UK / Europe Highlights and Oktoberfest

This trip pretty much included the highlights of europe and Oktoberfest. Fast paced but managed to see a lot in the time allocated!

Countries Covered (no visa’s required):

• England
• France
• Italy
• Germany
• Switzerland
• Austria
• Croatia
• Slovenia
• Czech Republic
• Netherlands
• Belgium
• Monaco
• Vatican City
• Spain
• Malaysia
• Singapore

Ground work

Itinerary

18 AUG - NEWCASTLE TO SYDNEY to LONDON (Depart SYD 4:40PM - British Airways)
19 AUG - LONDON Arrive 6:35 AM | Accommodation: Friends / Family
20 AUG - LONDON |Accommodation: Friends / Family
21 AUG - LONDON | Accommodation: Friends / Family
22 AUG - LONDON | Accommodation: Friends / Family
23 AUG - LONDON | Accommodation: Friends / Family
24 AUG - LONDON | Accommodation: Friends / Family
25 AUG - LONDON TOP DECK (Depart 7:00am) | Accommodation: Campanile Bagnolet
26 AUG - PARIS - Sight Seeing | Accommodation: Campanile Bagnolet
27 AUG - PARIS TO SWISS ALPS, SWITZERLAND | Accommodation: Hotel Rigi First
28 AUG - SWISS ALPS - Day Trip to Lucerne | Accommodation: Hotel Rigi First
29 AUG - SWISS ALPS TO FRENCH RIVIERA, FRANCE | Accommodation: Kyriad Gare
30 AUG - FRENCH RIVIERA | Accommodation: Kyriad Gare
31 AUG - FRENCH RIVIERA TO FLORENCE, ITALY | Accommodation: Columbus Hotel
01 SEP - FLORENCE TO ROME | Accommodation: Hotel Beethoven
02 SEP - ROME | Accommodation: Hotel Beethoven
03 SEP - ROME TO VENICE | Accommodation: Hotel Centrale
04 SEP - VENICE | Accommodation: Hotel Centrale
05 SEP - VENICE TO PAG ISLAND, CROATIA | Accommodation: Hotel Loza
06 SEP - PAG ISLAND | Accommodation: Hotel Loza
07 SEP - PAG ISLAND TO LJUBLJANA, SLOVENIA | Accommodation: Ljubljana Resort Hotel & Camping
08 SEP - LJUBLJANA TO SALZBURG, AUSTRIA | Accommodation: Hotel Haunsperger hof
09 SEP - SALZBURG TO PRAGUE, CZECH REPUBLIC | Accommodation: Hotel ILF
10 SEP - PRAGUE | Accommodation: Hotel ILF
11 SEP - PRAGUE TO BERLIN, GERMANY | Accommodation: Hotel Aurum
12 SEP - BERLIN | Accommodation: Hotel Aurum
13 SEP - BERLIN TO AMSTERDAM, NETHERLANDS | Accommodation: Amstel Botel
14 SEP - AMSTERDAM | Accommodation: Amstel Botel
15 SEP - AMSTERDAM TO LONDON, ENGLAND (Arrive 9:00pm)
16 SEP - LONDON | Accommodation: Best Western Mornington
17 SEP - LONDON | Accommodation: Best Western Mornington
18 SEP - LONDON to MUNICH, GERMANY (Depart 1:15PM)| Accommodation: Friends / Family
19 SEP - MUNICH, GERMANY | Accommodation: Friends / Family
20 SEP - MUNICH OKTOBERFEST | Accommodation: Friends / Family
21 SEP - MUNICH OKTOBERFEST | Accommodation: Friends / Family
22 SEP - REGENSBURG | Accommodation: Friends / Family
23 SEP - REGENSBURG | Accommodation: Friends / Family
24 SEP - REGENSBURG TO DUSSELDORF, GERMANY | Accommodation: Friends / Family
25 SEP - DUSSELDORF / COLOGNE | Accommodation: Friends / Family
26 SEP - DUSSELDORF TO BARCELONA, SPAIN (Depart 3:15PM)| Accommodation: Yellow Nest Hostel
27 SEP - BARCELONA | Accommodation: Yellow Nest Hostel
28 SEP - BARCELONA | Accommodation: Yellow Nest Hostel
29 SEP - BARCELONA | Accommodation: Friends / Family
30 SEP - BARCELONA TO LONDON, ENGLAND (Depart 1:50PM)| Accommodation: Central Park Hotel
01 OCT - LONDON to KENT, ENGLAND | Accommodation: Friends / Family
02 OCT - KENT / BRIGHTON | Accommodation: Friends / Family
03 OCT - LONDON TO SINGAPORE TO KLANG, MALAYSIA (Depart LON 8:30PM) | Accommodation: Friends / Family
04 OCT - KLANG | Accommodation: Friends / Family
05 OCT - KLANG | Accommodation: Friends / Family
06 OCT - KLANG | Accommodation: Friends / Family
07 OCT - KLANG TO SINGAPORE TO SYDNEY, AUSTRALIA  (Depart SIN 7:50PM)
08 OCT - SYDNEY TO NEWCASTLE, AUSTRALIA  - 6:10 AM

Flights

I flew between Australia and England using British Airways booked through Jetabroad. No major reason for flying British Airways except they transited via Singapore on the way home which made it easier for a stop over in Malaysia and they had a special on at the time. I used the following sites when hunting for cheap flights, also when booking check the flight time since it can vary a lot!

http://www.jetabroad.com.au/
http://www.webjet.com.au/flights/london/
http://www.farecompare.com

I would also recommend making a stopover on the way back since going over your all excited for holidaying, but on the way back who wants to go back to work! Plus it helps re-adjust to the time zone.

For interconnecting flights within europe I used the following sites:

http://www.ryanair.com
http://www.easyjet.com
http://www.cheapflights.co.uk
http://www.opodo.co.uk
http://www.ebookers.com/

When flying in and out of London to europe, its heaps cheaper to fly from Stansted Airport or Gatwick Airport. You cannot catch the tube to these airports like Heathrow however there are trains which take about 30 ~ 1 hour to or from London. NOTE these trains usually stop running at about 12am

Gatwick Express: Arrives / Departs:  London Victoria train station – Cost £16

Stansted Express: Arrives / Departs:  London Liverpool Street train station – Cost £21 (Free wi-fi)

Tours

2 companies which are pretty good for traveling, sightseeing and partying are TOP DECK and CONTIKI they both pretty much do the exact same sights but small differences in places to stay and cities visited. I chose Top Deck Europe Uncovered this time round since it left at the right time and did Berlin instead of Munich since I knew I was going to visit that city for Oktoberfest! Usually these companies will do discounts on their trips so keep an eye out on their websites!

Also Top Deck seems a bit more chilled with maybe less people on the bus and an older crowd (mid to late 20s). Contiki has more people on the bus and maybe younger people keen to get loose every night, just depends on what your after!

Oktoberfest

Most people think you need to buy a ticket or book a table at Oktoberfest which is not the case. Booking a table in one of the beer halls would be great however i believe you need to do this 1 year in advance. The best way to do it is as follows:

• Go during a weekday, there is heaps of people on a weekday and I would hate to think what it is like on the weekend!
• Getting to and from is best done via U-Bahn (Train). The stop to get off at is Theresienwiese
• Get there early or around lunch time. Usually you can get a table inside the beer hall up until 5pm. At this time tables are cleared for people with bookings.
• Try and get a table just outside the beer halls at 5pm or just before. This is the best option for eating dinner since you can get hendl (Roast chicken) or haxen (Pork Knuckle) after dinner you can choose to keep drinking or ride some rides!
• The festival usually wraps up about 11pm at night.

Accommodation

When accommodation wasn’t taken care of by top deck or I was not staying with family and friends, the following websites were used to assist with accommodation booking:

http://www.hostelbookers.com/
http://www.booking.com/

The following accommodation was chosen for each city.

London (Bayswater area was nice!)

Best Western Mornington - 2 Nights
Very nice hotel close to where top deck does pickup and drop off. Also has a laundry mat in the next street across and free WI-FI though a bit more expensive.

Central Park Hotel - 1 Night
Closer yet to Bayswater / Queensway tube station than Best Western though not as nice and no free internet, flip side is its a lot cheaper!

Barcelona

Yellow Nest Hostel - 3 Nights
Easily the sickest hostel I have stayed in not sure what it was about it but was easy to meet people. Stayed in a 12 room mixed dorm, had a games room and organised dinners / pub crawls which was sweet! Clean and nice!

On the ground

$$$$$

As always i find the best way to manage money in another country is just by working out the currency difference from a currency exchange and withdrawing it using a visa card from an ATM, you do end up paying a cash fee but the convenience is soo good!

I met a few people using this credit card which had no fees! Sounded too good to be true so i did some research. Turns out it does exist, only downside is that it charges interest from the day of withdrawal

http://www.28degreescard.com.au

Getting around

Getting around in London the only way is the tube! Top Deck handled pretty much all of the other interconnecting travel however knowing each cities public transport system is handy see below for each cities transport map!

• London
• Paris
• Rome
• Prague
• Berlin
• Barcelona

Beware!!

Out of all the places I have been, Europe (Especially Paris and Barcelona) seems to have the most scams and con artists! If there is anywhere you need to be more vigilant in looking after your stuff its here! Two chicks and myself had issues with pick pockets. If you are careful (keep your wallet in your front pocket / have a money belt) you should be OK. Best advice is don’t carry any more money then you are willing to loose!!

Young, frequently attractive women coming up to tourists with pledge sheets. They pretend to be deaf people collecting money for one charity or another. These scammers frequent tourist areas and are generally harmless. If you simply ignore them they will leave you alone. I was walking down the street next to a few of these girls then suddenly they start talking to each other! Talk about dodgy, if you want to give to charity then give to a registered one!

Beware of touristy areas where there are gambling stands with people playing. The guys standing and playing are accomplices of the person manning the booth. They usually play with 3 black rubber coins to guess the one with a white piece of paper stuck underneath. They will time it to catch your attention as your walking past. You can never win at that as they switch hands and do not let you open it yourself, also while the person manning the booth talks the guys “watching” can switch the coins. They usually operate in crowded places, don’t be fooled!

Another thing to be wary of is people asking where do you come from with strings in their hand. They will make small talk with you while tying a friendship band around your finger. After that they will demand money from you.

The subway is a hotbed for pickpocketing activity, which can range from simple opportunistic thefts to coordinated attacks. Be especially wary on the subway platforms at Sants train station (Barcelona) going to the airport. A group of men / man will start to board the train and stand in the door way while you attempt to enter a subway car. They may ask you questions to distract you like “Does this train go to the airport” or “how many stops until the airport”. These men / man may not look like your stereotypical pick pocket, again don’t carry more than your willing to loose or keep your wallet in hard to reach places.

Once they take stuff, they quickly return to the platform and walk off calmly while you are trapped in the departing subway as they make sure they exit just before the doors cannot be reopened. Violence in these situations is rare, and in most cases the goal of the thieves is to rob you undetected.

Cost

Travel Insurance = $243.00AUD (TID - 10% DISCOUNT CODES: SPRING2011 WINTER2011 TIDTHANKS)
Flights to/from Australia = $2182.44AUD (Jetabroad)
Connecting flights = $831.30AUD (Lufthansa | Air Berlin| Easy Jet | Air Asia )
Accommodation = $782AUD (all places listed above)
Tours =  $3843AUD ($3736 Topdeck + $107 Sightseeing Tours London)

Food

Pretty much the same price as Australia if you don’t convert it. For example mac donalds costs about $10 and eating in a restaurant could be between $15 ~ $40 beers are about $5 however you need to budget in the currency of the country you are going to.

Misc

Cappuccino (Paris) = 5.20€
Heineken Brewery (Amsterdam) = 16€
Rome Metro ticket = 1€
Barcelona T-10 (10 trips) = 8.25€
Return train trip to Cannes from Nice (France) = 12€
6 x Escargot (Paris - Restaurant) = 7€
Coke a Cola (Paris - Restaurant) = 4€
Steak and Chip (Paris - Restaurant) = 13.50€
Gin + Tonic (Barcelona – Club) = 10€
Oktoberfest Stein of beer = 10€
Oktoberfest Roast chicken (Hendl) = 10€
Oktoberfest Pork Knuckle = 10€

APPROX TOTAL PRICE = $7882 + spending money ($5000 for food, partying and random expenses).

Final words.

Europe is pretty much where modern civilization began! There is more history than you can poke a stick at! From Ancient Greece to the Roman Empire, Renaissance, French Revolution, Industrial Revolution, World War I and II, Cold War and the Iron Curtain.

Not only will historical events keep you thinking but the architecture and cultural history will enlighten. Definitely a must do at some point in your life.

openvas 4 how to setup guide

Yet another how to guide to hopefully save people some time when setting up openvas4

For this guide i have installed and configured openvas4 running on centos 5.2

Installation

download and install centos which can be found here(i used centos 5.2) once installed setup your yum repositories for openvas4

[root@localhost ~]#wget -q -O - http://www.atomicorp.com/installers/atomic | sh

[root@localhost ~]#yum update

[root@localhost ~]#yum upgrade

[root@localhost ~]# yum search openvas
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * atomic: www6.atomicorp.com
 * base: mirror.optus.net
 * extras: mirror.optus.net
 * updates: mirror.optus.net
=============================== Matched: openvas ===============================
greenbone-security-assistant.i386 : GSA
openvas.noarch : The Open Vulnerability Assessment (OpenVAS) suite
openvas-administrator.i386 : The Open Vulnerability Assessment (OpenVAS)
                           : Administrator
openvas-cli.i386 : The Open Vulnerability Assessment (OpenVAS) CLI
openvas-glib2.i386 : A library of handy utility functions
openvas-glib2-devel.i386 : The GIMP ToolKit (GTK+) and GIMP Drawing Kit (GDK)
                         : support library
openvas-libraries.i386 : Support libraries for Open Vulnerability Assessment
                       : (OpenVAS) Server
openvas-libraries-devel.i386 : Development files for openvas-libraries
openvas-manager.i386 : The Open Vulnerability Assessment (OpenVAS) Manager
openvas-scanner.i386 : The Open Vulnerability Assessment (OpenVAS) Server
[root@localhost ~]#

install openvas4

[root@localhost ~]# yum install openvas
 [root@localhost ~]# yum install openvas-administrator

[root@localhost ~]# /etc/init.d/openvas-scanner status
 openvassd (pid 5796) is running...
 [root@localhost ~]# /etc/init.d/openvas-manager status
 -l (pid 4550) is running...
 [root@localhost ~]# /etc/init.d/openvas-administrator status
 -l (pid 4931) is running...
 [root@localhost ~]# /etc/init.d/gsad status
 gsad (pid 4587) is running...
 [root@localhost ~]#

Configure Openvas4

Once you have openvas4 installed and running its time to configure. Start off by creating an user which is used to access the web interface

[root@localhost ~]# openvas-adduser
Using /var/tmp as a temporary file holder.

Add a new openvassd user
---------------------------------
Login : openvas
Authentication (pass/cert) [pass] :
Login password :
Login password (again) : 

User rules
---------------
openvassd has a rules system which allows you to restrict the hosts that openva has the right to test.
For instance, you may want him to be able to scan his own host only.

Please see the openvas-adduser(8) man page for the rules syntax.

Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)

Login             : openvas
Password          : ***********

Rules             : 

Is that ok? (y/n) [y] y
user added.
[root@localhost ~]#

I had to elevate the users privileges to be able to login and use the web interface (Greenbone security assistant)

[root@localhost ~]# openvasad --enable-modify-settings -c set_role -u openvas -r Admin
ad   main:MESSAGE:2684:2011-06-30 10h28.20 EST: The role of user openvas has been successfully changed.
[root@localhost ~]#

Update your signatures to ensure you have all the latest vulnerability tests

[root@localhost auth]# openvas-nvt-sync
[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'.
[i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'.
[i] NVT dir: /var/lib/openvas/plugins
[i] Will use rsync
[i] Using rsync: /usr/bin/rsync
[i] Configured NVT rsync feed: rsync://feed.openvas.org:/nvt-feed
OpenVAS feed server - http://openvas.org/
This service is hosted by Intevation GmbH - http://intevation.de/
All transactions are logged.
Please report problems to [email protected]

receiving file list ...
43805 files to consider
./

sent 43 bytes  received 742045 bytes  87304.47 bytes/sec
total size is 96498257  speedup is 130.04
[i] Checking dir: ok
[i] Checking MD5 checksum: ok

[root@localhost ~]# /etc/init.d/openvas-scanner restart

Add the following to cron if you would like your signatures automatically updated

#update signatures on the 27th of each month at 1am
#crontab -e
0 1 27 * *	/usr/sbin/openvas-nvt-sync-cron

Using Openvas4

Once all the above is done you can setup a scan by doing the following:

browse to the openvas4 web interface on: https://localhost:9392 and log in with your credentials you created above.

Once logged in create a new target by selecting targets from the left hand menu. Fill in appropriate details (you can also use /subnet masks on the end of the network) and create target

Once you have created your new task you can launch the scan manually by clicking on the little play icon. This will launch the scan of the target machine. You can also see the progress of this scan with the progress bar

You can also create a scan schedule which will automatically kick off your scan at the specific time / interval. To setup a schedule select schedules from the left hand menu, fill in the appropriate details and frequency then select create schedule.

To add your schedule to a task, select Tasks from the left hand menu then click on the little spanner icon to edit your task.

Change the schedule drop down to your newly created scheduled time / frequency and save task.

You can now see you cannot manually run your task, a clock icon has replaced the play button which will start your task at the specified time.

Troubleshooting

NIKTO

I had issues with nikto when scanning saying: “Could not find a valid nikto config file” so i had to create the following configuration

/etc/nikto.conf

#########################################################################################################
# CONFIG STUFF
# $Id: config.txt 94 2009-01-21 22:47:25Z deity $
#########################################################################################################

# default command line options, can't be an option that requires a value.  used for ALL runs.
# CLIOPTS=-g -a

# ports never to scan
SKIPPORTS=21 111

# User-Agent variables:
 # @VERSION     - Nikto version
 # @TESTID      - Test identifier
 # @EVASIONS    - List of active evasions
USERAGENT=Mozilla/5.00 (Nikto/@VERSION) (Evasions:@EVASIONS) (Test:@TESTID)

# RFI URL. This remote file should return a phpinfo call, for example: <?php phpinfo(); ?>
# You may use the one below, if you like.
RFIURL=http://cirt.net/rfiinc.txt?

# IDs never to alert on (Note: this only works for IDs loaded from db_tests)
#SKIPIDS=

# if Nikto is having difficulty finding the 'plugins', set the full install path here
EXECDIR=/usr/share/nikto

# The DTD
NIKTODTD=docs/nikto.dtd

# the default HTTP version to try... can/will be changed as necessary
DEFAULTHTTPVER=1.0

# Nikto can submit updated version strings to CIRT.net. It won't do this w/o permission. You should
# send updates because it makes the data better for everyone    *NO* server specific information
# such as IP or name is sent, just the relevant version information.
# UPDATES=yes   - ask before each submission if it should send
# UPDATES=no    - don't ask, don't send
# UPDATES=auto  - automatically attempt submission *without prompting*
UPDATES=yes

# Warning if MAX_WARN OK or MOVED responses are retrieved
MAX_WARN=20

# Prompt... if set to 'no' you'll never be asked for anything. Good for automation.
#PROMPTS=no

# cirt.net : set the IP so that updates can work without name resolution -- just in case
CIRT=174.142.17.165

# Proxy settings -- still must be enabled by -useproxy
#PROXYHOST=127.0.0.1
#PROXYPORT=8080
#PROXYUSER=proxyuserid
#PROXYPASS=proxypassword

# Cookies: send cookies with all requests
# Multiple can be set by separating with a semi-colon, e.g.:
# "cookie1"="cookie value";"cookie2"="cookie val"
#STATIC-COOKIE=

# The below allows you to vary which HTTP methods are used to check whether an HTTP(s) server
# is running. Some web servers, such as the autopsy web server do not implement the HEAD method
CHECKMETHODS=HEAD GET

# If you want to specify the location of any of the files, specify them here
# EXECDIR=/opt/nikto
# PLUGINDIR=/opt/nikto/plugins
# TEMPLATEDIR=/opt/nikto/templates
# DOCDIR=/opt/nikto/docs

# Default plugin macros
@@MUTATE=dictionary;subdomain
@@DEFAULT=@@ALL;-@@MUTATE;tests(report:500)

#Choose SSL libs
# Options:
# SSLeay        - use Net::SSLeay
# SSL           - use Net::SSL
# auto          - automatically choose whats available
#                 (SSLeay wins if both are available)
LW_SSL_ENGINE=auto

The following was needed to update nikto

[root@localhost nikto]# mkdir docs

[root@localhost nikto]# touch docs/CHANGES.txt
[root@localhost nikto]# nikto.pl -update

UNIX sudo guide for setting up restricted access for user accounts

another thing i was looking to setup quickly but couldn’t find anyone else with examples on the web was restricted sudo access. The below links are good examples of sudo however don’t seem to think about the implications of allowing users to have access to the passwd command. If your wondering what sudo is click here!

http://www.gratisoft.us/sudo/sample.sudoers

http://benaiah41.wordpress.com/2008/08/15/37/

Most people who know sudo know the usual ALL=(ALL) ALL in the sudoers file. Its actually possible to give restricted sudo access to commands based on user / group / server information. I have implemented it specifically for a technical ops kind of role which enables them to do basic tasks but does not give them full system access. The below implementation was done using ixSudo (A.16.00-1.7.4p6.001) on HPUXv3 however this should work on most sudo implementations. If anyone knows what versions it does / doesn’t work on feel free to contact me on your experiences!

Step 1. Install Sudo

To install sudo on HPUX:

• download the sudo package from http://software.hp.com
• swinstall -s /pathtodepot/sudodepot.depot

User_Alias    TECHOP = user1, user2, user3, user4, leea

Cmnd_Alias     PRINTING = /usr/bin/cancel, /usr/bin/enable, /usr/bin/disable,\
/usr/sbin/lpmove, /usr/sbin/accept, /usr/sbin/lpsched, /usr/sbin/lpshut

Cmnd_Alias     USERS = /usr/lbin/modprpw -k *, /usr/bin/passwd [A-z]*, !/usr/bin/passwd root

Cmnd_Alias     TECHOP_CMD = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root,\
/usr/bin/crontab -l *, /usr/lbin/modprpw -x *,\
/usr/sbin/fuser, !/usr/sbin/fuser -k *,\
/usr/bin/find, !/usr/bin/find * -ok *, !/usr/bin/find * -exec *,\
!/usr/bin/find * -cpio *, !/usr/bin/find * -ncpio *,\
/usr/bin/file, /usr/bin/ls, /usr/bin/du -ks *, /opt/OV/bin/OpC/opcagt

root ALL=(ALL) ALL
TECHOP ALL=(root) NOPASSWD: /usr/bin/sudo -l
TECHOP ALL = (root) TECHOP_CMD,PRINTING, USERS

hpuxserver:/home/leea# sudo -l
User leea may run the following commands on this host:
    (root) NOPASSWD: /usr/bin/sudo -l
    (root) /usr/bin/passwd [A-z]*, !/usr/bin/passwd root, /usr/bin/crontab -l
    *, /usr/lbin/modprpw -x *, /usr/sbin/fuser, !/usr/sbin/fuser -k *,
    /usr/bin/find, !/usr/bin/find * -ok *, !/usr/bin/find * -exec *,
    !/usr/bin/find * -cpio *, !/usr/bin/find * -ncpio *, /usr/bin/file,
    /usr/bin/ls, /usr/bin/du -ks *, /opt/OV/bin/OpC/opcagt, (root)
    /usr/bin/cancel, /usr/bin/enable, /usr/bin/disable, /usr/sbin/lpmove,
    /usr/sbin/accept, /usr/sbin/lpsched, /usr/sbin/lpshut, (root)
    /usr/lbin/modprpw -k *, /usr/bin/passwd [A-z]*, !/usr/bin/passwd root

hpuxserver:/home/leea# find /opt/ -mtime -1
/opt/hpsmh/data/htdocs/navfile.htm
find: cannot open /opt/hpsmh/tomcat/conf20
find: cannot open /opt/hpsmh/tomcat/conf22
find: cannot open /opt/hpsmh/tomcat/work
/opt/hpsmh/conf22/php.ini
/opt/hpsmh/conf22/mod_proxy.conf
/opt/hpsmh/conf22/smhpd.conf
/opt/hpsmh/conf22/hmmolist.map
find: cannot open /opt/sfm/bin
/opt/hpws22/apache/logs
find: cannot open /opt/hpws22/webmin/conf
find: cannot open /opt/hpws22/webmin/logs
find: cannot open /opt/hpws22/webmin/newconfig/opt
/opt/fcms/debug
find: cannot search /opt/ssh/src
find: cannot open /opt/uxprov/bin
find: cannot open /opt/swa/mx
find: cannot open /opt/swa/mxhelp
find: cannot open /opt/hpwebadmin
/opt/hpservices/cfg
/opt/hpservices/cfg/cfg2html.sh.out
/opt/hpservices/cfg/hpuxserver.html
/opt/iexpress/sudo/etc/sudoers
hpuxserver:/home/leea#

hpuxserver:/home/leea# sudo find /opt/ -mtime -1
sudo: /var/adm owned by uid 4, should be uid 0

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:
Last successful login:       Tue Jul 12 15:52:30 EST 2011
Last authentication failure: Mon Jul 11 11:40:48 EST 2011 10.10.10.10
/opt/hpsmh/data/htdocs/navfile.htm
/opt/hpsmh/conf22/php.ini
/opt/hpsmh/conf22/mod_proxy.conf
/opt/hpsmh/conf22/smhpd.conf
/opt/hpsmh/conf22/hmmolist.map
/opt/hpws22/apache/logs
/opt/fcms/debug
/opt/hpservices/cfg
/opt/hpservices/cfg/cfg2html.sh.out
/opt/hpservices/cfg/hpuxserver.html
/opt/iexpress/sudo/etc/sudoers
hpuxserver:/home/leea#

Dr Dre – The Next Episode [Jay Robinson ND 140 - 110 Transition Refix]

New Voodoo People Dubstep Mix

New Bonkers dubstep transition mix

Just created a new Dubstep transition mix for mixing out of dubstep back into house

snowboarding NZ

Besides winnebagos, hedges and sheep New Zealand has some really cool places to snowboard. As doing this trip for the second time round i think i have nearly perfected the NZ snow trip.

We had 3 people on the first trip (2008) and 6 people on this one. The saying is true “the more the merrier” however you may struggle to get everyone doing the same thing or up the mountain together.

ground work.

Itinerary

Fri 13th – Sydney – Christchurch (19:50 – 0:50AM JQ 151)
Sat 14th – christchurch – pick up snow hire / town
Sun 15th – Christchurch to Wanaka
Mon 16th – wanaka : cardrona (snow park)
Tue 17th – wanaka : treble cone (snow park)
Wed 18th – wanaka : treble cone (snow park)
Thu 19th – queenstown : the remarkables (snow park)
Fri 20th – queenstown : coronet peak (snow park)
Sat 21st – queenstown : the remarkables (snow park)
Sun 22nd – queenstown – christchurch / drop off snow hire
Mon 23rd – Christchurch – Wellington (14:45 – 15:35 JQ 268)
Tue 24th – wellington – rotorua (via Lake Taupo)
Wed 25th – rotorua – auckland
Thu 26th – auckland
Fri 27th – auckland
Sat 28th – Auckland – Sydney (15:25 – 17:05 JQ 204)

View larger map

Car rental

Getting to and from the airport we used a hire a car from Hertz and Avis. In New Zealand we drove from Christchurch to Wanaka then to Queenstown using the ski package with Hertz which gives you one free lift pass per each day you hire the car. sweet as bro.

If you can try and get the AWD package, when we hired we missed out cause we left it too late to book, this will ensure you don’t need to put on chains when driving up the mountains on icy days.

Flights

We flew between Australia and New Zealand using jetstar

Accommodation

wotif was used to book the accommodation in NZ and all places were pretty good except in auckland where we got a futon for one of the beds which was also the lounge to watch TV. either book a bed for everyone in multiple rooms or be prepared to “take one for the team” every now and then (looking back, we did get some funny stories because of it!)

also if you are to use wotif they only release accommodation so many weeks in advance so do your research and get in when the rooms become available to avoid disappointment.

The following accommodation was chosen for each city.

Christchurch YHA
Was pretty happy with the YHA. Good location good facilities would book there again.

Brookvale Motel
would also book here again, walking distance from everything in Wanaka, nice rooms etc. Only thing was internet and the hot tub had to be paid for.

Coronet View Deluxe B&B and Apartments
reasonably close to central queenstown, would consider going back there if it was booked under someone else’s name (“,)

Quest Atrium (Penthouse)
nice hotel and good facilities however just a bit far out of town. I would look at booking something walking distance from cuba street next time.

Utuhina Hot Springs Lodge
considering the city smells like rotten eggs this place was OK if you like sleeping at your grandmas house. there could be some better places to stay but it had all of the things you need.

Bianco off Queen
staff here was not as friendly as other places stayed and it was such an effort to get a mattress instead of the futon since they are rented out furnished apartments, probably would look at booking somewhere else next time.

on the ground.

$$$$$

As always i find the best way to manage money in another country is just by working out the currency difference from a currency exchange and withdrawing it using a visa card from an ATM, you do end up paying a cash fee but the convenience is soo good!

Getting around

Since we had a hire car for the entire trip getting around was easy. I would recommend it since you get to see a lot more of NZ then if you had to rely on public transport or other people.

Snowboard hire

After checking out a few places to hire snow gear in Christchurch we ended up getting it from mcewings. I would recommend going straight here since they seem to have the latest gear and pretty much brand new! All the other places to be honest were quite rubbish.

Things to see and do

Below is a list of things that we did or would have liked to do, there could be better stuff to do at each place but this gives you an idea.

Christchurch

We found there wasn’t much to do in Christchurch for sight seeing (probably more so now since the earthquake) but the nightlife was pretty sweet. If your going out to party check out SOL Square

Wanaka

• Treblecone ski resort
• Cardrona ski resort

Queenstown

• The Remarkables ski resort
• Coronet peak ski resort
• shot-over jet
• sky diving
• bungee jumping

Wellington

Wellington was a nice city (i would say it is like Melbourne or San Francisco) we were only there for 1 night and it was a Monday so i could not really say what there was to see or do.

Rotorua

• Wai-O-tapu Geothermal wonderland
• Zorbing
• Maori Cultural Performance
• sky diving
• Waitomo caves

Auckland

Auckland is yet another large city (similar to Sydney) there is a few things recommend such as the sky jump or sky walk.

Cost

Note the below prices were split between 6 people but is calculated per person.

Flights to/from Australia = $289AUD (Jetstar)
Connecting flights = $40AUD (Jetstar)
Accommodation = $661AUD (all places listed above)
Car Hire =  $513AUD (including 3 lift passes for the snow fields) + Fuel (Hertz)

Food

Pretty much the same price as Australia. Food on the ski mountains is quite expensive, I would recommend going to a supermarket and buying nut bars or something to snack on while your up there.

Snowboarding

Snowboard and boots hire for 9 days: $177 NZ
Mountain pass for Treblecone: $ 91 NZ
Mountain pass for Remarkables: $89 NZ
Mountain pass for Cardrona: $89 NZ
Mountain pass for Coronet Peak: $$95 NZ

Misc

Zorbing (3 rides): $96 NZ
Thermal park: $30 NZ
Maori dinner + show: $100 NZ

APPROX TOTAL PRICE = 2 Aussie G’s ($2000) + spending money ($1000 for food, partying and random expenses).

Final words.

If you’re keen to do a snow trip which is close to OZ but still feels like a holiday i would recommend NZ for sure. I would probably skip driving from Wellington to Rotorua if i went again since it was alot of driving for seeing not a lot. Time frame was definitely squeezed, if your after a slower paced one maybe double the time, fly or skip parts. All in all definitely a memorable holiday! Click the below link for pictures from the holiday!

facebook event for the trip

DJ ND – Funky Sounds Mix Tape (AUG 2010)

Bit of a funky treat for some afternoon chill-out sessions or something a bit lazy with a Mighty Boosh spin! enjoy!

Download Link: here or here

Tracklisting

how to configure Microsoft Network Policy Server with Cisco router using RADIUS

I couldn’t find anyone who has done this previously on the internet so i decided to write my own guide to hopefully save someone else some time and effort. I did however find a few pages which helped in the process of setting this up which are listed below.

http://www.windowsnetworking.com/articles_tutorials/Understanding-new-Windows-Server-2008-Network-Policy-Server.html

http://www.bunkerhollow.com/blogs/matt/archive/2008/06/04/configuring-server-2008-for-radius-authentication.aspx

Before you begin.

OK so assuming you already have Microsoft Network Policy Server installed on a Win2k8 server and your Cisco device up and running and ready to be configured for AAA (RADIUS authentication) the following steps will guide you though setting up both devices to talk to each other.

I have modified some of public IP addresses in this guide for security reasons

Configuring Cisco Router.

The below is the required configuration on your Cisco device to enable RADIUS authentication. 172.27.109.245 is the IP address of the Network Policy Server. You can set your radius-server key using #radius-server key 0 <TYPE YOUR PASSWORD>

#aaa authentication login userauthen group radius local

#radius-server host 172.27.109.245 auth-port 1645 acct-port 1646

#radius-server key 7 <ENCRYPTED PASSWORD>

#aaa authentication login userauthen group radius localradius-server host 172.27.109.245 auth-port 1645 acct-port 1646radius-server key 7 <ENCRYPTED PASSWORD>

Configuring NPS.

To configure Microsoft Network Policy Server open up NPS (Administrative Tools –> NPS)Right Click RADIUS Clients and Select “New”

Enter your Cisco router details. Address is the IP address of your Cisco Router. Shared Secret is the same key used in #radius-server key 0 <TYPE YOUR PASSWORD>

Keep all the defaults on the Advanced tab.

[/lnfenix]

Create a new  Connection Request Policy (Right click New)
[lbfenix img="http://www.andrewjameslee.com/wp-content/uploads/2010/08/NPS_networkpolicy.png"]

Configure you Policy name and set the type of network access server to “Unspecified”

Set your conditions to be NAS IPv4 Address where the address is the IP of your Cisco Router (this means NPS will only allow connection requests from the values in the conditions)

Keep all settings as default

Create a Network Policy which will permit users in a specific windows group to be allowed to authenticate via RADIUS

Set the Type of network access server to be “Unspecified”

Set your conditions to be a Windows Group where the Windows group is the group of users you wish to permit authentication against RADIUS

Set the Constraints to use only the less secure method of “Unencrypted authentication (PAP,SPAP)”

This authenticated method is definitely less secure than what else is available. You should only allow this kind of authentication to traverse a private network segment. I know some people maybe thinking “I want my authentication requests sent across the wire in a more secure fashion? ~ this was the only way i could get NPS to authenticate RADIUS requests. If this method does not meet your security requirements you may need to look at an alternate method)

Keep all settings to be the defaults

Thats pretty much it! I have also included a grab of a user in Active Directory which has their account setup correctly.

A couple of things to note is on the “Dial-in” tab make sure that the radio button is on “Control access through NPS Network Policy” and you have registered your NPS in active directory (from NPS right click NPS (LOCAL) –> Register server in Active Directory)

Troubleshooting.

Cisco Router

Enable Debugging on your Cisco router and turn logging onto your terminal

#debug aaa authentication

#debug radius

#term mon (#no term mon ~ to turn off)

The below is an output of a successful authentication request to Microsoft NPS

002958: Jul 28 15:48:11.440 AEST: AAA/AUTHEN/LOGIN (00000058): Pick method list 'userauthen'

002959: Jul 28 15:48:11.440 AEST: RADIUS/ENCODE(00000058):Orig. component type = VPN_IPSEC
002960: Jul 28 15:48:11.440 AEST: RADIUS:  AAA Unsupported Attr: interface         [158] 13
002961: Jul 28 15:48:11.440 AEST: RADIUS:   31 36 35 2E 32 32 38 2E 32 30 2E                 [165.228.20.]
002962: Jul 28 15:48:11.444 AEST: RADIUS/ENCODE(00000058): dropping service type, "radius-server attribute 6 on-for-login-auth" is off
002963: Jul 28 15:48:11.444 AEST: RADIUS(00000058): Config NAS IP: 0.0.0.0
002964: Jul 28 15:48:11.444 AEST: RADIUS/ENCODE(00000058): acct_session_id: 84
002965: Jul 28 15:48:11.444 AEST: RADIUS(00000058): sending
002966: Jul 28 15:48:11.444 AEST: RADIUS/ENCODE: Best Local IP-Address 172.27.109.253 for Radius-Server 172.27.109.245
002967: Jul 28 15:48:11.444 AEST: RADIUS(00000058): Send Access-Request to 172.27.109.245:1645 id 1645/63, len 99
002968: Jul 28 15:48:11.444 AEST: RADIUS:  authenticator 70 A4 A4 25 56 F0 3A 08 - E8 29 C9 07 9F 4A ED F6
002969: Jul 28 15:48:11.444 AEST: RADIUS:  User-Name           [1]   12  "admin"
002970: Jul 28 15:48:11.444 AEST: RADIUS:  User-Password       [2]   18  *
002971: Jul 28 15:48:11.444 AEST: RADIUS:  Calling-Station-Id  [31]  16  "CISCO VPN CLIENT PUBLIC IP ADDRESS"
002972: Jul 28 15:48:11.444 AEST: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
002973: Jul 28 15:48:11.444 AEST: RADIUS:  NAS-Port            [5]   6   0
002974: Jul 28 15:48:11.444 AEST: RADIUS:  NAS-Port-Id         [87]  15  "PUBLIC IP ADDRESS OF CISCO ROUTER"
002975: Jul 28 15:48:11.444 AEST: RADIUS:  NAS-IP-Address      [4]   6   172.27.109.253
002976: Jul 28 15:48:11.452 AEST: RADIUS: Received from id 1645/63 172.27.109.245:1645, Access-Accept, len 102
002977: Jul 28 15:48:11.452 AEST: RADIUS:  authenticator 6B F9 1F 36 C1 C8 8A B8 - EA 53 75 3B 40 C9 6F B2
002978: Jul 28 15:48:11.452 AEST: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
002979: Jul 28 15:48:11.452 AEST: RADIUS:  Service-Type        [6]   6   Framed                    [2]
002980: Jul 28 15:48:11.452 AEST: RADIUS:  Class               [25]  46
002981: Jul 28 15:48:11.452 AEST: RADIUS:   D5 70 0A C8 00 00 01 37 00 01 02 00 AC 1B 6D F5  [?p?????7??????m?]
002982: Jul 28 15:48:11.452 AEST: RADIUS:   00 00 00 00 C8 EE 6F C3 4D B6 14 82 01 CB 2E 14  [??????o?M?????.?]
002983: Jul 28 15:48:11.452 AEST: RADIUS:   A5 E3 53 E2 00 00 00 00 00 00 00 17              [??S?????????]
002984: Jul 28 15:48:11.452 AEST: RADIUS:  Vendor, Microsoft   [26]  12
002985: Jul 28 15:48:11.452 AEST: RADIUS:   MS-Link-Util-Thresh[14]  6
002986: Jul 28 15:48:11.452 AEST: RADIUS:   00 00 00 32                                      [???2]
002987: Jul 28 15:48:11.452 AEST: RADIUS:  Vendor, Microsoft   [26]  12
002988: Jul 28 15:48:11.452 AEST: RADIUS:   MS-Link-Drop-Time-L[15]  6
002989: Jul 28 15:48:11.452 AEST: RADIUS:   00 00 00 78                                      [???x]
002990: Jul 28 15:48:11.456 AEST: RADIUS(00000058): Received from id 1645/63
002991: Jul 28 15:48:11.456 AEST: RADIUS: Constructed " ppp negotiate"
Microsoft NPS
I had issues reading the original IAS formatted logs as per the below
C:\Windows\System32\LogFiles\iaslog.log (not sure if this is the original path to the log)

172.27.109.253,admin,07/28/2010,15:53:03,IAS,BADC02,31,1.1.1.1,61,5,5,0,87,1.1.1.2,4,172.27.109.253,4108,172.27.109.253,4116,0,4128,Cisco Router,4154,NAS IP,4155,1,4129,BA\admin,4127,1,4149,default,25,311 1 172.27.109.245 07/28/2010 05:20:52 24,8136,1,8153,0,8111,0,4130,ba/Users/admin,4136,1,4142,0

172.27.109.253,admin,07/28/2010,15:53:03,IAS,BADC02,25,311 1 172.27.109.245 07/28/2010 05:20:52 24,8153,0,8111,0,4130,ba/Users/admin,4294967209,120,4294967210,50,4108,172.27.109.253,4116,0,4128,Cisco Router,4154,NAS IP,4155,1,4129,BA\admin,4127,1,4149,default,8136,1,7,1,6,2,4136,2,4142,0


So i installed the below tool which made it easier to read!
IAS LOG VIEWER v2.67 by Deepsoftware (http://www.deepsoftware.ru/iasviewer/)

DJ ND – Easy Love mixtape (JUL 2010)

Yet another mixed spread, a bit more of a techy sound something hopefully a bit different to the usual radio stuff. If the links broken or you like it let me know!

get it here or here