key with passphrase in Bigip SSL profile.

# http://www.openssl.org/docs/apps/rsa.html
# Change the existing passphrase from a key, my_encrypted.key
openssl rsa -des3 -in /config/ssl/ssl.key/original_encrypted.key -out /config/ssl/ssl.key/updated_encrypted.key
- Create the client ssl profile with any accepted passphrase.
- Via the command line, edit the /config/bigip.conf file
- Identify the profile section in the file (see an example below).
- Between the following braces, you will find the encrypted passphrase.

    For example:

        profile clientssl NicSSL {
           defaults from clientssl
           key "NicCert.key"
           cert "NicCert.crt"
           ca file "NicCA.crt"
           client cert ca "NicCA.crt"
           passphrase "$M$dd$4S7mOWS//HijBz9V/7/mmA=="    << passphrase
           peer cert mode require
           authenticate always
        }

- Modify it to include your valid passphrase

        profile clientssl NicSSL {
           defaults from clientssl
           key "NicCert.key"
           cert "NicCert.crt"
           ca file "NicCA.crt"
           client cert ca "NicCA.crt"
           passphrase "hello$$$hello"
           peer cert mode require
           authenticate always
        }

- You can now load the configuration. You will then be able to test the ssl profile.

    b load
       
- The password is still in cleartext in the /config/bigip.conf file. This isn't very secure. Save the config, the passphrase will be saved encrypted.

    b save

- Double check the file /config/bigip.conf to make sure the passphrase is now encrypted


    grep passphrase /config/bigip.conf
 

How to setup Syslog -Centralized log server in centos

How to setup Syslog -Centralized log server in centos.

Server Setup.

 [root@~]# vi /etc/sysconfig/syslog

# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-r -m 0"   (ADD -r option )
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
#    once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".

Restart services

[root@ ~]#  /etc/init.d/syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]
[root@ ~]# /etc/init.d/portmap restart
Stopping portmap:                                          [  OK  ]
Starting portmap:                                          [  OK  ]
[root@~]#  /etc/init.d/xinetd restart
Stopping xinetd:                                           [  OK  ]
Starting xinetd:                                           [  OK  ]

Check Syslog is listening on Port 514
[root@~]# netstat -ntulp |grep syslog
udp        0      0 0.0.0.0:514                 0.0.0.0:*                               1024/syslogd

Client Configuration.

[root@~]# vi /etc/syslog.conf 

*.* @172.16.111.152 (server Ip)

[root@ ~]#  /etc/init.d/syslog restart
Shutting down kernel logger:                               [  OK  ]
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]

To check the Syslog

 From Client 

[root@ ~]# logger hay

From Server

[root@ ~]# tail -f /var/log/messages

Aug  1 12:34:02-1 xinetd[2873]: EXIT: nrpe status=0 pid=22879 duration=0(sec)
Aug  1 12:34:30  sanoj: hay
Aug  1 12:34:32  xinetd[1054]: START: nrpe pid=1106 from=172.16.111.52
Aug  1 12:34:32[1054]: EXIT: nrpe status=0 pid=1106 duration=0(se