Tuesday, June 16, 2020

Xerox Docuprint 203A with Raspberry Pi CUPS server

How to add Xerox Docuprint 203A to Raspberry Pi CUPS server

Xerox Docuprint 203A is a relatively old printer, in order to use raspberry pi as a print server for it, you need to obtain the right driver for linux arm for it to function properly.

You can never get the linux driver for it, as this is a very old printer, however the brother printer HL-2030 driver is a perfect replacement for it

Download it from here and import the PPD file and it will work magically well.


Thursday, September 14, 2017

Command to Flush DNS Cache in MacOS

sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
say cache flushed

Checkpoint Firewall Ports

Check Point General Common Ports

PORTTYPESERVICE DESCRIPTION
257tcpFireWall-1 log transfer
18208tcpCPRID (SmartUpdate)
18190tcpSmartDashboard to SCS
18191tcpSCS to FW-1 gateway for policy install
18192tcpSCS monitoring of firewalls (SmartView Status)

Check Point SIC Ports

PORTTYPESERVICE DESCRIPTION
18209tcpNGX Gateways <> ICAs (status, issue, or revoke).
18210tcpPulls Certificates from an ICA.
18211tcpUsed by the cpd daemon (on the gateway) to receive Certificates.

PORTTYPESERVICE DESCRIPTION

94TCPEncryption IP protocols fwz_encapsulation (FW1_Eencapsulation)
137BothNetbios-ns NETBIOS Name Service
138Bothnetbios-dgm NETBIOS Datagram
139Bothnetbios-ssn NETBIOS Session
256TCPFW1 (fwd) policy install port FWD_SVC_PORT
257TCPFW1_log FW1_log FWD_LOG_PORT
258TCPFW1_mgmt FWM_SSVVC_PORT
259TCPFW1_clientauth_telnet
260UDPFW1_snmp FWD_SNMP_PORT
261TCPFW1_snauth Session Authentication Daemon
262TCPMDQ – mail dequer
263TCPdbs
264TCPFW1_topop Check Point SecureClient Topology Requests
265TCPFW1_key Check Point VPN-1 Public key transfer protocol

8116UDPCheck Point HA SyncMode= CPHAP (new sync mode)
8116UDPConnection table synchronization between firewalls
8989TCPCPIS Messaging MSG_DEFAULT_PORT
8998TCPMDS_SERVER_PORT
9000Command Line Port for Secure Client
10001TCPDefault CPRSM listener port for coms with RealSecure Console
18181TCPFW1_cvp Check Point OPSEC Content Vectoring Protocol
18182TCPFW1_ufp Check Point OPSEC URL Filtering Protocol
18183TCPFW1_sam Check Point OPSEC Suspicious Activity monitoring Proto (SAM API)
18184TCPFW1_lea Check Point OPSEC Log Export API
18185TCPFW1_omi Check Point OPSEC Objects Management Interface
18186TCPFW1_omi-sic Check Point OPSEC Objects management Interface with Secure Internal Communication
18187TCPFW1_ela Check Point OPSEC Event Loging API
18190TCPCPMI Check Point Management Interface
18191TCPCPD Check Point Daemon Proto NG
18192TCPCPD_amon Check Point Internal Application Monitoring NG
18193TCPFW1_amon Check Point OPSEC Appication Monitoring NG
18201TCPFGD_SVC_PORT
18202TCPCP_rtm Check Point Real time Monitoring
18203TCPFGD_RTMP_PORT
18204TCPCE communication
18205TCPCP_reporting Check Point Reporting Client Protocol
18207TCPFW1_pslogon Check Point Policy Server logon Protocol
18208TCPFW1_CPRID (SmartUpdate) Check Point remote Installation Protocol
18209TCPFWM CA for establishing SIC communication
18210TCPFW1_ica_pull Check Point Internal CA Pull Certificate Service
18211TCPFW1_ica_pull Check Point Internal CA Push Certificate Service
18212UDPConnect Control – Load Agent port
18213TCPcpinp: inp (admin server)
18214TCPcpsmc: SMC
18214UDPcpsmc: SMC Connectionless
18221TCPCP_redundant Check Point Redundant Management Protocol NG
18231TCPFW1_pslogon_NG Check Point NG Policy Server Logon Protocol
18231TCPNG listens on this port by default dtps.exe
18232TCPFW1_sds_logon Check Point SecuRemote Distribution Server Protocol
18233UDPCheck Point SecureClient Verification Keepalive Protocol FW1_scv_keep_alive
18241UDPe2ecp
18262TCPCP_Exnet_PK Check Point Public Key Resolution
18263TCPCP_Exnet_resolve Check Point Extranet remote objects resolution
18264TCPFW1_ica_services Check Point Internal CA Fetch CRL and User Registration Services
19190TCPFW1_netso Check Point OPSEC User Authority Simple Protocol
19191TCPFW1_uaa Check point OPSEC User Authority API
65524FW1_sds_logon_NG Secure Client Distribution Server Protocol (VC and Higher)

Command to check on Checkpoint Bond Interface status

[Expert@fw01:0]# cphaprob -a if

Required interfaces: 3
Required secured interfaces: 1

Mgmt       Disconnected          non sync(non secured), multicast
bond0      UP                    non sync(non secured), broadcast, bond Load Sharing
bond1      UP                    non sync(non secured), broadcast, bond Load Sharing
bond2      UP                    sync(secured), multicast, bond Load Sharing


[Expert@fw01:0]# cphaconf show_bond -a

                                      |Slaves     |Slaves |Slaves
Bond name  |Mode               |State |configured |in use |required
-----------+-------------------+------+-----------+-------+--------
bond0      | Load Sharing      | UP   | 2         | 2     | 1
bond1      | Load Sharing      | UP   | 2         | 2     | 1
bond2      | Load Sharing      | UP   | 1         | 1     | 0

Legend:
-------
UP!               - Bond interface state is UP, yet attention is required
Slaves configured - number of slave interfaces configured on the bond
Slaves in use     - number of operational slaves
Slaves required   - minimal number of operational slaves required for bond to be UP

[Expert@fw01:0]# cphaconf show_bond bond0

Bond name:      bond0
Bond mode:      Load Sharing
Bond status:    UP
Balancing mode: 802.3ad Layer3+4 Load Balancing
Configured slave interfaces: 2
In use slave interfaces:     2
Required slave interfaces:   1

Slave name      | Status          | Link
----------------+-----------------+-------
eth3-03         | Active          | Yes
eth3-01         | Active          | Yes

[Expert@fw01:0]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)

Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 200
Down Delay (ms): 200

802.3ad info
LACP rate: slow
Active Aggregator Info:
        Aggregator ID: 1
        Number of ports: 2
        Actor Key: 33
        Partner Key: 1
        Partner Mac Address: 00:35:1a:d9:33:00

Slave Interface: eth3-03
MII Status: up
Link Failure Count: 1
Permanent HW addr: 00:1c:7f:61:90:50
Aggregator ID: 1

Slave Interface: eth3-01
MII Status: up
Link Failure Count: 1
Permanent HW addr: 00:1c:7f:61:90:4e
Aggregator ID: 1


Sunday, September 25, 2016

Linux command to install software for various Distro

Ubuntu (*buntu, Mint linux)
Apt-get install
apt-get update
apt-get remove
apt-get dist-upgrade
apt-get purge

Fedora/RHEL/CentOS
yum install
yum update
yum remove

Opensuse
yast2 --install
yast2 --remove
zypper update

Freebsd 
pkg_add
pkg_delete


Gentoo

emerge package    # Install
emerge -C package # Remove a package
emerge -s keyword # Search for packages (package names only)
emerge -u package # update the package 


Arch
pacman -U package.pkg.tar.xz # Local package install
pacman -Syy                  # Refresh package databases
pacman -Syu                  # Update installed packages
pacman -S package            # Install package
pacman -R package            # Remove package

Checkpoint Rule Processing Order

Rule Processing Order

The rule base is processed in order. However, other things happen in the security policy besides checking your defined rules. This is the order of operations:
  1. Anti-spoofing checks
  2. Rule base
  3. Network Address Translation
When you take into account the FireWall-1 global properties, you end up with the following order:
  1. Anti-spoofing checks
  2. "First" Implicit Rules
  3. Explicit Rules (except for the final rule)
  4. "Before Last" Implicit Rules
  5. Last Explicit Rule (should be cleanup rule)
  6. "Last" Implicit Rules
  7. Network Address Translation

Wednesday, October 9, 2013

SSH slowness

For those experiencing SSH slowness, you might want to take note of the following:

 If you are getting sluggish response in getting the login prompt, it might be due to the fact the the SSH server is trying to perform a reverse lookout on host your are initiating traffic from. Check to confirm it any firewall rules that might be preventing the ssh host from doing a reverse lookup. That might save you sometime to perform a thorough troubleshooting :)

Alternatively, you can just go to edit the sshd config file as follow:

sudo  vi /etc/ssh/sshd_config

comment out UseDNS  as per follow:

#UseDNS yes

and restart the ssh daemon

sudo service sshd restart

or

sudo systemctl restart sshd.


Happy SSH :)