IPsec VPN on Red Hat Linux
IPsec is the supported VPN implementation for Red Hat Enterprise Linux that sufficiently addresses the usability needs of organizations with branch offices or remote users.
IPsec can be implemented using a host-to-host (one computer workstation to another) or network-to-network (one LAN/WAN to another). The IPsec implementation in Red Hat Enterprise Linux uses Internet Key Exchange (IKE), which is a protocol implemented by the Internet Engineering Task Force (IETF) to be used for mutual authentication and secure associations between connecting systems.
On Red Hat Enterprise Linux systems, an IPsec connection uses the pre-shared key method of IPsec node authentication. In a pre-shared key IPsec connection, both hosts must use the same key in order to move to the second phase of the IPsec connection.
Implementing IPsec requires that the ipsec-tools RPM package be installed on all IPsec hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration).
/sbin/setkey
Manipulates the key management and security attributes of IPsec in the kernel.
/sbin/racoon
The IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems.
/etc/racoon/racoon.conf
The racoon daemon configuration file used to configure various aspects of the IPsec connection, including authentication methods and encryption algorithms used in the connection.
Network tuning for Linux kernels
TCP/IP tuning is enabled by default for kernels after 2.6.17.
Check if auto-tuning is enabled in /proc/sys/net/ipv4/tcp_moderate_rcvbuf , it should be set to 1.
Also increase memory reserved for TCP send/receive buffers.
Initially “echo” the below values to the corresponding /proc file. If you see any considerable difference in the upload/download port speed, you can set it as a sysctl parameter.
net.ipv4.tcp_sack = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_window_scaling = 1
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 256960 16777216
net.ipv4.tcp_wmem = 4096 256960 16777216
net.ipv4.tcp_no_metrics_save = 1
net.core.rmem_default = 16777216
net.core.wmem_default = 16777216
Mount windows drive to linux filesystem
Step 1: Take a Linux system. Install samba in your Linux system and start the service.
Step 2: Create a directory in Linux to which you will be mounting the files. Usually a subdirectory in “/mnt”
Step 3: Goto windows system. Share the drive/folder in windows system which you want to mount to Linux. Make sure that the drive/folder you are going to share is having the share permission for administrator.
Step 4: Go back to Linux system. Type the following command,
mount -t smbfs -o username=,password=,debug=4 //windowsservername or ip/drive or folder share name /mnt/share
Example:
mount -t smbfs -o username=administrator,password=gold,debug=4 //192.168.0.1/ewin$ /mnt/windrive
Step 5: Go to the directory you have made in Linux for mounting. Now you can see all the contents in windows drive/folder in that directory.
How to change the local timezone in Linux.
It is easy to change the timezone in Linux server. Replace your /etc/localtime file with the appropriate timezone data file from /usr/share/zoneinfo. For example, to set everything to Greenwich Mean Time (GMT), get a shell prompt and replace your /etc/localtime with /usr/share/zoneinfo/GMT by typing the following shell commands:
# date
# cd /etc
# ln -sf /usr/share/zoneinfo/GMT localtime
# date
The first ‘date’ command will show you the current date/time before you change the timezone. The final ‘date’ command shows you current date/time in the timezone that you chose, which in this example is GMT.
There are many timezone data files in the zoneinfo directory and you can use any of them that you wish. To see them all, do:
So, symbolic linking /etc/localtime to any of those files, will change the time on server to that timezone.
Linux Security Audit Tools
Chkrootkit - Scan system for trojans, worms and exploits.
Root kit detection tools:
checkps - detect rootkits by detecting falsified output and similar anomalies. The ps check should work on anything with /proc. Also uses netstat.
Rootkit hunter - scans for rootkits, back doors and local exploits
Rkdet - root kit detector daemon. Intended to catch someone installing a rootkit or running a packet sniffer.
fsaudit - Perl script to scan filesystems and search for suspicious looking directories.
