LINUX ROOT PASSWORD RECOVERY

LINUX İşletim Sistemlerinde Root Şifresinin Resetlenmesi

Linux açılırken işletim sistemini sorduğu ekranda enter' a basıyoruz.

Edit lemek için “e” ye basıyoruz.

Kernel ı editlemek için üzerine gelip “e” ye basıyoruz

Satır sonuna “single” yazarak “enter” a basıyoruz. Kernel ekranı tekrar gelir. Bu sefer

“b” ye basarak boot edilir. Böylece işletim sisteminin kernel satırına girmiş oluruz. Bu satıra

“passwd root” yazarak root kullanıcısının password unu resetlemiş oluruz.

Daha sonra “reboot” yazılarak makina restart edilir ve yeni şifre ile oturum açılır.

First Hop Redundancy Procotols (FHRP)-(HSRP)-(GLBP)

             1   -     Hot Standby Redundancy Protocol(HSRP)

-        HSRP is Cisco’s standard method of providing high network availability by providing first-hop redundancy for IP hosts on an IEEE 802 LAN configured with a default gateway IP address.

-        Main purpose; protect to Default Gateway.

-        Routers are share Virtual IP Address and Virtual Mac Address. Mac Address’s last 2 digit= HSRP Group Identifier.

-        There is no load balancing.

-        Active – Standby mode

-        Router’s Higher Ip Address=Active Lower Ip address=Standby

-         We change the HSRP priority for select the active Backbone. Default priority = 100

-        Hello packets = 3 sec Dead time = 10 sec

HSRP Preemption: 

Force the router to a new HSRP process. When active router turned off, standy router change to active router. After that; when active router turned on, standby router will continue to work active. Preemption command provide if active router turn on again, the router is active again.

            HSRP Modes:

             Initial: It can be see the HSRP run or not running.

Learn: Router doesnt have any virtual ip, there isn’t any authentication hello packet from                active router.

Listen: Virtual ip is okey, routers dont certain active or standby

Speak: Periodic hello packets, routers know active and standby mode.

Standby: Standby mode

Active: Active mode

Multigroup HSRP: It’s create a Vlan ip address’s HSRP.

HSRP Interface Tracking: If there are some problems routers WAN port, this command will follow the WAN port. If there is a problem with wan port in active router, standby’s wan port will be active.

Object Tracking: Check the routers behind wan port.

HSRP Authenticton: Plain Text and MD5.

HSRP Configuration

Router(config)# int gig 0/0

Router(config-if)# ip address 172.16.30.2 255.255.255.0

Router(config-if)# standby 1 ip 172.16.30.1 (virtual ip address)

Router(config-if)# standby 1 priorty 150 (for work active mode)

Router(config-if)# standby 1 preempt (if turn off the router, turn on again it can be work active mode.)

Router_2(config)# int gig 0/0

Router_2(config-if)# ip address 172.16.30.3 255.255.255.0

Router_2(config-if)# standby 1 ip 172.16.30.1

Multigroup HSRP Config

Router(config)# spanning-tree vlan 10 root secondary

Router(config)# spanning-tree vlan 20 root primary

Router(config)# int vlan 10

Router(config-if)# ip address 10.1.10.3 255.255.255.0

Router(config-if)# standby 10 ip 10.1.10.1

Router(config-if)# standby 10 priortiy 90

Router(config-if)# standby 10 preempt

Router(config-if)#exit

Router(config)# int vlan 20

Router(config-if)# ip address 10.1.20.3 255.255.255.0

Router(config-if)# standby 20 ip 10.1.20.1

Router(config-if)# standby 20 priorty 110

Router(config-if)# stanby 20 preempt

            Interface Group Tracking

            Router(config)# int gig 0/0

            Router(config-if)# ip address 192.168.100.2 255.255.255.0

            Router(config-if)# standby 1 ip 192.168.100.1
            Router(config-if)# standby 1 preempt

Router(config-if)# stanby track serial 0/1 (follow wan port)

(this command will write another router)

            GLBP(Gateway Load Balancing Protocol)

         

          - Automatic and simultaneous use of multiple gateways.

          -The Gateway Load Balancing Protocol feature provides automatic router backup for IP hosts configured with a single default gateway on an IEEE 802.3 LAN.

          -Failover between gateways.

          -GLBP provides load balancing over multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses.

          -Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets

          -Best proporties; Load Balancing

          -Using UDP

          -L3 redundancy

          -Traffic can be shared in both directions.

          -Hello packet = 3 sec ; Dead Time = 10 sec

          -Mac Address: 0007.44XX.XXYY XXXX: 64 bit zero and 10 bit GLBP number

           What is the difference of GLBP and HSRP?

         Two GLBP Modes:

         1- Active Virtual Gateway

         2- Active Virtual Forwarding (Max 4 AVF)

         Active Virtual Gateway:

          - The AVG assigns a virtual MAC address to each member of the GLBP group

          - Each gateway assumes responsibility for forwarding packets sent to the virtual MAC address assigned to it by the Active Virtual Gateway.

          - The Active Virtual Gateway is responsible for answering Address Resolution Protocol (ARP) requests for the virtual IP address. Load sharing is achieved by the AVG replying to the ARP requests with different virtual MAC addresses.

          - A GLBP group allows up to four virtual MAC addresses per group. The AVG is responsible for assigning the virtual MAC addresses to each member of the group.

Active Virtual Forwarding: 

          - We can use max 4 AVF.

          - Transmits packets sent to the virtual mac address provided by AVF.

          GLBP operates virtual gateway redundancy in the same way as HSRP.

          Notes: If Active Virtual Gateway router becomes unavailable, clients will not lose Access to WAN because Active Virtual Forwarding router will assume responsibility for forwarding packets sent to the virtual MAC address of Router A, and for responding to packets sent to its own virtual MAC address. Router B will also assume the role of the AVG for the entire GLBP group. 

           Disable: There is no Virtual Ip Address

           Initial: Virtual Ip Address Ok, Config is not yet complete.

           Listen: Transmit to hello packet

           Speak: Try to be active or standby(avg or avf)

           Standby: If there are some problems from active router, it is ready for be active.

           Active: Responding to arp request. 

           GLBP Benefits 

           Load Sharing 

           You can configure GLBP in such a way that traffic from LAN clients can be shared by multiple routers, thereby sharing the traffic load more equitably among available routers. 

           Multiple Virtual Routers 

           GLBP supports up to 1024 virtual routers (GLBP groups) on each physical interface of a router, and up to 4 virtual forwarders per group. 

           Preemption 

           The redundancy scheme of GLBP enables you to preempt an active virtual gateway with a higher priority backup virtual gateway that has become available. Forwarder preemption works in a similar way, except that forwarder preemption uses weighting instead of priority and is enabled by default. 

            Authentication 

            You can use a simple text password authentication scheme between GLBP group members to detect configuration errors. A router within a GLBP group with a different authentication string than other routers will be ignored by other group members. 

            GLBP Gateway Weighting and Tracking

            GLBP uses a weighting scheme to determine the forwarding capacity of each router in the GLBP group. The weighting assigned to a router in the GLBP group determines whether it will forward packets and, if so, the proportion of hosts in the LAN for which it will forward packets. Thresholds can be set to disable forwarding when the weighting falls below a certain value, and when it rises above another threshold, forwarding is automatically reenabled.

            The GLBP group weighting can be automatically adjusted by tracking the state of an interface within the router. If a tracked interface goes down, the GLBP group weighting is reduced by a specified value. Different interfaces can be tracked to decrement the GLBP weighting by varying amounts.

            GLBP Configuration

R1:int f0/0

R1: glbp 123 ip 10.1.1.254

R1: glbp 123 priority 120

R1: glbp 123 preempt

R2: int f0/0

R2: glbp 123 ip 10.1.1.254

R2: glbp 123 priority 110

R2: glbp 123 preempt

R3: int f0/0

R3: glbp 123 ip 10.1.1.254

Verify to GLBP configuration “Show ip glbp brief”

Mac-address assigined by R1

Highest priority select AVG. Default load-balancing Round-Robin.

With round-robin, AVG will reply each ARP request for the GLBP virtual IP with each AVF’s virtual MAC address in turns, so all AVFs will be used equally.

           GLBP Weighted Configuration

Weighted algorithm distribute traffic to each AVF based on the weight value assigned to them. An AVF with bigger weight value will get more traffic redirected to it.

For example, if we assign weight value 1 for R1, 1 for R2, and 2 for R3, then AVG will reply ARP requests for the GLBP virtual IP address using R3’s virtual MAC address two times more often than using R1’s or R2’s. The configuration command for the above example scenario is as follows:

R1: int f0/0

R1: glbp 123 load-balancing weighted

R1: glbp 123 weight 1

R2: int f0/0

R2: glbp 123 load-balancing weighted

R2: glbp 123 weight 1

R3: int f0/0

R3: glbp 123 load-balancing weighted

R3: glbp 123 weight 2

           Host Dependant Algorithm

Host-dependent algorithm guarantees that the same gateway will always be used for a specific client, as long as there is no changes on the AVF number. Under some situations this approach could be the best option, for example in case of stateful NAT.

R1: int f0/0

R1: glbp 123 load-balancing host-dependant

Repeat the same command R2 and R3.

If we try traceroute via Client B or Client C we would probably got different gateway than Client A, but each client will keep redirected using the same gateway until there is a change on AVF number.

Alcatel-Lucent OS6250,OS6350,OS6450,OS6850 And OS6855 AOS Update Methods

!!! Important !!!

Don’t forget to backup the configuration file before updating.

               UPDATE METHODS:

               1 – AOS Update via FTP

               2 – AOS Update via USB

               3 - USB Disaster Recovery Method

               AOS Update via FTP

Steps to Follow :

In order to connect to the Switch via FTP, you need to open the connection to FTP users on the Switch. Make sure the following this command is entered the switch:

               "aaa authentication ftp local"

               "aaa authentication telnet local"

1 – You can create the folder in desktop and add the updating .img file to this folder.

               (KFbase.img, KFeni.img, KFos.img, KFsecu.img)

2 – PC’s command window (Start->Run->cmd) open and enter the folder you created on the desktop folder with the command “cd

               " Example: cd c:/Users/tahir/Desktop/UpdateFolder"

3 – Under this folder "ftp x.x.x.x" enter the command. "x.x.x.x"= Switch ip address

4 – Enter the switch login info.

5 – After the connection "cd /flash/working/" this command to the enter working folder.

6 – We can delete available image file and copy new images. Firstly for this:

               "rm /flash/working/*.img" command we delete files under the working folder

               Enter the “mput” command and the screen will confirm that the image files on your computer. we can accept press enter. And finished copy operation.

7 – After the copy operation switch will start from the working folder. We make it work according to the new image files here. 

      After the device has been restarted, the working folder copies to the certified folder. In this step; we make a sync in two folder.

               "reload working rollback-timeout 0" (Switch will start working file before the restart.)

               "Y" (Accept)

      Switch will be reboot and we connect to telnet.

8 – When the switch is turned on we can connect to telnet and enter this command:

               "copy working certified" (After restarting in this switch copy working to certified.)

9 – Finally; "show system" command we can find out about last version.

              

Should be "6.7.2.113.R05"

Finish the update via FTP.

               AOS Update via USB

Following Steps:

1 – Firstly we can formatting USB flash FAT32 and 8k Cluster. In this step needs; Alcatel switch recognize to USB.

2 – After the formatting; we can create "6450" under the another "certified" folder and we can copy updating image file in this folder. (6450/certified/KFbase.img ... vb.)

3 – After that; We install to usb on this switch and enter the "usb enable" command. After this command if something appears on this switch (Ubulk, mount etc) usb is okey.

4 – After the usb enable;

Under the working folder delete with the command below.

               "rm /flash/working/*.img"

Copy the new image files in your usb to the working folder with the command below.

               "cp /uflash/certified/*.img /flash/working/"

After copying; The switch is reboot starting from the working folder.

               "reload working rollback-timeout 0"

               "Y"

5 - After opening the switch, copy the working folder onto the certified folder to synchronize.

               "copy working certified"

6 – Finally; "show system" command we can find out about last version

Should be "6.7.2.113.R05"

Finish the update via USB

               USB Disaster Recovery Method

In this step flash folder will be deleted, so don’t forget to backup the configuration file before updating and make sure that usb is working.

1 - Firstly we can formatting USB flash FAT32 and 8k Cluster. In this step needs; Alcatel switch recognize to USB.

2 - After the formatting; we can create "6450" under the another "certified" folder and we can copy updating image file in this folder. (6450/certified/KFbase.img ... etc.)

3 – Turn off the switch.

4 – Insert to the USB into the switch.

5 – Connect to the switch with console cable and make ready to emulation program.

6 – When the turn on the switch "auto boot" option will appear. You can press a key within 2 second and run “uboot” mode.

If we can go “uboot” mode consol display it can be appear in this figure " => "

7 – After that we are in this mode enter the following commands and we can go "Miniboot" mode. All operation in this mode.

               "setenv bootflags 0x1000"

               "run miniboot"

8 – When the run Miniboot; display it can be appear in this figure "[Miniboot]->"

9 – We need the format “flash” folder. We will erase everthing inside.

               [Miniboot]->sysNewfs "/flash"

10 – After switch reboot;  Enter the command below to make it work from the Working folder.  

[Miniboot]->setNextRunningVersion 2

11 - Reboot;

               [Miniboot]->reboot

12 - Do not remove the flash memory while rebooting the switch. When to start the reboot switch recognize to the usb and we can run "USB Disaster Recovery" mode. this mode; it will copy the files in memory to the working folder it will create and run it from that folder.

13    Switch will turned on;

               Sync with "copy working certified" command.

14 – Finally; we install the last backup and save the configuration file with; "write memory"

15 - Finally; "show system" command we can find out about last version

               Should be "6.7.2.113.R05"

Finish the update via USB Disaster Recovery