gpg cheat sheet

The GNU Privacy Guard (GnuPG or GPG) is a free software alternative for the PGP suite
of cryptographic software, released under the GNU General Public License. It is an
essential tool to encrypt data or communications.

Create a key

  gpg --gen-key

Export keys

  gpg --export -a "User Name" > public.key
  gpg --export-secret-key -a "User Name" > private.key

Import keys and give trust

  gpg --import public.key
  gpg --import private.key
  gpg --edit "User Name"
  >trust
  (select the 'trust ultimately' option)
  >q

List and delete

  gpg --delete-secret-key "User Name"
  gpg --delete-key "User Name" #corresponding private first
  gpg --list-keys
  gpg --list-secret-keys

Encrypt

  gpg -e [-u "Sender"] [-r "Receiver"] somefile

     - creates somefile.gpg, does not delete somefile
     - Use yourself as receiver for private data

Decrypt

  gpg -d mydata.tar.gpg

MCITS: Enterprise Administrator Certification


For those of you who are seeking certification, Microsoft Press has just released a Second Edition of their “Blue Training Books” as show below. These books cover all the changes that came with Windows Server 2008 R2. The certification tests have already been updated for R2, so previous versions of these books are now obsolete. In addition to the four tests mentioned below, you will also need MS 70-680 (Configuring Windows 7) to complete the requirements for the MCITS: Enterprise Administrator certification, which is the equivalent to the older MCSE Certification.
I have had success using these books for study when preparing for these tests, but your results may not be the same. I recommend these books only to those who have already found success with this method of study.
Finally, if you need the software, you can download Windows Server 2008 R2 with Service Pack One 180-Day Trial from here: http://technet.microsoft.com/en-us/evalcenter/dd459137 (registration required).


MCITP Windows Server® 2008 Enterprise Administrator: Training Kit 4-Pack: 
Exams 70-640, 70-642, 70-643, 70-647, Second Edition
Available from: Amazon.com, Barnes & Noble, O’Reilly or your favorite online reseller.
Dan Holme, Nelson Ruest, Danielle Ruest, Tony Northrup, J.C. Mackin, Anil Desai, Orin Thomas, John Policelli, Ian L. McLean, Paul Mancuso, David R. Miller, Jason Kellington
Get in-depth preparation for MCITP: Enterprise Administrator Exams 70-640, 70-642, 70-643, and 70-647—as you build real-world job skills. Get study guides, 1200+ practice questions, reviews, labs, and an exam discount.
Your all-in-one kit includes:
  • Official self-paced study guides for four required exams
  • 1,045+ practice and review questions
  • Practice tests with multiple, customizable testing options and a learning plan based on your results
  • Case scenarios, exercises, and best practices
  • 15% exam discount from Microsoft; good for four exams. Offer expires 12/31/15.
  • Fully searchable eBooks for all four study guides
Product Details
·         Paperback: 3808 pages
·         Publisher: Microsoft Press; Second Edition (October 3, 2011)
·         Language: English
·         ISBN-10: 0735663270
·         ISBN-13: 978-0735663275
·         Product Dimensions: 9 x 7.8 x 6.1 inches
·         Shipping Weight: 10.6 pounds
NOTE: Additionally, you will need to take and pass MCTS Self-Paced Training Kit (Exam 70-680): Configuring Windows® 7 to complete the requirements for MCITS: Enterprise Administrator, which is the Windows Server 2008 equivalent to the old MCSE certification.
Product Details
  • Hardcover: 880 pages
  • Publisher: Microsoft Press; 1 Har/Dvdr edition (October 21, 2009)
  • Language: English
  • ISBN-10: 0735627088
  • ISBN-13: 978-0735627086
  • Product Dimensions: 9 x 7.4 x 1.8 inches
  • Shipping Weight: 3.3 pounds

How to create a LUKS LVM Partition

  1. Create a logical volume: lvcreate -L 500M -n crypto cryptovg
  2. Fill the logical volume with random data: dd if=/dev/urandom of=/dev/cryptovg/crypto
  3. Initialize the logical volume: cryptsetup --verbose --verify-passphrase luksFormat /dev/cryptovg/crypto
  4. Open the newly encrypted device: cryptsetup luksOpen /dev/cryptovg/crypto cryptosec
  5. Check that it’s there: ls -l /dev/mapper | grep cryptosec
  6. Create a filesystem: mkfs.ext4 /dev/mapper/cryptosec
  7. Mount it: mount /dev/mapper/cryptosec /media/cryptosec
  8. Check that it’s visible: df -h | grep cryptosec
  9. Add the following to /etc/crypttab: cryptosec /dev/cryptovg/crypto none
  10. Edit your /etc/fstab, removing the old entry for /dev/cryptovg/crypto and adding /dev/mapper/cryptosec /media/cryptosec ext4 defaults 1 2
  11. Restore default SELinux security contexts: /sbin/restorecon -v -R /media/cryptosec
  12. Reboot: shutdown -r now
  13. The entry in /etc/crypttab makes your computer ask your luks passphrase on boot. Enter your password when asked. Login as root and restore your backup.

How to create an SSH tunnel for vncviewer

What I'm doing is using a vncviewer to connect to a vncserver, via an intermediary host (such as a firewall), using a SSH Tunnel between HostA and HostC, to encrypt communications.

I have the same unprivileged userid on all three hosts. Also, I used ssh keys for authentication, just to speed things up. Otherwise, you can specify username@host and enter the password when asked.

$ ssh -N -T -X -f HostB.example.com -L 5905:HostC.example.com:5905 --sleep +30m
$ vncviewer localhost:5905 &

Change the “+30m” to however long you want the ssh tunnel to stay open. You can also use “+8h” or “+1d”.

+----------+     +----------------+     +-------------+
| Host A   |     |                |     | Host C      |
|          |---->| Host B         |---->| destination |
| vncviewer|     | "intermediary" |     | vncserver   |
+----------+     +----------------+     +-------------+

RHEL6: vsftpd anonymous access with selinux

First install the vsftpd package:

yum install vsftpd

and edit /etc/vsftpd/vsftpd.conf

How to disable/enable IPv6 support in RHEL 6

Disabling IPv6 support in Red Hat Enterprise Linux 6
 
Create a file /etc/modprobe.d/ipv6.conf with the following contents:

options ipv6 disable=1

For completeness, it is a good idea to configure the ip6tables service not to start at boot by issuing the following command:

RHEL6/CentOS Caching Name Server

Install the bind-chroot package (which will call the bind package as a dependency):

# yum install bind-chroot

Then make SELinux happy. Set named_write_master_zones to 1:

How to setup a simple OpenLDAP server for your home lab

Some certification tests may require you to know how to setup an LDAP client. Rather hard to do in your home lab if you don't have an LDAP Server! Here's some basic instructions on how to setup something that will work.

So much for the Rapture...

Yet another miscalculation by people that think they know better than everyone else. This is part of the reason I no longer believe in organized religion.

I like Blogsy

Looks like this iPad app is going to work quite well for updating this blog, right from my iPad. Pretty cool!

http://blogsyapp.com/about/