Setup and Configure IRRd 2.3.6 on Fedora 13

IRRd 2.3.6 on Fedora 13

Install Fedora 13 fresh, and use a “minimal/minimum install”

Once Fedora has installed, log in as root, and configure and turn up the network interface

Install the fastest mirror plugin for yum, gcc, flex, make, byacc, and wget, mlocate, telnet, bison, xinetd, mailx, jwhois, and man, then update everything.

yum install yum-plugin-fastestmirror -y
yum install gcc flex make byacc wget mlocate telnet bison xinetd mailx jwhois man -y
yum update -y

download and un tar/gunzip the irr daemon to root’s home dir

cd ~
wget http://www.irrd.net/irrd2.3.9.tgz
tar -zxf irrd2.3.9.tgz

configure, make, and install the irr daemon

cd irrd2.3.9/src
./configure
make
make install

copy the irrd.conf.sample to /etc/irrd.conf and open it for editing

uncomment the “password” line and change the password (default is foo, this is a cleartext value)

!
password testpass123
uii_port 5673
!

comment out the radb mirroring

!
!irr_database radb mirror whois.radb.net 43
!

change the default db to something more attractive

!
irr_database switchnap authoritative
!

save the config

edit /etc/services and add the following lines

# IRRd Service Port
irrd 5673/tcp

create a pgp directory somewhere

mkdir /var/spool/irr_database/.pgp

add the following line to /etc/irrd.conf

pgp_dir /var/spool/irr_database/.pgp

using the ~/irrd2.3.6/src/irr_util/crypt_gen program, generate an encrypted override password

~/irrd2.3.6/src/irr_util/crypt_gen test (where test is the password you want to use)
encrypted passwd is "pfHKv25Fdk7bA"

now add the following line to the end of your /etc/irrd.conf

override_cryptpw pfHKv25Fdk7bA

finally add the dbadmin’s email to the /etc/irrd.conf

db_admin db-admin@yourdomain.com

start the irrd daemon

/usr/local/sbin/irrd

add the following line to /etc/aliases

# IRRd Auto Submit
auto-dbm: "|/usr/local/sbin/irr_rpsl_submit"

then save and close the file, and run the following command

[root@irrd irr_util]# newaliases
/etc/aliases: 77 aliases, longest 65 bytes, 838 bytes total

create /etc/xinetd.d/irr_rpsl_submit-stream and populate it with the following:

service irr_rpsl_submit
{
# This is for quick on or off of the service
disable		= no

# The next attributes are mandatory for all services
id		= irr_rpsl_submit-stream
type		= UNLISTED
wait		= no
socket_type	= stream
#	protocol	=  socket type is usually enough

# External services must fill out the following
user		= root
#	group		=
server		= /usr/local/sbin/irr_rpsl_submit
server_args	= -D

# External services not listed in /etc/services must fill out the next one
port		= 8888

# RPC based services must fill out these
#	rpc_version	=
#	rpc_number	=

# Logging options
#	log_type	=
#	log_on_success	=
#	log_on_failure	=

# Networking options
#	flags		=
#	bind		=
#	redirect	=
#	v6only		=

# Access restrictions
#	only_from	=
#	no_access	=
#	access_times	=
#	cps		= 50 10
#	instances	= UNLIMITED
#	per_source	= UNLIMITED
#	max_load	= 0
#	deny_time	= 120
#	mdns		= yes

# Environmental options
#	env		=
#	passenv		=
#	nice		= 0
#	umask		= 022
#	groups		= yes
#	rlimit_as	=
#	rlimit_cpu	=
#	rlimit_data	=
#	rlimit_rss	=
#	rlimit_stack	=

# Banner options. (Banners aren't normally used)
#	banner		=
#	banner_success	=
#	banner_fail	=
}

then restart xinetd

service xinetd restart

now we have to add irr_rpsl_submit to the allowed sendmail programs

cd /etc/smrsh
ln -s /path/to/irr_rpsl_submit
service sendmail restart

now test, it should function!

09/28/2010
Phil Pillera <ppillera [ a t ] gmail [ d o t ] com>

Configuring SSHD to disallow root login

Fedora 13 – 2.6.34.7-56.fc13.i686

Configuring SSHD to disallow root login

Being able to SSH in as root is a security hole that one just shouldn’t risk, however when you first setup a box, it’s an option that’s enabled by default. To disable it, do the following.

first we’ll need to add a new user

adduser ppillera

then we’ll need to set the password for that user

passwd ppillera
Changing password for user ppillera.
New password: blah1234
Retype new password: blah1234
passwd: all authentication tokens updated successfully.

now that we’ve got a new user to SSH in as, we can disable root ssh.

vi /etc/ssh/sshd_config

change the following to read as follows

PermitRootLogin no

you’ll notice that you have to delete the “#” at the begening, and change the “yes” to “no”.

then all you have to do is restart the sshd service and you’re good to go

service sshd restart

10/21/2010
Phil Pillera <ppillera [ a t ] gmail [ d o t ] com>

Configure Fedora 13 Networking

Fedora 13 – 2.6.34.7-56.fc13.i686

Configure Static IP

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Where eth0 is the interface on which you want to configure the IP.

Change “onboot” and add the two following lines so it looks like this

ONBOOT=yes
IPADDR=192.168.1.2
NETMASK=255.255.255.0

Then we need to setup your “default gateway”

vi /etc/sysconfig/network

add the following

GATEWAY=192.168.1.1

and finally we’ll configure the DNS servers

vi /etc/resolv.conf

and add the following

nameserver 192.168.1.1
nameserver 192.168.2.2

once you’ve done that, restart the “network” service

service network restart

Configure DHCP Fedora 13

First we need to hop into the network-scripts directory:

cd /etc/sysconfig/network-scripts/

Then edit the ifcfg-xxxx file for your particular network card:

vi ifcfg-eth0

Edit the following lines:

ONBOOT=yes BOOTPROTO=dhcp

Then we’ll have to restart the “network” service:

service network restart

Configure the Network Service

Now that our network is setup, we should really configure the “network” service to automatically start up when we want it to. Personally I only run *nix in CLI, but for those of you that run some form of desktop manager, I’ve included that as well.

Lets first see if it’s already configured to start

chkconfig --list

if network isn’t marked as “on” for levels 3 and 5, then do the following

chkconfig --levels 35 network on

Now when your computer boots up into init 3 (multiuser network mode) or init 5 (xwindows) your network service will start.

09/28/2010
Phil Pillera <ppillera [ a t ] gmail [ d o t ] com>

Installing IOS Image via Xmodem

If you’ve gotten to the point where this needs to be done, chances are the IOS image on your current switch/router is completely jacked up and you’re sitting at either the “rommon:” prompt or the “switch:” prompt. The following instructions will be operating under that assumption.

First, connect with the standard cisco serial connection info (9600 – 8 – N – 1 – N).

Then type the following at the prompt:

switch: set BAUD 115200

Then you’ll need to reconnect with the baud rate of 115200. This will make the transfer go significantly faster.

Next lets start the copy:

switch: copy xmodem: flash:

Once you do this, it’ll be waiting to accept the file, simply start the xmodem transfer now using your terminal emulator and wait.. for a long long time.. It’ll tell you when it’s done.

When it’s completed, type the following to set the console baud rate back to normal:

switch: unset BAUD

Reconnect with the standard cisco serial connection info (listed above). Once you’ve done that, you can boot your new flash image

switch: boot flash:path-to.ios.image.bin

Providing your IOS image is good, it’ll boot up properly and you’re good to go. It is good practice to point to this file once your switch/router boots up using the “boot system flash:path-to.ios.image.bin” command in configuration mode, though it’s not always necessary.

10/08/2010
Phil Pillera <ppillera [ a t ] gmail [ d o t ] com>