Hacker
How-To: Create Encrypted Partition with Key File
by dervish on Feb.05, 2009, under Hacker
Make sure kernel modules are present:
modprobe aes
modprobe dm-crypt
Create a 256 bit key file containing random data:
dd if=/dev/random of=/etc/key bs=1 count=256
chown root:root /etc/key
chmod 600 /etc/key
Initialize device:
cryptsetup –verbose -c aes-cbc-essiv:sha256 luksFormat /dev/sdb1 /etc/key
answer “YES” if you would like to overwrite data on /dev/sdb1 irrevocably
Create device mapping in /dev/mapper:
cryptsetup –key-file /etc/key luksOpen /dev/sdb1 sftpusers
Format partition:
mkfs.ext3 /dev/mapper/sftpusers
Add partition to /etc/fstab:
/dev/mapper/sftpusers /sftpusers ext3 defaults 0 0
Create/update /etc/crypttab with device info:
sftpusers /dev/sdb1 /etc/key
Reboot to verify that volume is mounted automatically. This configuration has been tested on Red Hat Enterprise Linux 5.
Done in order to satisfy a PCI compliance issue with VMware volume files. Files should be encrypted when not in use. Of course, this only ensures an encrypted virtual disk file at the ESX file system level. Credit card data inside the virtual drive still needs to be encrypted so that it is not accessible when the system is live.
Note: Exclude the key parts if you want an encrypted partion with prompt for password at boot.
How-To: Update SAProuter SNC Certificate
by dervish on Jan.26, 2009, under Hacker
Certificate is good for 1 year.
1. switch to the same account that the SAProuter server runs as
examples: su, sudo -s, etc.
2. stop the router service
3. backup the router folder
example: cp -rp saprouter saprouter.bak
4. change to the router home directory
5. rename certreq, srcert, local.pse, and cred_v2 to file.yyyymmdd
6. generate the certificate request (new certreq) using the following command:
sapgenpse get_pse –v –r certreq –p local.pse “CN=saprouter1, OU=0000350309, OU=SAProuter, O=SAP, C=DE”
do not enter a PIN (just press enter)
7. copy the contents of certreq to the clipboard
8. browse to http://www.service.sap.com/saprouter-sncadd
9. paste the contents of the clipboard into the form
10. step through form to generate new certificate information
11. copy and paste new certificate data into a file called srcert
11. import the certificate using the following command
./sapgenpse import_own_cert –c srcert –p local.pse
do not enter a PIN (press enter)
12. setup the login using the following command
sapgenpse seclogin –p local.pse
this will create a final file called cred_V2
13. check if the certificate has been loaded correctly by using the following command:
sapgenpse get_my_name –v –n Issuer
14. start the router service
15. delete backup router directory made in step 3 if it is no longer needed
CN and OU information will be different and based on the configuration for your company.
Procedure for Reseting IBM xSeries 445 RSA II Card
by dervish on Dec.18, 2008, under Hacker
Procedure for Reseting IBM xSeries 445 RSA II Card:
- Connect loopback cable from RSAII to ETH1 on server. (RSA port is directly to the left of ETH1)
- Bring up ETH1:
eth1 inet addr:192.168.70.120 Bcast:192.168.70.255 Mask:255.255.255.0
DO NOT SET A GATEWAY - telnet 192.168.70.125
- username: USERID password: PASSW0RD (0 = zero, not letter)
- enter “resetsp” at command prompt to reset controller
- controller will disconnect session and reset
Known problem with the x445 and the (42B)1.15 BIOS. Supposed to be fixed in the (45A) 1.17 BIOS update. Server will lockup every 76 days without updated BIOS, or controller reset.
Mouse Balls Available as FRU
by dervish on Jan.07, 1991, under Hacker, Sundry
“Memo of the Month,” From The Washington Monthly, January/February 1991, page 24:
Abstract: Mouse Balls Available as FRU (Field Replacement Unit)
Mouse balls are now available as FRU. Therefore, if a mouse fails to operate or should it perform erratically, it may need a ball replacement. Because of the delicate nature of this procedure, replacement of mouse balls should only be attempted by properly trained personnel.
Before proceeding, determine the type of mouse balls by examining the underside of the mouse. Domestic balls will be larger and harder than foreign balls. Ball removal procedures differ depending upon manufacturer of the mouse. Foreign balls can be replaced using the pop-off method. Domestic balls are replaced using the twist-off method. Mouse balls are not usually static sensitive. However, excessive handling can result in sudden discharge. Upon completion of ball replacement, the mouse may be used immediately.
It is recommended that each replacer have a pair of spare balls for maintaining optimum customer satisfaction, and that any customer missing his balls should suspect local personnel of removing these necessary items.
To re-order, specify one of the following:
P/N 33F8462 – Domestic Mouse Balls
P/N 33F8461 – Foreign Mouse Balls
