How to install checkpoint ssl extender VPN SNX under Fedora 16

Posted on 2011-11-11 by ken_fallon

It’s time for Fedora 16 and the obligatory how to get Checkpoint SSL extender VPN (SNX) working under it.

The first step is to get your username, password and ip address or host name of your snx server from your local administrator. Once you do that you can login and then press the settings link. This will give you a link to the various different clients. In our case we are looking for the “Download installation for Linux” link. Download that and then run it with the following command.

[root@laptop checkpoint]# ldd /usr/bin/snx | grep "not found"
        libstdc++.so.5 => not found

This can be solved easily enough using the command

yum install compat-libstdc++-33.i686

You should now be able to type snx without errors. You only now need to accept the VPN Certificate by loging in via the command line and press “Y”.

user@pc:~$ snx -s my-checkpoint-server -u username
Check Point's Linux SNX
build XXXXXXXXXXXX
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Root CA fingerprint: AAAA BBB CCCC DDD EEEE FFF GGGG HHH IIII JJJ KKKK
Do you accept? [y]es/[N]o:

Finally you should be able to use the client and login.

Posted in snx | 1 Comment

Installing Citrix on Fedora 16

Posted on 2011-11-11 by ken_fallon

The steps involved in getting Citrix installed on Fedora 16 are not that much different to the steps involved in Fedora 14. The major difference is that it is now called Receiver for Linux 12.0 and not ICAClient, Citrix Linux client. As of now you can find the product page here. Once you download the file click on it in Dolphin and the application manager will install it.

 

Posted in General | Leave a comment

Any topic that is of interest to Hackers

Posted on 2011-11-09 by ken_fallon

It’s not often that I comment on HPR episodes – other than to beg for you to send them in – but I want to make an exception for today’s show. Episode 0853 :: Pat Volkerding of Slackware Linux chats with Klaatu

HPR logoI’m not making this exception because it was “better”, I would find it impossible to make such a call. The HPR community produces a massive amount of content and I have listened to every single one at least once. There has not been a single HPR show that I have not enjoyed and learned from.

Nor is it that it was submitted by Klaatu as given that he has submitted 12 ½% of all shows, I would have written this long before now. Sure today’s ‘topic’ was special – a interview with Patrick Volkerding the man behind SlackWare, the longest continually developed Linux distribution – but we’ve had other interviews with people of note before.

The reason for this deviation is simply because it embodies the qualities that I feel define Hacker Public Radio.

It’s about taking a topic and exploring it, looking at all sides, exposing otherwise hidden and unknown facts, it’s about events, it’s about community, it’s about people, it’s about technology, it’s about music, it’s about history, it’a about life, it’s about questioning - everything - our very existence – space time – ancient cultures. In short it’s about “Any topic that is of interest to Hackers

If you have never listened to a HPR then this is surely the best sample of what you are likely to find. Sure it arrived just in time to fill an otherwise empty slot, the audio isn’t perfect, it might not follow a script, random people wander in and out, there may be tangents from the topic at hand but if you can open your ears to listen you’ll hear the passion of the community, our community. Then maybe, just maybe, you too will be inspired to share your unique point of view with us.

http://hackerpublicradio.org/contribute.php
Posted in Podcasts | Leave a comment

Follow symlinks

Posted on 2011-10-14 by ken_fallon

If you have symlinks to symlinks to … etc, you might find this command useful

readlink -f

Posted in General | Leave a comment

Setting time on a Linux client from a Windows PDC

Posted on 2011-08-23 by ken_fallon

You can set the time on a linux client using NTP, using the ntpd daemon. For a quick and dirty approach you can use the deprecated ntpdate command. The following script will set the time on the pc

cat /usr/local/bin/syncclock
#!/bin/bash
/usr/sbin/ntpdate -s nl.pool.ntp.org
/sbin/hwclock --adjust
/sbin/hwclock --systohc

If you are running a Linux Client on a windows network where there is no access to a NTP server, you might want to use the samba command net time to get the time and net time set to set it. Adding the following command to the roots crontab file will set the time on your linux bot against the windows primary domain controller each afternoon.

* 12 * * * net time set > /dev/null 2>&1
Posted in General | Tagged , | Leave a comment

RTE Radio on the command line

Posted on 2011-07-12 by ken_fallon

If you go to the RTÉ on a device that isn’t running “Real Player” or “Windows Media Player” then you’re out of luck. It’s not that your device isn’t capable of playing it, it’s jut that they don’t make it easy for you to do so.

If you want to play hear them regardless of your device, here are the direct links to the audio streams:

Smplayer (a windows version of mplayer) or VLC (a cross platform media player) will have no problems playing the streams.

Enjoy.

Posted in General | Leave a comment

Check Point SSL Network Extender

Posted on 2011-05-19 by ken_fallon

In what is becoming a bit of a series, today I’ll be covering how to get Check Point SSL Network Extender installed under kubuntu. From the checkpoint site:

SSL Network Extender is a browser plug-in that provides clientless remote access, while delivering full network connectivity for any IP-based application.

It works based on java so the first thing you will need to install is sun’s java runtime client. You will need the partner repository installed and your system updated.

sudo apt-get install sun-java6-jre sun-java6-plugin sun-java6-fonts

Once that is done you can restart Firefox and browse over to java.com to make sure that you have java working.

You should see a message like this:

Verified Java Version
Congratulations!
You have the recommended Java installed (Version 6 Update 24).

Once java is working you can go to the snx website. If you don’t know the url ask your network administrator. You may be notified about popups so just allow them for your site.

Once you have accepted and reloaded the page you will be prompted to enter your username and password.

After this you will be asked to install an update to the software. This installs the snx software in the background. One thing to note is that it is looking for the root password and not the sudo password. Ubuntu ships without this set so you’ll need to set a root password using the following command.

sudo passwd

You can confirm it’s set correctly using the command

su -

and if you see the prompt change to “#” then you know it’s working. Switch back to the snx_install.sh window and enter the password.

Once you do that you should very briefly see a message saying that the install was successful. At this point the standard snx software is installed but you will probably see the error

Failed to initialize

When you run the snx client on the command line you will see:

user@pc:~$ snx
snx: error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory

The solution is to install libstdc++5

sudo aptitude install libstdc++5

Once that is done typing snx should be error free and give you something like this:

user@pc:~$ snx
failed to open file: /home/username/.snxrc
Valid attributes are:
- server          SNX server to connet to
- sslport         The SNX SSL port (if not default)
- username        the user name
- certificate     certificate file to use
- calist          directory containing CA files
- reauth          enable automatic reauthentication. Valid values { yes, no }
- debug           enable debug output. Valid values { yes, 1-5 }
- cipher          encryption algorithm to use. Valid values { RC4 / 3DES }
- proxy_name      proxy hostname
- proxy_port      proxy port
- proxy_user      username for proxy authentication
user@pc:~$

You’re still not home and dry because you may need to accept the VPN Certificate. To get around this you need to login via the command line and press “Y”.

user@pc:~$ snx -s my-checkpoint-server -u username
Check Point's Linux SNX
build XXXXXXXXXXXX
Please enter your password:
SNX authentication:
Please confirm the connection to gateway: my-checkpoint-server VPN Certificate
Root CA fingerprint: AAAA BBB CCCC DDD EEEE FFF GGGG HHH IIII JJJ KKKK
Do you accept? [y]es/[N]o:

Finally you should be able to use the client and login.

Posted in General, snx | Tagged , , , | 4 Comments

Competition to design Mini Business Cards for HPR

Posted on 2011-01-07 by ken_fallon

I Need Help

I would like to have some mini-business cards made. The idea been to give them out at shows, to people interested in recording a show or to potential interviewees. I’ve also seen them used to add a touch of professionalism to recorded dvd’s and cd’s. Despite watching the entire http://screencasters.heathenx.org/ series I’m still lacking anything approaching artistic flair.  So I’m putting out the call for help to design the business cards.

The back

Let’s talk about the back first. It should have a QR code to the Hacker Public Radio About page and the rest can be anything. At the moment I have the list of contact information but  feel free to do what you like. We’ll need to pick the “best” one as there can only be one version of the back.

The Front

We have a lot more freedom with the front as there can be up to 100 different versions in a print run. So if you send in a version it’s very likely that it will get printed. Let your imagination run wild but keep in mind that the design should embody what HPR is about (good luck with that !)

The site moo.com where I’m going to get them printed has design guidelines and the size you are working to is 874 x 378 pixels @ 300dpi.

The Prize ?

My eternal gratitude, gratitude of everyone on the planet for not inflicting my attempt at art on them. Seriously I’ll add your name to the contributers page on HPR and will also mail you 10 cards with your design. And if you’re willing to pick it up or pay the postage you can have one of these computer books.

Posted in General | 2 Comments

How to install Checkpoint ssl extender vpn (snx) under Fedora 14

Posted on 2010-11-21 by ken_fallon

This is the Fedora 14 AMD64 version of my previous post How to install Checkpoint ssl extender vpn (snx) under Debian/Kubuntu. Running the install is the same and hopefully will go without error.

./snx_install.sh

Unfortunately snx will not run complaining about missing libraries

[root@laptop checkpoint]# ldd /usr/bin/snx
        linux-gate.so.1 =>  (0xf773e000)
        libX11.so.6 => /usr/lib/libX11.so.6 (0xf75f2000)
        libpthread.so.0 => /lib/libpthread.so.0 (0xf75d6000)
        libresolv.so.2 => /lib/libresolv.so.2 (0xf75bc000)
        libdl.so.2 => /lib/libdl.so.2 (0x4c766000)
        libpam.so.0 => not found
        libnsl.so.1 => /lib/libnsl.so.1 (0xf75a0000)
        libstdc++.so.5 => not found
        libc.so.6 => /lib/libc.so.6 (0x4c5d0000)
        libxcb.so.1 => /usr/lib/libxcb.so.1 (0xf7582000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xf7564000)
        /lib/ld-linux.so.2 (0x4c5ac000)
        libXau.so.6 => /usr/lib/libXau.so.6 (0xf7561000)

The solution for some of the problems are to install the following packages:

yum install compat-libstdc++-33.x86_64 compat-libstdc++-33.i686 audit-libs.i686

Unfortunately some problems remain

[root@laptop checkpoint]# ldd /usr/bin/snx | grep "not found"
        libpam.so.0 => not found

After getting a lot of help from JessiJames and thrice` on #oggcastplanet @ freenode we came up with this solution:

First get the i686 version of pam, then extract it, and finally link the libpam.so.0 to the new location.

wget ftp://rpmfind.net/linux/fedora/updates/14/x86_64/pam-1.1.1-6.fc14.i686.rpm
rpm2cpio pam-1.1.1-6.fc14.i686.rpm | cpio -idmv
mkdir /usr/local/lib/checkpoint32/
find| grep libpam.so.0
cp -v ./lib/libpam.so.0.82.2 /usr/local/lib/checkpoint32/
ln -s /usr/local/lib/checkpoint32/libpam.so.0.82.2 libpam.so.0

Hopefully that should fix it for you as well.

Posted in General, snx | Tagged , , | 3 Comments

Installing Citrix on Fedora 14

Posted on 2010-11-21 by ken_fallon

Some of you my be familiar with my adventures with installing Citrix on Debian based systems, well I’ve been trying out Fedora 14 and came across a few issues as well.

You can make life a lot easier for yourself by downloading the rpm version from the Citrix site. Once you download this you can install it using the following command

yum install --nogpgcheck ./ICAClient-11.100-1.i386.rpm

A full explanation of the command can be found on the Fedora Forums

That installs all the dependencies so we’re almost good to go until we hit the dreaded You have not chosen to trust “/C=US/ST=/L=/O=Equifax/OU=Equifax Secure Certificate Authority/CN=”, the issuer of the server’s security certificate (SSL 61) error.

The common fix was to just copy them from Firefox now mozilla has migrated to using a cert database. The easiest way to export them is using the Firefox plugin Export All Certificates which can be accessed by using Edit -> Preferences -> Advanced -> Encryption Tab -> View Certificates -> Export All. You will need to rename them first to the correct file extension. I used:

rename .der .crt *der

Then I just copied them all to /usr/lib/ICAClient/keystore/cacerts/ and then it worked.

Posted in citrix, General | Tagged , | 2 Comments