Friday, February 18, 2011


How to Forward

1. Login to Proxy Webui

2. Create a forward Host

3. Launch VPM

4. Select Forwarding Layer

5. Create a rule

6. Add source (Create client object if req)

7. Add Dst (Select Server Url=>Advanced match put the word in the host (for Ex : "webex") and select contains (this will match all url contains webex)

8. Select All services

9. Select forwarding host object in action column

10. Install Policy

How to Capture

1. Login to Proxy

2. Launch VPM

3. Go to Policy capture Tab (If there no, create another webaccess layer and name it to Policy capture)

4. Create the rule -Action =>None

5. Trace =>select an trace object (if there is no trace object , create one and set trace level to verbose tracing and set the trace file)

6. Install Policy

7. Access the trace from

https://poroxyip :8082/Policy

Thursday, February 17, 2011

VI - Cheat Sheet

Vi has two modes insertion mode and command mode. The editor begins in command mode, where the cursor movement and text deletion and pasting occur. Insertion mode begins upon entering an insertion or change command. [ESC] returns the editor to command mode (where you can quit, for example by typing :q!). Most commands execute as soon as you type them except for "colon" commands which execute when you press the ruturn key.

:x Exit, saving changes
:q Exit as long as there have been no changes
ZZ Exit and save changes if any have been made
:q! Exit and ignore any changes

Inserting Text
i Insert before cursor
I Insert before line
a Append after cursor
A Append after line
o Open a new line after current line
O Open a new line before current line
r Replace one character
R Replace many characters

h Move left
j Move down
k Move up
l Move right
w Move to next word
W Move to next blank delimited word
b Move to the beginning of the word
B Move to the beginning of blank delimted word
e Move to the end of the word
E Move to the end of Blank delimited word
( Move a sentence back
) Move a sentence forward
{ Move a paragraph back
} Move a paragraph forward
0 Move to the begining of the line
$ Move to the end of the line
1G Move to the first line of the file
G Move to the last line of the file
nG Move to nth line of the file
:n Move to nth line of the file
fc Move forward to c
Fc Move back to c
H Move to top of screen
M Move to middle of screen
L Move to botton of screen
% Move to associated ( ), { }, [ ]

Deleting Text
Almost all deletion commands are performed by typing d followed by a motion. For example, dw deletes a word. A few other deletes are:
x Delete character to the right of cursor
X Delete character to the left of cursor
D Delete to the end of the line
dd Delete current line
:d Delete current line

Yanking Text
Like deletion, almost all yank commands are performed by typing y followed by a motion. For example, y$ yanks to the end of the line. Two other yank commands are:
yy Yank the current line
:y Yank the current line

Changing text
The change command is a deletion command that leaves the editor in insert mode. It is performed by typing c followed by a motion. For wxample cw changes a word. A few other change commands are:
C Change to the end of the line
cc Change the whole line

Putting text
p Put after the position or after the line
P Put before the poition or before the line

Named buffers may be specified before any deletion, change, yank or put command. The general prefix has the form "c where c is any lowercase character. for example, "adw deletes a word into buffer a. It may thereafter be put back into text with an appropriate "ap.

Named markers may be set on any line in a file. Any lower case letter may be a marker name. Markers may also be used as limits for ranges.
mc Set marker c on this line
`c Go to beginning of marker c line.
'c Go to first non-blank character of marker c line.

Search for strings
/string Search forward for string
?string Search back for string
n Search for next instance of string
N Search for previous instance of string

The search and replace function is accomplished with the :s command. It is commonly used in combination with ranges or the :g command (below).
:s/pattern/string/flags Replace pattern with string according to flags.
g Flag - Replace all occurences of pattern
c Flag - Confirm replaces.
& Repeat last :s command

Regular Expressions
. (dot) Any single character except newline
* zero or more occurances of any character
[...] Any single character specified in the set
[^...] Any single character not specified in the set
^ Anchor - beginning of the line
$ Anchor - end of line
\< Anchor - begining of word
\> Anchor - end of word
\(...\) Grouping - usually used to group conditions
\n Contents of nth grouping

[...] - Set Examples [A-Z] The SET from Capital A to Capital Z
[a-z] The SET from lowercase a to lowercase z
[0-9] The SET from 0 to 9 (All numerals)
[./=+] The SET containing . (dot), / (slash), =, and +
[-A-F] The SET from Capital A to Capital F and the dash (dashes must be specified first)
[0-9 A-Z] The SET containing all capital letters and digits and a space
[A-Z][a-zA-Z] In the first position, the SET from Capital A to Capital Z
In the second character position, the SET containing all letters

Regular Expression Examples /Hello/ Matches if the line contains the value Hello
/^TEST$/ Matches if the line contains TEST by itself
/^[a-zA-Z]/ Matches if the line starts with any letter
/^[a-z].*/ Matches if the first character of the line is a-z and there is at least one more of any character following it
/2134$/ Matches if line ends with 2134
/\(21|35\)/ Matches is the line contains 21 or 35
Note the use of ( ) with the pipe symbol to specify the 'or' condition
/[0-9]*/ Matches if there are zero or more numbers in the line
/^[^#]/ Matches if the first character is not a # in the line
1. Regular expressions are case sensitive
2. Regular expressions are to be used where pattern is specified

Nearly every command may be preceded by a number that specifies how many times it is to be performed. For example, 5dw will delete 5 words and 3fe will move the cursor forward to the 3rd occurence of the letter e. Even insertions may be repeated conveniently with thismethod, say to insert the same line 100 times.

Ranges may precede most "colon" commands and cause them to be executed on a line or lines. For example :3,7d would delete lines 3-7. Ranges are commonly combined with the :s command to perform a replacement on several lines, as with :.,$s/pattern/string/g to make a replacement from the current line to the end of the file.
:n,m Range - Lines n-m
:. Range - Current line
:$ Range - Last line
:'c Range - Marker c
:% Range - All lines in file
:g/pattern/ Range - All lines that contain pattern

:w file Write to file
:r file Read file in after line
:n Go to next file
:p Go to previos file
:e file Edit file
!!program Replace line with output from program

~ Toggle upp and lower case
J Join lines
. Repeat last text-changing command
u Undo last change
U Undo all changes to line

AWK : Print Only Required Columns

ls -l | awk '{print $3}'

where $3 is the 3rd coulmn

Monday, February 7, 2011

SCP without Password

Sometimes we need a ssh connection that do not ask for passwords. It is use frequently in scripts that involve ssh, scp or sftp connections. I do not encourage this kind of logging but sometimes is very useful...

So, those are the steps to make such connection.

1. Login as user1 on computer1 and generate a pair of authentication keys. Note: even if is unsecured to work without password, do not enter it. Let it empty...

[user1@computer1]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Created directory '/home/user1/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/
The key fingerprint is:
31:df:a5:73:4a:2f:a6:6c:1c:32:a2:f2:b3:c5:a7:1f user1@computer1

2. Login to the remote computer (computer2) as user2 and create the .ssh directory (many Linux distributions create this folder by default. No problem with that.). You still need the password for now...

[user1@computer1]$ ssh -l user2 computer2 mkdir -p .ssh
user2@computer2's password:

3. Copy the user1 public key to user2@computer2 .ssh folder into authorized_keys file. And, type the password again for the last time, hopefully...

[user1@computer1]$ cat .ssh/ ssh -l user2 computer2 \
>'cat >> .ssh/authorized_keys'
user2@computer2's password:

4. If all things are OK, you don't need the password

[user1@computer1]$ ssh -l user2 computer2

..or optionaly (see the troubleshooting section of this page):

[user1@computer1]$ ssh -i $HOME/.ssh/id_rsa user2@computer2

This is the way not only for ssh but also for scp and sftp as well...

If the password prompt will be shown again check the /etc/ssh/ssh_config and uncomment or insert the following option:

IdentityFile ~/.ssh/id_rsa

As you can see, the above option is for RSA type keys. If you want to generate the key pairs using DSA change the "id_rsa" with "id_dsa". Sound logic, right?
This modification in /etc/ssh/ssh_config file can be avoided if you will use the parameter "-i" followed by the location of the key file as in example:

[user1@computer1]$ ssh -i $HOME/.ssh/id_rsa user2@computer2

Also, if you do have write permissions for either the .ssh directory or for the authorized_keys file on the remote machine, then sshd will consider that the procedure is not safe enough, so it will abort the RSA challenge-authentication mode (mode 3) and will go to the default mode (mode 5) asking you for the password on the remote machine. Set chmod 700 for .ssh folder and 600 authorized_keys file. See

Wednesday, February 2, 2011

SIC - Encryption, Authentication and Secure Channel

The following security measures are taken to ensure the safety of SIC:
• Certificates for authentication.
• Standards-based SSL for the creation of the secure channel.
• 3DES for encryption.