Posts Categorized: Informatique

Parsing Fortigate configuration in Python

Posted by & filed under Python.

Had to parse some Fortinet configuration in python so here is my solution: from collections import defaultdict from pprint import pprint import sys f = lambda: defaultdict(f) def getFromDict(dataDict, mapList):     return reduce(lambda d, k: d[k], mapList, dataDict) def setInDict(dataDict, mapList, value):     getFromDict(dataDict, mapList[:-1])[mapList[-1]] = value     class Parser(object):     […]

« Je n’ai rien à cacher »

Posted by & filed under Web.

Au vu de l’actualité des dernières semaines (NSA), on re-entend la fameuse phrase: « De toute façon ils peuvent bien écouter, je n’ai rien à cacher ». Rien n’est plus faux. Tout le monde a des informations qu’il ne souhaite divulguer. Voici une liste de questions prises ici : Avez-vous déjà eu un avortement ? Avez-vous déjà […]


Posted by & filed under Sécurité.

You can execute some commands or get files on ASA, FWSM and ASA-SM directly with HTTP. First you need to enable http server : Then a command is send in the URL following this syntax: https://IP_ASA/admin/exec/CMD1/CMD2/CMD3 A simple example to show the arps: https://IP_ASA/admin/exec/show+arp+ A more complex example to get statistics for a contex: […]

Diagnose a slow linux box: cheat sheet

Posted by & filed under Informatique, Linux.

Disk Space: df -h Make sure you have enough disk space Memory /Processes / Load average htop top (shift + m) free -m Use Htop Check for processes that are taking up a lot of memory/CPU and Check you’re not out of memory Apache errors grep 500 /var/log/apache2/error.log | less Look for 500 errors caused […]

Pythonbrew on RHEL5

Posted by & filed under Informatique, Linux.

yum install binutils gcc gcc-c++ make patch libgomp glibc-headers glibc-devel kernel-headers kernel-devel bison flex yum install openssl-devel zlib-devel mkdir -p /root/pythonbrew export PYTHONBREW_ROOT=/root/pythonbrew curl -kLO chmod +x pythonbrewinstall ./pythonbrewinstall pythonbrew install 2.7.3 pythonbrew switch 2.7.3

Cisco ASA: Authorize administrative access via Active Directory LDAP

Posted by & filed under Informatique, Sécurité.

The attribute map which bind our group of allowed administrators to a Service Type which allow logins: ldap attribute-map LDAP_MemberOf_ServiceType map-name  memberOf IETF-Radius-Service-Type map-value memberOf CN=G_ADMIN_SECU,OU=Groupes,DC=TEST,DC=secu 6 The Active Directory Servers. I use SSL so be sure to import the root certificate from the Active Directory to make it works. aaa-server TEST.SECU protocol ldap aaa-server […]

UCARP: force master to become slave

Posted by & filed under Informatique, Linux.

From UcARP documentation: You can send the ucarp process a SIGUSR2 to have it demote itself from master to backup, pause 3 seconds, then proceed as usual to listen for other masters and promote itself if necessary. This could be useful if you wish another node to take over master. So if you want the […]

Bootstrap ASA failover configuration

Posted by & filed under Sécurité.

Here the configuration I use for ASA failover 8.4+ based on my experience: On the primary: interface GigabitEthernet0/4 no shutdown failover failover lan unit primary failover lan interface FAILINK GigabitEthernet0/4 failover interface ip FAILINK standby failover key 222Th3Hak3Y222 failover link FAILINK GigabitEthernet0/4 prompt hostname state priority On the secondary: interface GigabitEthernet0/4 no […]

Keepass, Putty et les connexions SSH automatiques

Posted by & filed under Système.

Comment enregistrer des connexions SSH dans Keepass et les lancer automatiquement avec Putty : Allez dans le menu Scheme-Specific : Et créer un nouveau scheme ssh2 : cmd://putty.exe -ssh {USERNAME}@{URL:RMVSCM} -pw {PASSWORD} Déposer l’exécutable putty.exe dans le même dossier que Keepass (pour moi : C:Program Files (x86)KeePass Password Safe 2)   On crée une entrée de cette manière (noter […]