span class="s">"exclude"</span><span class="nt">&gt;</span> <span class="nt">&lt;Image</span> <span class="na">condition=</span><span class="s">"is"</span><span class="nt">&gt;</span>/usr/sbin/cups-browsed<span class="nt">&lt;/Image&gt;</span> <span class="nt">&lt;/FileCreate&gt;</span> <span class="nt">&lt;/RuleGroup&gt;</span> </code></pre> </div> <p>You can view the whole configuration file from: <a href="https://github.com/oz9un/SysmonForLinux-Manual/blob/main/Description%20Field%20Examples/FileCreate_ExampleScenario.xml" rel="noopener noreferrer">Example Scenario</a></p> <p> </p> <h2> Results: </h2> <p>To view sysmon's log file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">tail</span> <span class="nt">-f</span> /var/log/syslog | <span class="nb">sudo</span> /opt/sysmon/sysmonLogView <span class="nt">-X</span> </code></pre> </div> <p>Output:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh3ujafruawscruow8w2c.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh3ujafruawscruow8w2c.png" alt="Sysmon Log Output"></a></p> <p>As you can see, we successfully created a configuration file according to our properties and caught some malicious events already!</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmedia4.giphy.com%2Fmedia%2FTOWeGr70V2R1K%2Fgiphy.gif%3Fcid%3Decf05e47a1op0mndh2ygfi3sf7fx21ioab3rxnp60jdeezsn%26rid%3Dgiphy.gif%26ct%3Dg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmedia4.giphy.com%2Fmedia%2FTOWeGr70V2R1K%2Fgiphy.gif%3Fcid%3Decf05e47a1op0mndh2ygfi3sf7fx21ioab3rxnp60jdeezsn%26rid%3Dgiphy.gif%26ct%3Dg" alt="hacker_gif"></a></p> <p> </p> <h2> End &amp; Contact: </h2> <p>This is at the end of my first post about SysmonForLinux. I plan to write much more on this subject as I find time. I would be very happy if you can give a feedback. Stay in touch!</p> <p>Github: <a href="https://github.com/oz9un" rel="noopener noreferrer">https://github.com/oz9un</a><br> Twitter: <a href="https://twitter.com/oz9un" rel="noopener noreferrer">https://twitter.com/oz9un</a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmedia4.giphy.com%2Fmedia%2FiPiUxztIL4Sl2%2Fgiphy.gif%3Fcid%3Decf05e47u8cqoaovibilphanyitfewmsnw8wa7c35tqxez0p%26rid%3Dgiphy.gif%26ct%3Dg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fmedia4.giphy.com%2Fmedia%2FiPiUxztIL4Sl2%2Fgiphy.gif%3Fcid%3Decf05e47u8cqoaovibilphanyitfewmsnw8wa7c35tqxez0p%26rid%3Dgiphy.gif%26ct%3Dg" alt="cat_gif"></a></p> sysmon linux log devops Rıdvan Tülemen Wed, 30 Jun 2021 19:31:52 +0000 https://dev.to/openlab/ldap-authentication-in-golang-with-bind-and-search-47h5 https://dev.to/openlab/ldap-authentication-in-golang-with-bind-and-search-47h5 <p>If you are familiar with the <strong>Windows Active Directory</strong> or <strong>Samba</strong>, you may have already heard about <strong>LDAP</strong>. But if you didn't, <a href="https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol"><em>here is the description in Wikipedia.</em></a></p> <blockquote> <p><strong>Lightweight Directory Access Protocol (LDAP)</strong> is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.</p> </blockquote> <h2> Creating our project </h2> <p>First of all, we need to <strong>download the library</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>go get github.com/go-ldap/ldap </code></pre> </div> <h3> Variables </h3> <p>Now, we can start using the library. Firstly, we are creating the variables to use them later(If you are going to use <strong>anonymous bind</strong>, you only need <strong>Filter</strong>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">const</span> <span class="p">(</span> <span class="n">BindUsername</span> <span class="o">=</span> <span class="s">"user@example.com"</span> <span class="n">BindPassword</span> <span class="o">=</span> <span class="s">"password"</span> <span class="n">FQDN</span> <span class="o">=</span> <span class="s">"DC.example.com"</span> <span class="n">BaseDN</span> <span class="o">=</span> <span class="s">"cn=Configuration,dc=example,dc=com"</span> <span class="n">Filter</span> <span class="o">=</span> <span class="s">"(objectClass=*)"</span> <span class="p">)</span> </code></pre> </div> <h3> Connect </h3> <p>To connect to <strong>LDAP</strong>, we can use <code>ldap.DialURL()</code> func. Followed function is solely created to <strong>connect</strong> to an LDAP server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Ldap Connection without TLS</span> <span class="k">func</span> <span class="n">Connect</span><span class="p">()</span> <span class="p">(</span><span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">Conn</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// You can also use IP instead of FQDN</span> <span class="n">l</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ldap</span><span class="o">.</span><span class="n">DialURL</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ldap://%s:389"</span><span class="p">,</span> <span class="n">FQDN</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">l</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h3> TLS Connect </h3> <p>If you need <strong>TLS Connection</strong>, you can use the function below:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Ldap Connection with TLS</span> <span class="k">func</span> <span class="n">ConnectTLS</span><span class="p">()</span> <span class="p">(</span><span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">Conn</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// You can also use IP instead of FQDN</span> <span class="n">l</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ldap</span><span class="o">.</span><span class="n">DialURL</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ldaps://%s:636"</span><span class="p">,</span> <span class="n">FQDN</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">l</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h3> Anonymous Bind and Search </h3> <p>If you want <strong>anonymous bind</strong> in your project, you can use this function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Anonymous Bind and Search</span> <span class="k">func</span> <span class="n">AnonymousBindAndSearch</span><span class="p">(</span><span class="n">l</span> <span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">Conn</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">SearchResult</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">l</span><span class="o">.</span><span class="n">UnauthenticatedBind</span><span class="p">(</span><span class="s">""</span><span class="p">)</span> <span class="n">anonReq</span> <span class="o">:=</span> <span class="n">ldap</span><span class="o">.</span><span class="n">NewSearchRequest</span><span class="p">(</span> <span class="s">""</span><span class="p">,</span> <span class="n">ldap</span><span class="o">.</span><span class="n">ScopeBaseObject</span><span class="p">,</span> <span class="c">// you can also use ldap.ScopeWholeSubtree</span> <span class="n">ldap</span><span class="o">.</span><span class="n">NeverDerefAliases</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="no">false</span><span class="p">,</span> <span class="n">Filter</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{},</span> <span class="no">nil</span><span class="p">,</span> <span class="p">)</span> <span class="n">result</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">l</span><span class="o">.</span><span class="n">Search</span><span class="p">(</span><span class="n">anonReq</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"Anonymous Bind Search Error: %s"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">result</span><span class="o">.</span><span class="n">Entries</span><span class="p">)</span> <span class="o">&gt;</span> <span class="m">0</span> <span class="p">{</span> <span class="n">result</span><span class="o">.</span><span class="n">Entries</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">Print</span><span class="p">()</span> <span class="k">return</span> <span class="n">result</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"Couldn't fetch anonymous bind search entries"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Bind and Search </h3> <p>If you prefer <strong>normal binding</strong> instead:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Normal Bind and Search</span> <span class="k">func</span> <span class="n">BindAndSearch</span><span class="p">(</span><span class="n">l</span> <span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">Conn</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">SearchResult</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">l</span><span class="o">.</span><span class="n">Bind</span><span class="p">(</span><span class="n">BindUsername</span><span class="p">,</span> <span class="n">BindPassword</span><span class="p">)</span> <span class="n">searchReq</span> <span class="o">:=</span> <span class="n">ldap</span><span class="o">.</span><span class="n">NewSearchRequest</span><span class="p">(</span> <span class="n">BaseDN</span><span class="p">,</span> <span class="n">ldap</span><span class="o">.</span><span class="n">ScopeBaseObject</span><span class="p">,</span> <span class="c">// you can also use ldap.ScopeWholeSubtree</span> <span class="n">ldap</span><span class="o">.</span><span class="n">NeverDerefAliases</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="no">false</span><span class="p">,</span> <span class="n">Filter</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{},</span> <span class="no">nil</span><span class="p">,</span> <span class="p">)</span> <span class="n">result</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">l</span><span class="o">.</span><span class="n">Search</span><span class="p">(</span><span class="n">searchReq</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"Search Error: %s"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">result</span><span class="o">.</span><span class="n">Entries</span><span class="p">)</span> <span class="o">&gt;</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="n">result</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"Couldn't fetch search entries"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Main Func </h3> <p>Last of all, we need to create a main function to use these functions:</p> <h4> Bind and Search with TLS Connection </h4> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="c">// TLS Connection</span> <span class="n">l</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ConnectTLS</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">l</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="c">// Normal Bind and Search</span> <span class="n">result</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">BindAndSearch</span><span class="p">(</span><span class="n">l</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">result</span><span class="o">.</span><span class="n">Entries</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">Print</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <h4> Anonymous Bind and Search with Non-TLS Connection </h4> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Non-TLS Connection</span> <span class="n">l</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">Connect</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">l</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="c">// Anonymous Bind and Search</span> <span class="n">result</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">AnonymousBindAndSearch</span><span class="p">(</span><span class="n">l</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">result</span><span class="o">.</span><span class="n">Entries</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">Print</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <h2> Conclusion </h2> <p>After these functions, I believe you can start using LDAP authentication, bind and search. At the end, the code should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"log"</span> <span class="s">"github.com/go-ldap/ldap/v3"</span> <span class="p">)</span> <span class="k">const</span> <span class="p">(</span> <span class="n">BindUsername</span> <span class="o">=</span> <span class="s">"user@example.com"</span> <span class="n">BindPassword</span> <span class="o">=</span> <span class="s">"password"</span> <span class="n">FQDN</span> <span class="o">=</span> <span class="s">"DC.example.com"</span> <span class="n">BaseDN</span> <span class="o">=</span> <span class="s">"cn=Configuration,dc=example,dc=com"</span> <span class="n">Filter</span> <span class="o">=</span> <span class="s">"(objectClass=*)"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="c">// TLS Connection</span> <span class="n">l</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ConnectTLS</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">l</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="c">// Non-TLS Connection</span> <span class="c">//l, err := Connect()</span> <span class="c">//if err != nil {</span> <span class="c">// log.Fatal(err)</span> <span class="c">//}</span> <span class="c">//defer l.Close()</span> <span class="c">// Anonymous Bind and Search</span> <span class="n">result</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">AnonymousBindAndSearch</span><span class="p">(</span><span class="n">l</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">result</span><span class="o">.</span><span class="n">Entries</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">Print</span><span class="p">()</span> <span class="c">// Normal Bind and Search</span> <span class="n">result</span><span class="p">,</span> <span class="n">err</span> <span class="o">=</span> <span class="n">BindAndSearch</span><span class="p">(</span><span class="n">l</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">result</span><span class="o">.</span><span class="n">Entries</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">Print</span><span class="p">()</span> <span class="p">}</span> <span class="c">// Ldap Connection with TLS</span> <span class="k">func</span> <span class="n">ConnectTLS</span><span class="p">()</span> <span class="p">(</span><span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">Conn</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// You can also use IP instead of FQDN</span> <span class="n">l</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ldap</span><span class="o">.</span><span class="n">DialURL</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ldaps://%s:636"</span><span class="p">,</span> <span class="n">FQDN</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">l</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="c">// Ldap Connection without TLS</span> <span class="k">func</span> <span class="n">Connect</span><span class="p">()</span> <span class="p">(</span><span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">Conn</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// You can also use IP instead of FQDN</span> <span class="n">l</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ldap</span><span class="o">.</span><span class="n">DialURL</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"ldap://%s:389"</span><span class="p">,</span> <span class="n">FQDN</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">l</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="c">// Anonymous Bind and Search</span> <span class="k">func</span> <span class="n">AnonymousBindAndSearch</span><span class="p">(</span><span class="n">l</span> <span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">Conn</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">SearchResult</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">l</span><span class="o">.</span><span class="n">UnauthenticatedBind</span><span class="p">(</span><span class="s">""</span><span class="p">)</span> <span class="n">anonReq</span> <span class="o">:=</span> <span class="n">ldap</span><span class="o">.</span><span class="n">NewSearchRequest</span><span class="p">(</span> <span class="s">""</span><span class="p">,</span> <span class="n">ldap</span><span class="o">.</span><span class="n">ScopeBaseObject</span><span class="p">,</span> <span class="c">// you can also use ldap.ScopeWholeSubtree</span> <span class="n">ldap</span><span class="o">.</span><span class="n">NeverDerefAliases</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="no">false</span><span class="p">,</span> <span class="n">Filter</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{},</span> <span class="no">nil</span><span class="p">,</span> <span class="p">)</span> <span class="n">result</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">l</span><span class="o">.</span><span class="n">Search</span><span class="p">(</span><span class="n">anonReq</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"Anonymous Bind Search Error: %s"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">result</span><span class="o">.</span><span class="n">Entries</span><span class="p">)</span> <span class="o">&gt;</span> <span class="m">0</span> <span class="p">{</span> <span class="n">result</span><span class="o">.</span><span class="n">Entries</span><span class="p">[</span><span class="m">0</span><span class="p">]</span><span class="o">.</span><span class="n">Print</span><span class="p">()</span> <span class="k">return</span> <span class="n">result</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"Couldn't fetch anonymous bind search entries"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// Normal Bind and Search</span> <span class="k">func</span> <span class="n">BindAndSearch</span><span class="p">(</span><span class="n">l</span> <span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">Conn</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">ldap</span><span class="o">.</span><span class="n">SearchResult</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">l</span><span class="o">.</span><span class="n">Bind</span><span class="p">(</span><span class="n">BindUsername</span><span class="p">,</span> <span class="n">BindPassword</span><span class="p">)</span> <span class="n">searchReq</span> <span class="o">:=</span> <span class="n">ldap</span><span class="o">.</span><span class="n">NewSearchRequest</span><span class="p">(</span> <span class="n">BaseDN</span><span class="p">,</span> <span class="n">ldap</span><span class="o">.</span><span class="n">ScopeBaseObject</span><span class="p">,</span> <span class="c">// you can also use ldap.ScopeWholeSubtree</span> <span class="n">ldap</span><span class="o">.</span><span class="n">NeverDerefAliases</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="no">false</span><span class="p">,</span> <span class="n">Filter</span><span class="p">,</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{},</span> <span class="no">nil</span><span class="p">,</span> <span class="p">)</span> <span class="n">result</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">l</span><span class="o">.</span><span class="n">Search</span><span class="p">(</span><span class="n">searchReq</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"Search Error: %s"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">result</span><span class="o">.</span><span class="n">Entries</span><span class="p">)</span> <span class="o">&gt;</span> <span class="m">0</span> <span class="p">{</span> <span class="k">return</span> <span class="n">result</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"Couldn't fetch search entries"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>You can also check out the <a href="https://gist.github.com/StarBuckR/68663e7b16e2e7ae7adb2e7a9b86a545">gist</a> I created.</p> <p>Thank you for reading. I hope you found this article helpful.</p> go ldap authentication Rıdvan Tülemen Thu, 06 Aug 2020 14:36:50 +0000 https://dev.to/openlab/set-up-ruby-on-rails-server-on-ubuntu-server-20-04-kmn https://dev.to/openlab/set-up-ruby-on-rails-server-on-ubuntu-server-20-04-kmn <p>Installation and running processes for the Rails Server we have created for the <a href="https://github.com/StarBuckR/yusufreis">Yusufreis</a> are as described below.</p> <h3> Downloading Files </h3> <p>Download the Server's files at first.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git clone https://github.com/starbuckr/railsserver </code></pre> </div> <p>Then, go to the directory where our project is located and install necessary packages.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cd railsserver sudo apt install ruby ruby-dev ruby-bundler nodejs npm libsqlite3-dev zlib1-dev sudo npm install yarn -g yarn install --check-files </code></pre> </div> <h3> Configuring Rails Server's Settings </h3> <p>If the Ruby version you are currently using is not 2.5.5, you need to change the <code>ruby ​​'2.5.5'</code> line in the Gemfile. For example, if your Ruby version is 2.7.0 we need to edit it as this.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ruby '2.7.0' </code></pre> </div> <p>After installing packages, configure Gem and database settings.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo bundle install rails db:migrate </code></pre> </div> <h3> Running The Server </h3> <p>In order to run the server, use <code>rails server</code> or <code>rails s</code> command.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails s </code></pre> </div> <p>If you want to connect the server from other local machines, you need to change running ip address.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>rails s -b 0.0.0.0 </code></pre> </div> <p>You can then access this server from any device connected to that network. For example, if the ip address of our Ubuntu Server machine is 192.168.1.56, you can access the server by entering the address <code>192.168.1.56:3000</code> in your browser.</p> rails ubuntu restful Ali Orhun Akkirman Sun, 19 Jul 2020 11:35:28 +0000 https://dev.to/openlab/how-to-setup-logging-server-with-rsyslog-in-debian-10-52b5 https://dev.to/openlab/how-to-setup-logging-server-with-rsyslog-in-debian-10-52b5 <p>It is an important need to collect and analyze logs formed in various clients and servers in a common place. For this need, rsyslog is a very efficient tool.</p> <p>I wanted to create this article because the rsyslog syntax has changed in the Debian 10 (Buster) version compared to the old debian versions (in example Debian 9).</p> <h2> How to Install Rsyslog Server </h2> <p>The package can be installed as below for rsyslog:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>rsyslog </code></pre> </div> <h2> How to Configure Rsyslog Server </h2> <p>In the <strong>/etc/rsyslog.conf</strong> file, the following lines starting with the "#" sign are removed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>module(load="imudp") input(type="imudp" port="514") module(load="imtcp") input(type="imtcp" port="514") </code></pre> </div> <p>The following line can be added just below which allows you to get logs. The example shows that all devices in the 127.0.0.1 and 10.0.0.0 network can collect logs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$AllowedSender TCP, 127.0.0.1, 10.0.0.0/24 </code></pre> </div> <p>In addition, various templates can be logged or taken as in the example below:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$template Incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" *.* ?Incoming-logs </code></pre> </div> <p>Logs would start to be saved under a single file under /var/log if we did not make the corresponding template settings.</p> <p>After making the related settings, the service is restarted by saving and checking whether there are any errors in the service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl start rsyslog <span class="nb">sudo </span>systemctl <span class="nb">enable </span>rsyslog <span class="nb">sudo </span>systemctl status rsyslog </code></pre> </div> <p>If there is no problem, syslog format logs directed from the rsyslog client from any source can be collected on the server we set up.</p> <p>I will specify the relevant client settings in the next post.</p> <p>Qui nescit dissimulare, nescit regnare</p> debian rsyslog log linux