<html>
<head>
<meta http-equiv="refresh" content="1;URL=https://wladyx.homelinux.net/index.php">
</head>
Please wait while we kick your a**..
</html>
#!/bin/bash
cd /admin
wget http://monitor.cyberspace.ro/routes.txt -O /admin/metropolitan.temp
mipclasses < metropolitan.temp > metropolitan.txt
rm -f metropolitan.temp
squid -k reconfigure
if ! ps -A | grep irexec 1> /dev/null 2> /dev/null ; then
echo “Pornesc irecexec”
irexec -d
else
echo “irexec merge”
fi
I did some research, and if you compile the shadow package (the package that supplies su and everything for /etc/passwd and /etc/group) with pa
m, you don’t get suauth. I could hack the configure script and change that, but the developers did it for a reason.
Anywho, the solution is in PAM as many of you have already determined. The following works for me, and works as expected. I tested all exceptio
ns I could think of, but then again it is 1:00 in the morning and I might have overlooked something.
And here it is:
1. Edit /etc/pam.d/su, after
Code:
auth sufficient /lib/security/pam_rootok.so
add
Code:
auth sufficient /lib/security/pam_listfile.so item=ruser \
onerr=fail sense=allow file=/etc/security/su-nopass
2. Create a /etc/security/su-nopass file, and it put one username per line. Only put users that you want to have access to root without a pa
ssword.
3. Double check the permissions on the file, we don’t want it world writable, and world readable is a matter of personal preference.
Basically, the above says that any user in the su-nopass file is allowed to su without entering a password.
You could move the pam_wheel module before the pam_listfile line to require the user to belong to the wheel group. Again, this is personal pref
ernce based on security needs.
Hope it works, tell me what you think. Tell me if there are any flaws.
PS: This is not my work, can’t remember where i got this 
In Ubuntu:
groupadd wheel, add yourself to this group, edit /etc/pam.d/su and uncomment the appropriate line:
auth sufficient pam_wheel.so trust
For more (the best) documentation check the OpenVPN
developer site at http://openvpn.net/examples.html.
Now, if you’re running on debian sarge just do:
apt-get install openvpn
for installing the VPN software. If you don’t have this linux distribution,
download, install or compile the version that is good for your distro.
The tar.gz archive is good for all linux distros and can be found here.
It is possible to need other packages (check dependencies).
If you use the tar.gz file and compile yourself the sources, make the
device node and load it:
mknod /dev/net/tun c 10 200
modprobe tun
OK! I just install it! What’s next?
Let’s presume that you want to have a tunnel between two linux routers
(router A and router B).
The simples way (without encryption) to do that is shown below.
On router A do:
openvpn –remote x.x.x.x –dev tun0 –ifconfig a.a.a.a a.a.a.b –port
yyyy
On the other router do:
openvpn –remote y.y.y.y –dev tun0 –ifconfig a.a.a.b a.a.a.a –port
yyyy
Where:
x.x.x.x – your public IP on router B
y.y.y.y – your public IP on router A
a.a.a.a – your local IP for tunnel interface (ex.: 192.168.1.1)
a.a.a.b – the other IP of your tunnel (the remote one, ex.: 192.168.1.2)
yyyy – the UDP connection port
Wait 2-10 seconds for establishing the connection, check if your tun
(tun0 in my example) interface is up and if it is try ping a.a.a.b (if
your are connected to router A) or ping a.a.a.a (if your on the router
B).
For a verbose output try –verb 5 option as follow (but will generate
a lot output):
openvpn –remote y.y.y.y –dev tun0 –ifconfig a.a.a.b a.a.a.a \
–port
yyyy –verb 5
This example is working without tunnel encryption. If you want to use
encryption, the easy way is to generate a key:
openvpn –genkey –secret key
The “key” file must be on both router. Do not try to generate the “key”
on each routers !!! Generate it on one router and then copy it on the other.
Now the command will change as follow:
openvpn –remote x.x.x.x –dev tun0 –ifconfig a.a.a.a a.a.a.b \
–port
yyyy –secret key (for router A) and
openvpn –remote y.y.y.y –dev tun0 –ifconfig a.a.a.b a.a.a.a \
–port
yyyy –secret key (for router B)
If you want to change your gateway and to move all your traffic to the
tunnel do:
openvpn –remote x.x.x.x –dev tun0 –ifconfig a.a.a.a a.a.a.b \
–port
yyyy –redirect gateway –secret key
and also, if you want to use your own DNS server or just want to send packets to
other route, you can insert an additional route:
openvpn –remote x.x.x.x –dev tun0 –ifconfig a.a.a.a a.a.a.b \
–port yyyy –redirect gateway \
–route 10.5.5.0 255.255.255.0 10.5.5.1
–secret key
where:
10.5.5.0 – is your (local) network
255.255.255.0 – the network mask
10.5.5.1 – the gateway for the 10.5.5.0 route
Now all your packets will go to tunnel except the packet that have
the 10.5.5.0/24 as destination network will go directly to 10.5.5.1 gateway.
What about firewall???
Oh, yeahh…the firewall…
If you don’t manage the firewall check for an open port on it and if
you can pass it (the hping tool can
be useful) use it with the –port x option. The port UDP 1194 is
the default port for openvpn.
I strongly recommend to read and learn about
iptables until you’ll play with fire !!! 
If all what you want is to link two routers you must use only INPUT
and OUTPUT iptables chains for ethX interfaces and FORWARD for your tunX interface.
A basic iptables rules looks like this:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -i eth0 -p udp -s ip_addr_of_the_other_router –sport
1194 –dport 1194 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -d ip_addr_of_the_other_router –dport
1194 –sport 1194 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
There are other ways to set up a VPN connection using openvpn and my
advice is to read all the documentation and examples that you find on the
OpenVPN page.
Note:
All the examples above use UDP ports. For TCP ports check the documentation.
That’s it…
