I've been running a dual boot setup of Window 7 and BT5R2 and noticed the system time on each kept changing. I'd boot into Windows from BT5R2 and the system time would be way off. Did a little research and found the fix.
Open the /etc/default/rcS file:
nano /etc/default/rcS (file name is case-sensitive as usual under Linux)
Make sure the line containing UTC is set to no:
UTC=no
Save the file and exit.
Now make sure to set the correct time zone/clock settings for you location and when you reboot each operating system should reflect the correct time.
Time zone can be changed with the following command:
dpkg-reconfigure tzdata
You'll need to use sudo -i or just sudo in order to execute the command.
Monday, April 23, 2012
Saturday, April 7, 2012
BACKTRACK 5 R2 or BT5R2 Blank Screen Issue
I've been working with BackTrack for a bit and needed to install the BT5R2 variant on a Lenovo T410s. What I found is that it boots fine, but once I tried to load the GUI or xwindows I was greeted with a blank or black screen and a blinking caps lock; strange. Here's what I did to get BT5R2 installed:
Boot normally and login as the root user.
DO NOT execute the startx command yet.
Execute the following command below exactly as listed:
modprobe i915 modeset=1
The modprobe command will load the Intel video drivers and allow xwindows to load.
Now you can use the startx command to load the GUI or xwindows, whatever you want to call it.
Once in the GUI you can run the Install BackTrack script to load BT5R2 on to the hard drive.
Once BT5R2 is installed you'll need to make the following modifications to GRUB so the Intel video drivers will load on each subsequent reboot.
Execute the following command:
nano /etc/default/grub
Once the file is open, search for the following line:
GRUB_CMDLINE_LINUX_DEFAULT="text splash vga=791"
Change the above line to the following:
GRUB_CMDLINE_LINUX_DEFAULT="text splash vga=791 i915.modeset=1"
Now save and close the grub config file. Should be Ctrl + O, then Ctrl + X
Now execute the following command:
update-grub
Reboot and startx should work fine.
The solutions above were discovered/developed by others, although, in some cases, the direct solution path was not always obvious. If anything, I organized a collection of solutions and they worked for me. I hope this helps someone out.
Boot normally and login as the root user.
DO NOT execute the startx command yet.
Execute the following command below exactly as listed:
modprobe i915 modeset=1
The modprobe command will load the Intel video drivers and allow xwindows to load.
Now you can use the startx command to load the GUI or xwindows, whatever you want to call it.
Once in the GUI you can run the Install BackTrack script to load BT5R2 on to the hard drive.
Once BT5R2 is installed you'll need to make the following modifications to GRUB so the Intel video drivers will load on each subsequent reboot.
Execute the following command:
nano /etc/default/grub
Once the file is open, search for the following line:
GRUB_CMDLINE_LINUX_DEFAULT="text splash vga=791"
Change the above line to the following:
GRUB_CMDLINE_LINUX_DEFAULT="text splash vga=791 i915.modeset=1"
Now save and close the grub config file. Should be Ctrl + O, then Ctrl + X
Now execute the following command:
update-grub
Reboot and startx should work fine.
The solutions above were discovered/developed by others, although, in some cases, the direct solution path was not always obvious. If anything, I organized a collection of solutions and they worked for me. I hope this helps someone out.
Tuesday, March 27, 2012
Cisco Zone-Based Firewall
Here's a Zone-Based Firewall configuration proof-of-concept I put together for one of my clients. They needed to segment their PCI environment from their non-PCI environment with existing Cisco 2821 routers. This configuration requires the router to have an IOS with the firewall feature set included.
!BEGIN CONFIG
access-list 100 permit icmp any any
access-list 100 permit tcp host 10.0.4.132 host 10.0.2.132 eq www
access-list 100 permit udp host 10.0.4.132 host 10.0.2.132 eq tftp
access-list 100 permit tcp host 10.0.4.132 host 10.0.5.132 eq 139
access-list 100 permit tcp host 10.0.4.132 host 10.0.5.132 eq 445
access-list 100 permit tcp host 10.0.4.132 host 10.0.5.132 eq ftp
access-list 101 permit icmp any any
access-list 101 permit tcp host 10.0.5.132 host 10.0.4.132 eq 139
access-list 101 permit tcp host 10.0.5.132 host 10.0.4.132 eq 445
access-list 101 permit tcp host 10.0.2.132 host 10.0.4.132 eq 139
access-list 101 permit tcp host 10.0.2.132 host 10.0.4.132 eq 445
zone security pci_zone
description pci_network
zone security non_pci_zone
description non_pci_network
int fa0/1
zone-member security pci_zone
int fa0/0
zone-member security non_pci_zone
int s0/0/0
zone-member security non_pci_zone
class-map type inspect match-any store-protocols-class
match protocol ftp
match protocol dns
match protocol http
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all store-protocols-acl-outbound-class
match class-map store-protocols-class
match access-group 100
class-map type inspect match-all store-protocols-acl-inbound-class
match class-map store-protocols-class
match access-group 101
policy-map type inspect store-outbound-policy
class type inspect store-protocols-acl-outbound-class
inspect
policy-map type inspect store-inbound-policy
class type inspect store-protocols-acl-inbound-class
inspect
zone-pair security pci-non_pci source pci_zone destination non_pci_zone
service-policy type inspect store-outbound-policy
zone-pair security non_pci-pci source non_pci_zone destination pci_zone
service-policy type inspect store-inbound-policy
!END CONFIG
Hope this helps someone out when trying to segment their PCI environments.
!BEGIN CONFIG
access-list 100 permit icmp any any
access-list 100 permit tcp host 10.0.4.132 host 10.0.2.132 eq www
access-list 100 permit udp host 10.0.4.132 host 10.0.2.132 eq tftp
access-list 100 permit tcp host 10.0.4.132 host 10.0.5.132 eq 139
access-list 100 permit tcp host 10.0.4.132 host 10.0.5.132 eq 445
access-list 100 permit tcp host 10.0.4.132 host 10.0.5.132 eq ftp
access-list 101 permit icmp any any
access-list 101 permit tcp host 10.0.5.132 host 10.0.4.132 eq 139
access-list 101 permit tcp host 10.0.5.132 host 10.0.4.132 eq 445
access-list 101 permit tcp host 10.0.2.132 host 10.0.4.132 eq 139
access-list 101 permit tcp host 10.0.2.132 host 10.0.4.132 eq 445
zone security pci_zone
description pci_network
zone security non_pci_zone
description non_pci_network
int fa0/1
zone-member security pci_zone
int fa0/0
zone-member security non_pci_zone
int s0/0/0
zone-member security non_pci_zone
class-map type inspect match-any store-protocols-class
match protocol ftp
match protocol dns
match protocol http
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all store-protocols-acl-outbound-class
match class-map store-protocols-class
match access-group 100
class-map type inspect match-all store-protocols-acl-inbound-class
match class-map store-protocols-class
match access-group 101
policy-map type inspect store-outbound-policy
class type inspect store-protocols-acl-outbound-class
inspect
policy-map type inspect store-inbound-policy
class type inspect store-protocols-acl-inbound-class
inspect
zone-pair security pci-non_pci source pci_zone destination non_pci_zone
service-policy type inspect store-outbound-policy
zone-pair security non_pci-pci source non_pci_zone destination pci_zone
service-policy type inspect store-inbound-policy
!END CONFIG
Hope this helps someone out when trying to segment their PCI environments.
Friday, November 4, 2011
Cisco Router IOS Upgrade
I know the process for upgrading a Cisco router is very well documented, so this is just so I can find it next time without having to search the Internet.
From the router type:
config t
copy tftp: flash:
Then, enter the tftp server's IP Address when requested [10.0.0.1] without brackets
Enter the IOS binary name when requested [c3640-ik9o3s-mz.124-25d.bin] without brackets
File will copy and will probably ask to erase flash. I say ok, with the knowledge the existing image will be deleted. I'm ok with that, so I confirm it.
The image is copied to the router's flash memory.
Now I want to verify the image's integrity so I type the following command:
verify flash:c3640-ik9o3s-mz.124-25d.bin
As long as the image is ok, then I set the router system boot:
boot system flash:c3640-ik9o3s-mz.124-25d.bin
Then I save the configuration:
wr mem
Finally, I reload the router:
reload
Finished.
From the router type:
config t
copy tftp: flash:
Then, enter the tftp server's IP Address when requested [10.0.0.1] without brackets
Enter the IOS binary name when requested [c3640-ik9o3s-mz.124-25d.bin] without brackets
File will copy and will probably ask to erase flash. I say ok, with the knowledge the existing image will be deleted. I'm ok with that, so I confirm it.
The image is copied to the router's flash memory.
Now I want to verify the image's integrity so I type the following command:
verify flash:c3640-ik9o3s-mz.124-25d.bin
As long as the image is ok, then I set the router system boot:
boot system flash:c3640-ik9o3s-mz.124-25d.bin
Then I save the configuration:
wr mem
Finally, I reload the router:
reload
Finished.
Subscribe to:
Posts (Atom)