Linux Calling...

Sunday, March 27, 2011

IPSec Linux & Solaris

Yes, I got a chance to work with IPSec in Linux and Solaris. Well, we managed to get a working connection between Linux and Solaris, so in case any of you got any doubts do contact me. I do not know much about the certificates though.

Just an overview of what is IPSec

IPsec is an extension to the IP protocol which provides security to the IP and the upper-layer protocols. It was first developed for the new IPv6 standard and then “backported” to IPv4.

IPsec uses two different protocols - AH and ESP - to ensure the authentication, integrity and confidentiality of the communication. It can protect either the entire IP datagram or only the upper-layer protocols. The appropiate modes are called tunnel mode and transport mode. In tunnel mode the IP datagram is fully encapsulated by a new IP datagram using the IPsec protocol. In transport mode only the payload of the IP datagram is handled by the IPsec protocol inserting the IPsec header between the IP header and the upper-layer protocol header. - www.ipsec-tools.sourceforge.net

Linux and Solaris uses entirely different packages and commands. We can have the keys exchanged automatically(more secure) or by manual preshared key(less secure). For the auto key exchange, Linux uses a "racoon" and Solaris used "ike daemon".

Similarly, for setting up the SA (security association - SAD - Security Association Database) and Policies, Linux used "setkey" where as Solaris uses "ipseckey" and "ipsecconf". The syntax and rules may be different but comparable.

And making it work between Linux and Solaris - that was one hell of a challenge we had!

Added more information at IPSec Linux & Solaris (Cont)

Friday, December 24, 2010

Passing variables to sed

Using "sed" in command line is fine. We may not make much mistakes in the syntax.

Normally, we use single quotes around sed which works well.

Code:

root@bt> sed 's/genius/dump/g' infile

But if you want to use/pass variables to sed, you will need to use double quotes.

Code:

root@bt> var=genius
root@bt> sed "s/$var/dump/g" infile

Got it? Good!

Have a nice day!

Sunday, November 21, 2010

grep grep grep

Yeah, we all use google to "grep" for information. Well, recently I came to know about one option of grep which I never knew before.

grep -C[some number]

Check this out

Code:

root@bt> cat file
Apple
Bat
Cat
Dog
Elephant
Fan
Goat
Hat
Ink
Joker
King

root@bt> grep -n Fan file
6:Fan

root@bt> grep -n -C1 Fan file
5-Elephant
6:Fan
7-Goat

root@bt> grep -n -C2 Fan file
4-Dog
5-Elephant
6:Fan
7-Goat
8-Hat

As you can see,
-C1 will give you the one line before and after the match.
-C2 will give you two line before and after the match and so on.
-n option with grep will print the line number.
The -C[number] option will be handy if you want to see something before or after the line you are looking for.

Good Day!

Tuesday, November 16, 2010

"which" command wasn't working in Linux

That was weird, or is that how it works?

I had this executable "db_linux" in "/usr/local/bin" and this was included in the env variable PATH. But there was no execute permission for this executable.And when I did a "which db_linux", it didn't show me anything. I was checking the file, the path everything was proper. The I thought fine lets execute it with absolute path. In the process I gave execute permission for the file and executed it. Later when I tried "which db_linux" again, it was showing. May be that is how it works.

BTW, I use Fedora Core 13 v 2.6.33.3

Code:

[root@ahamed bin]# ls -lrt
total 4
-rw-r--r--. 1 root root 63 Nov 16 16:33 db_linux

[root@ahamed bin]# which db_linux
/usr/bin/which: no db_linux in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:
/usr/loca/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)

[root@ahamed bin]# chmod 744 db_linux
[root@ahamed bin]# ls -lrt
total 4
-rwxr--r--. 1 root root 63 Nov 16 16:33 db_linux

[root@ahamed bin]# which db_linux
/usr/local/bin/db_linux

Have a good day!

Monday, November 15, 2010

sed -i option

We can use the -i option in sed to edit the file within the same command rather than directing it to another file and then renaming/moving it...

Code:

[ahamed@ahamed ~]$ cat textfile
# Check this line
The quick brown ajith jumps over the lazy dog

[ahamed@ahamed ~]$ sed -i '2 i \# Wow! I am the new guy' textfile

[ahamed@ahamed ~]$ cat textfile
# Check this line
# Wow! I am the new guy
The quick brown ajith jumps over the lazy dog

As you can see, after the -i option, the number is the line number to be inserted. The rest is the usual sed syntax. I'll break it up

sed - The command

i - For insertion

2 - Line Number

\#... - The line to be inserted

textfile - file being edited

If you don't use the option "-i", the file will not be edited. The changes will be displayed on the standard display.

Check this...

Code:

[ahamed@ahamed ~]$ cat textfile
# Check this line
# Wow! I am the new guy
The quick brown ajith jumps over the lazy dog

[ahamed@ahamed ~]$ sed '2 i # Wow! I am the NEXT new guy' textfile
# Check this line
# Wow! I am the NEXT new guy
# Wow! I am the new guy
The quick brown ajith jumps over the lazy dog

[ahamed@ahamed ~]$ cat textfile
# Check this line
# Wow! I am the new guy
The quick brown ajith jumps over the lazy dog

Good Day...