How to Install FreeRadius for SSH Authentication on Centos 6

Install FreeRadius for SSH Authentication (Two-Factor Authentication)

What is FreeRadius?

Radius is a great standard. It is powerful enough to accomplish a great deal and simple enough to be easy to handle. Freeradius is an excellent, open source radius server that ships with many Linux variants. It is well documented and well supported. The WiKID Strong Authentication server is a commercial/open source two-factor authentication system that uses public key encryption to transmit PINs and one-time passcodes securely to software tokens running on Blackberries, cell phones, Palms, PocketPCs or, using the J2SE client, Linux, Macs and Windows PCs. You can think of WiKID like certificates, but without the hassles of white lists/black lists and more secure - because the PIN is validated on the server preventing offline brute-force attacks.

Requirement: 1. 2 CentOS 6 Server (1 for FreeRadius & 1 for SSH Authentication)

Step 1: Stop the IPTables and Selinux, and Update the Date Time on the Servers :

# service iptables stop
# chkconfig iptables off

# vi /etc/sysconfig/selinux

SELINUX=disabled ###(Change enabled to disabled)

--- save & quit (:wq) ---

# service ntpd restart
# ntpdate pool.ntp.org
# chkconfig ntpd on
# init 6

** Configure FreeRadius Server:

Step 2: Install and Configure Radius Server and its Dependencies :

# yum install freeradius freeradius-mysql freeradius-utils mysql-server -y
# service mysqld start

* Set MySQL Root Password by the Following Command:

# mysql_secure_installation

mysql -uroot -p
Enter password:

mysql> CREATE DATABASE radius;
mysql> GRANT ALL PRIVILEGES ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
mysql> flush privileges;
mysql> use radius;
mysql> SOURCE /etc/raddb/sql/mysql/schema.sql;
mysql> \q

* Edit and Check the DB Connection once-

# vi /etc/raddb/sql.conf

### (In Between Line Number 36-42)

# Connection info:
       server = "localhost"
       #port = 3306 login = "radius"
       password = "mypassword"

       # Database table configuration for everything except Oracle
       radius_db = "radius"
 
---- save & quit (:wq) ----

# vi /etc/raddb/radiusd.conf

## Uncomment the Following Line (Line Number 735)

$INCLUDE sql.conf

---- save & quit (:wq) ----

# vi /etc/raddb/sites-available/default

### uncomment the line containing ‘sql’ in theauthorize{} section and ‘sql’ in the accounting {} section, also uncomment ‘sql’ under session{}

### Line Number 177 & Line Number 406


---- save & quit (:wq) ----

# vi /etc/raddb/sites-available/inner-tunnel

### uncomment the line containing ‘sql’ under “authorize {}” and under session {}

## Line Number 132

---- save & quit (:wq) ----

* For change the secret key of the radius server-

# vi /etc/raddb/clients.conf

### Change: secret = testing123 to secret = <your-secret-password>

---- save & quit (:wq) ----

# service radiusd restart

Step 3: Adding Clinets and Users to the Radius Server :

# vi /etc/raddb/clients.conf

client SERVER_IP {
              secret          = YOUR SECRET
              shortname       = yourVPN
 nastype        = other
   }
 
---- save & quit (:wq) ----

# service radiusd restart

# mysql -uroot –p
Enter password:

mysql> use radius;
mysql> INSERT INTO `radcheck` (`username`, `attribute`, `value`) VALUE ('testuser', 'password', 'User_Password');
mysql> \q

* Test the Radius Authentication--

# radtest testuser password localhost 1812 <Radius-Server-Secret-Key>

rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=185, length=20

Step 4: Configure the SSH Server to Connect the Radius Server and Authentication from Radius Server :

# yum -y install pam pam-devel gcc
# cd /tmp
# wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.4.0.tar.gz
# tar zxf pam_radius-1.4.0.tar.gz
# cd pam_radius-1.4.0
# ./configure
# make
# cp pam_radius_auth.so /lib/security/

** Modify the Pam File of sshd and passwd for the Radius Authentication--

# vi /etc/pam.d/sshd

## Add this Line at 2nd Line--

auth sufficient /lib/security/pam_radius_auth.so

---- save & quit (:wq) ----

# vi /etc/pam.d/passwd

## Add the line at 3rd Line--

password sufficient /lib/security/pam_radius_auth.so

---- save & quit (:wq) ----

# vi /etc/ssh/sshd_config

## Change or Uncomment Line Number 48

PubkeyAuthentication no

---- save & quit (:wq) ----

# mkdir /etc/raddb/
# cp /tmp/pam_radius-1.4.0/pam_radius_auth.conf /etc/raddb/server
# vi /etc/raddb/server

## # Radius Server IP address           Secret                                   Timeout
<Radius-Server-IP> <Secret-Key-of-Radius-Server> 10

---- save & quit (:wq) ----

# service sshd restart
# useradd testuser

Note: Which Users will be authenticate from the Radius Server, those users should be there in the Radius Server Database and the User must exist on the SSH Server as well but no password has to be set on the SSH Server for the user, the password will be set at the database of the Radius Server.

** For Example as per the Doc:
user: testuser
pass: User_Password

# ssh testuser@<SSH-Server-IP>
Password: User_Password

** You should able to login now!

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog.

Read More

How to Install NewRelic Agent on RHEL/Centos/Ubuntu/Debian/Windows

Install NewRelic on RHEL/Centos/Ubuntu/Debian/Windows

What is NewRelic?

New Relic is an American software analytics company based in San Francisco, California. Lew Cirne founded New Relic in 2008 and currently acts as the company's CEO. New Relic's technology, delivered in a software as a service (SaaS) model, monitors Web and mobile applications in real-time that run in cloud, on-premises, or hybrid environments. The name "New Relic" is an anagram of founder Lew Cirne's name.

Create a New Account for New Relic Free of cost: https://newrelic.com/
Sign up here & find out you License Key.
After Creating a new Account Login to your Account & Click on Right top Corner Drop down List , Then click on Account Settings.
Then you will find out th License key from the Right Panel.

1. For RHEL/CentOS 6 :

Step 1: Install & Add the New Relic yum repository :

# rpm -Uvh https://download.newrelic.com/pub/newrelic/el5/i386/newrelic-repo-5-3.noarch.rpm

Step 2: Install the Server Monitor package :

# yum install newrelic-sysmond -y

Step 3: Add license key to config file: (See /etc/newrelic/nrsysmond.cfg for other config options) :

# nrsysmond-config --set license_key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Step 4: Start the NewRelic Monitor Process :

# /etc/init.d/newrelic-sysmond start

2. For Ubuntu/Debian :

Step 1: Add the New Relic apt repository :

# echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list
# wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add -
# apt-get update -y

Step 2: Install the Server Monitor package :

# apt-get install newrelic-sysmond -y

Step 3: Add license key to config file: (See /etc/newrelic/nrsysmond.cfg for other config options) :

# nrsysmond-config --set license_key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Step 4: Start the NewRelic Monitor Process :

# /etc/init.d/newrelic-sysmond start

3. For Windows:

Step 1: Download the NewRelicServerMonitor msi/zip file :

Download Link:-- 

https://download.newrelic.com/windows_server_monitor/release/NewRelicServerMonitor_x64_3.3.5.0.msi /

Step 2: Run the Installer and the Put the License Key :

License Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog.

Read More

How to Install Bamboo With JIRA & BitBuckeet Integration in Ubuntu

Install Bamboo With JIRA & BitBuckeet Integration in Ubuntu

What is Bamboo?

Bamboo is a continuous integration server from Atlassian, the makers of JIRA, Confluence and Crowd. Bamboo is free for open-source projects.

What is JIRA?

JIRA is a tool developed by Australian Company Atlassian. It is used for bug tracking, issue tracking, and project management. The name "JIRA" is actually inherited from the Japanese word "Gojira" which means "Godzilla". The basic use of this tool is to track issues, and bugs related to your software and mobile apps.

What is BitBucket?

Bitbucket is a web-based hosting service for projects that use either the Mercurial (since launch) or Git (since October 2011) revision control systems. Bitbucket offers both commercial plans and free accounts.

N.B: Get a Bamboo Server/JIRA Server/BitBucket Server License from https://id.atlassian.com/login?application=mac&continue=https://my.atlassian.com
Create a Account here and Get the License Key. And 2 GB Ram Recommanded for the Server.

Step 1: Install Dependencies For Bamboo:

# apt-get install software-properties-common

# add-apt-repository ppa:openjdk-r/ppa

# apt-get update

# apt-get install openjdk-8-jdk

Step 2: Download & Install Bamboo Server:

# wget https://www.atlassian.com/software/bamboo/downloads/binary/atlassian-bamboo-5.10.1.1.tar.gz

# tar -xvf atlassian-bamboo-5.10.1.1.tar.gz

# mv atlassian-bamboo-5.10.1.1 /opt/bamboo

# cd /opt/bamboo

**N.B: Edit the bamboo-init.properties from the bamboo installation directory and set the bamboo home environment:-

# vi /opt/bamboo/atlassian-bamboo/WEB-INF/classes/bamboo-init.properties

### Add the line at last

bamboo.home=/home/bamboo/bamboo-home

---- save and quit (:wq) ----

# mkdir -p /home/bamboo/bamboo-home

Step 3: To bamboo as service & auto-start with system boot follow in steps in given below:

# vi /etc/init.d/bamboo

JAVA_OPTS=" -Djava.awt.headless=true -Dfile.encoding=UTF-8 -server -Xms512m -Xmx2048m -XX:NewSize=1536m -XX:MaxNewSize=2048m -XX:SurvivorRatio=6  -XX:MaxPermSize=2048m -XX:+DisableExplicitGC"

export JAVA_OPTS

JAVA_HOME=/usr/share/java/

CATALINA_HOME=/opt/bamboo

export CATALINA_HOME

BAMBOO_HOME=/opt/bamboo/bin

START_BAMBOO=/opt/bamboo/bin/startup.sh

STOP_BAMBOO=/opt/bamboo/bin/shutdown.sh

start() {

echo -n "Starting bamboo: "

cd $BAMBOO_HOME

${START_BAMBOO}

echo "done."

}

stop() {

echo -n "Stopping bamboo"

cd $BAMBOO_HOME

${STOP_BAMBOO}

echo "done."

}

case "$1" in

start)

start

;;

stop)

stop

;;

restart)

stop

sleep 10

start

;;

*)

echo "Usage: $0 {start|stop|restart}"

esac

exit 0

---- save and quit (:wq) ----

# chmod 755 /etc/init.d/bamboo

# update-rc.d bamboo defaults

** Change Bamboo Service Port Number from 8085 to 80:-

# vi /opt/bamboo/conf/server.xml

Line Number 50: Change the port from 8085 to 80

---- save and quit (:wq) ----

# service bamboo restart

Step 4: Check the Bamboo Installation on Browser:

http://IP-Address

Enter the License Key --> Choose Express Installation --> Fill up required field

Step 5: Download & Install JIRA:

# wget https://downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-7.1.0-jira-7.1.0-x64.bin

# chmod 755 atlassian-jira-software-7.1.0-jira-7.1.0-x64.bin

# ./atlassian-jira-software-7.1.0-jira-7.1.0-x64.bin

Step 6: Check the JIRA Installation on Browser:

http://IP-Address:8080

Then Follow the Instruction and Install it. Get a JIRA Server License from https://id.atlassian.com/login?application=mac&continue=https://my.atlassian.com

Create a Account here and Get the License Key.

Step 7: Download and Install Dependebicies & BitBucket:

# wget https://downloads.atlassian.com/software/stash/downloads/atlassian-bitbucket-4.3.2-x64.bin

# apt-get -y install git

# chmod 755 atlassian-bitbucket-4.3.2-x64.bin

# ./atlassian-bitbucket-4.3.2-x64.bin

Destination Directory: /opt/atlassian/bitbucket

Default location of plugin and other data: /var/atlassian/application-data/bitbucket

N.B: For external database need connector. Download the JDBC Connector.

# wget http://cdn.mysql.com//Downloads/Connector-J/mysql-connector-java-5.1.38.tar.gz

# tar -xvf mysql-connector-java-5.1.38.tar.gz

# cd mysql-connector-java-5.1.38

# cp mysql-connector-java-5.1.38-bin.jar /opt/atlassian/bitbucket/lib

# chown atlbitbucket:atlbitbucket mysql-connector-java-5.1.38-bin.jar

# service atlbitbucket stop

# service atlbitbucket start

Step 8: Check the BitBucket Installation on Browser With Integrated JIRA & Bamboo:

http://IP-Address:7990

Fill up the required field and select Integrate with Jira.

After that provide Jira url connection with port and username with password and select connect.

Select Linked Repository --> Select Add Repository --> Finish.

** To Link Repository From Bitbucket to Bamboo:

Go to Bamboo Administration Right Side Top Panel --> Overview --> Select Application Links from Left Side Panel --> Give the Bamboo Server URL --> Create New Link --> Done.

N.B: Now both Bamboo with JIRA & BitBucket Integration is Done. Find out all the Things altogether from any one server at the Left Top Drop Down List.

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog.

Read More

How to Install SSHFS on Centos/RHEL/Ubuntu

Install SSHFS on Centos/RHEL/Ubuntu

** What is SSHFS?

SSHFS is a filesystem based on the SSH File Transfer Protocol (SFTP). On remote side we just need to install SSH server, Since most of SSH servers already support this, there are nothing to do on remote server except installing SSH server. On client side we need to install fuse sshfs packages to mount remote filesystem. Newer version of SSHFS uses FUSE.
We Can user it as Alternative of NFS.

** Features of SSHFS:

1. Based on FUSE (Best userspace filesystem framework for linux)
2. Multithreading: more than one request can be on it’s way to the server
3. Allowing large reads (max 64k)
4. Caching directory contents

** Requirement:

1. 2 Centos/Ubuntu Server
2. SSH Key Authentication on the Servers

Step 1: Stop the IPTables and Selinux, and Update the Date Time on the Servers and SSH Authentication on the Servers:

# service iptables stop
# chkconfig iptables off

# vi /etc/sysconfig/selinux

SELINUX=disabled ###(Change enabled to disabled)

--- save & quit (:wq) ---

On Server 1:
# ssh-keygen -t rsa (Enter 3 Times)
# ssh-keygen -t dsa (Enter 3 Times)
# cd /root/.ssh
# cat id_rsa.pub >>authorized_keys
# cat id_dsa.pub >>authorized_keys

On Server 2:
# ssh-keygen -t rsa (Enter 3 Times)
# ssh-keygen -t dsa (Enter 3 Times)
# cd /root/.ssh
# cat id_rsa.pub >>authorized_keys
# cat id_dsa.pub >>authorized_keys

** Now Open the authorized_keys file on both Server and Paste the Server 1's Key to Server 2's authorized_keys File and vice-versa.

# service ntpd restart
# ntpdate pool.ntp.org
# chkconfig ntpd on
# init 6

Step 2: Install FUSE-SSHFS :

For CentOS/RHEL users, Fuse SSHFS is available under epel repository, So make sure you have install epel repository in your system. Now execute following command to install it.

On CentOS/RHEL:

# yum -y install epel-release
# yum install -y fuse-sshfs

On Ubuntu & Dabian:

$ sudo apt-get update
$ sudo apt-get install sshfs

Step 3: Mount Remote Directory :

Lets mount remote server directory using sshfs, make sure remote system has running ssh server with proper ssh connectivity from your system.
First create a mount point:

# mkdir /mntssh

Lets mount the remote directory. For this example we are mounting /home/remoteuser directory from x.x.x.x (remote.example.com) system to our local system.

# sshfs remoteuser@remote.example.com:/home/remoteuser /mntssh

[Sample output]

The authenticity of host 'remote.example.com (x.x.x.x)' can't be established.
RSA key fingerprint is 77:85:9e:ff:de:2a:ef:49:68:09:9b:dc:f0:f3:09:07.
Are you sure you want to continue connecting (yes/no)? yes
remoteuser@remote.example.com's password: yes

Step 4: Verify Mount :

After mounting remote filesystem on local mount point, verify it by running mount command.

# mount

/dev/mapper/vg_svr1-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
remoteuser@remote.example.com:/home/remoteuser on /mntssh type fuse.sshfs (rw,nosuid,nodev)

Also naviate to your mount point, you will see files there from remote system

# cd /mntssh
# ls

Step 5: Mount Directory on System Boot :

If you want to mount remote filesystem automatically each time when your system reboots, Add following entry to /etc/fstab file. Make sure you have have key based ssh setup between remote and local system.

# vi /etc/fstab

remoteuser@remote.example.com:/home/remoteuser /mntssh fuse.sshfs defaults 0 0

--- save & quit (:wq) ---

Step 6: Unmount Directory :

If your work is over and you don’t need anymore the mounted directory, Simply unmount is using following command.

# umount /mntssh

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog.

Read More

How to Import SSL to the Existing Openfire Server in Linux Server

How to import SSL in the Existing Openfire Installation

What is Openfire?

Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License. It uses the only widely adopted open protocol for instant messaging, XMPP (also called Jabber).

Step 1: Put the Keys and Certificates:

Put the Cert and the Key and the CA Cert in the /etc/ssl/ Directory

# ll /etc/ssl/

-rw-r--r--  1 root root  4795 Aug  1 11:39 ca-bundle.crt
-rw-r--r--  1 root root  1838 Aug  1 11:39 ca-cert.crt
-rw-r--r--  1 root root  1704 Aug  1 11:39 ca-cert.key

Step 2: Create a Init Script for Run Openfire Run as a Service:

# vi /etc/init.d/openfire

#!/bin/bash
# description: Openfire Service Status
# processname: openfire
# chkconfig: 234 20 80
OPENFIRE_HOME=/opt/openfire

case $1 in
start)
sh $OPENFIRE_HOME/bin/openfire start
;;
stop)
sh $OPENFIRE_HOME/bin/openfire stop
;;
restart)
sh $OPENFIRE_HOME/bin/openfire restart
;;
status)
sh $OPENFIRE_HOME/bin/openfire status
;;
esac
exit 0

---- save & quit (:wq) ----

# chmod 755 /etc/init.d/openfire

Step 3: Create a Shell Script for Importing the Certs  keys to the JAVA Platform:

# vi /mnt/key-import.sh

### Add these lines

JavaDir="/opt/openfire/resources/security" ### Openfire Installation Directory for Store the Imported Keys
PASS="changeit" ### SSl Exportable & Openfire Admin Certificate Stores Passord
cert="ca-cert" ### Cert Name only
certdir="/etc/ssl" ### Cert Directory
tmp="/root" ### Temporary Folder
ca="/etc/ssl/ca-bundle.crt" ### CA Cert Name

test -e "${JavaDir}/truststore" && rm -f "${JavaDir}/truststore"  ### Checking if there is anything stored already in trustore
test -e "${JavaDir}/keystore" && rm -f "${JavaDir}/keystore"  ### Checking if there is anything stored already in keystore

service openfire stop
cat "${certdir}/${cert}.crt" "${ca}" > ${tmp}/"combined.crt"
keytool -import -trustcacerts -storepass $PASS -alias "StartSSL Class 2" -file "${ca}" -keystore "${JavaDir}/truststore"
openssl pkcs12 -export -in "${tmp}/combined.crt" -inkey "${certdir}/${cert}.key" -out "${tmp}/${cert}.p12" -name "${cert}" -CAfile "${ca}" -passout pass:"${PASS}"
keytool -importkeystore -deststorepass "$PASS" -srcstorepass "$PASS" -destkeystore "${JavaDir}/keystore" -srckeystore "${tmp}/${cert}.p12" -srcstoretype PKCS12 -alias "${cert}"
chmod 640 "${JavaDir}/truststore" "${JavaDir}/keystore"
chown openfire:openfire "${JavaDir}/truststore" "${JavaDir}/keystore"
service openfire start

---- save & quit (:wq) ----

# useradd -s /sbin/nologin openfire
# chown -Rf openfire:openfire /opt/openfire
# chmod -Rf 775 /opt/openfire
# vi /etc/sudoers

### Add at last of the File

openfire  ALL=(ALL)       NOPASSWD:ALL

---- save & quit (:wq) ----

N.B: After creating the openfire User can run the Key Import Script, then the Keys will be imported to the Openfire

# sh /mnt/key-import.sh
# ll /opt/openfire/resources/security

-rw-r----- 1 openfire openfire 6117 Aug  1 12:35 keystore
-rw-r----- 1 openfire openfire 1309 Aug  1 12:35 truststore

Step 4: Now login into the Openfire Admin Panel and Do the Rest:

http://<server-ip>:9090
User: admin
Pass: password

Click on TLS/SSL Certificates --> Give the Password that has been Used in the Script to Every Password Section Here one by one --> Save Settings (one by one) --> Done.

Step 5: Login to the Server via SSH and Shutdown Openffire Properly and then Start again:

# service openfire stop
# ps -ef |grep java

## Kill all the Processes that are running for Java

# kill -9 <PID>

Then statr the Openfire Again

# service openfire start

Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog.

Read More