Le blog de Jean David TECHER, un Réunionnais à Saint-Priest/Lyon

Aller au contenu | Aller au menu | Aller à la recherche


1 2 >

mercredi 23 décembre 2009

php_ffmpeg pour php 5.2 et ffmpeg 5.0

J'avais déjà  posté un précédent billet sur la compatibilité de php_ffmpeg avec php 5.2 et ffmpeg 5.0. Ici je reprends mes notes pour la compilation car il y a une légère modification à  effectuer dans les fichiers header de ffmpeg pour assurer la conversion. Il s'agit d'une légère modification que j'avais oublié de signaler.

Comme stipulé dans le billet, une fois les sources de PHP décompressées, on récupère la version 0.6.1 qui assure la compilation

On supprime les sources du module ffmpeg fournies
cd /chemin/vers/sources/de/php-5.2.1/ext
rm -rf ffmpeg
On récupère la version attendue
svn co http://ffmpeg-php.svn.sourceforge.net/svnroot/ffmpeg-php/branches/ffmpeg-php/ffmpeg-php-0.6.1 ffmpeg
cd ..
./buildconf --force
./configure .... ---with-ffmpeg=/opt/multimedia

Avant de lancer make, on effectue la t'chitte modification

for file in $(grep -lri "#include \"lib" /opt/multimedia/include/);
do 
    sed -i "s:#include \"lib:#include \"/opt/multimedia/include/lib:g" $file;
done

Et on lance la make puis le make install

mardi 15 décembre 2009

Mise à  jour pour ClamAV 0.95.3

Petite mise à  jour hier soir sur le serveur en voyant dans les logs

Dec 14 23:56:22 olivia freshclam[8292]: TTL: 648
Dec 14 23:56:22 olivia freshclam[8292]: Software version from DNS: 0.95.3
Dec 14 23:56:22 olivia freshclam[8292]: Your ClamAV installation is OUTDATED!
Dec 14 23:56:22 olivia freshclam[8292]: Local version: 0.94.1 Recommended version: 0.95.3
Dec 14 23:56:22 olivia freshclam[8292]: DON'T PANIC! Read http://www.clamav.net/support/faq
Dec 14 23:56:24 olivia freshclam[8292]: main.cvd version from DNS: 51
Dec 14 23:56:24 olivia freshclam[8292]: main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
Dec 14 23:56:24 olivia freshclam[8292]: daily.cvd version from DNS: 10170
Dec 14 23:56:24 olivia freshclam[8292]: daily.cld is up to date (version: 10170, sigs: 128747, f-level: 44, builder: guitar)
Dec 14 23:56:24 olivia freshclam[8292]: --------------------------------------

On procède à  la mise à  jour habituel du système (téléchargement+compilation+installation

wget "http://downloads.sourceforge.net/project/clamav/clamav/0.95.3/clamav-0.95.3.tar.gz?use_mirror=freefr"
tar xvzf clamav-0.95.3.tar.gz 
cd clamav-0.95.3
./configure --with-user=simscan
make
make install
ldconfig

On redémarre les services et on relance freshclam

root@olivia:~/clamav-0.95.3# /etc/init.d/clamav-daemon restart
 * Stopping ClamAV daemon clamd                                                                     [ OK ] 
 * Starting ClamAV daemon clamd                                                                      [OK ] 
root@olivia:~/clamav-0.95.3# freshclam
freshclam      freshclam_old  
root@olivia:~/clamav-0.95.3# freshclam
ClamAV update process started at Tue Dec 15 00:10:35 2009
main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
Trying host database.clamav.net (149.6.161.117)...
Downloading daily-10171.cdiff [100%]
Downloading daily-10172.cdiff [100%]
daily.cld updated (version: 10172, sigs: 129071, f-level: 44, builder: arnaud)
Database updated (674106 signatures) from database.clamav.net (IP: 149.6.161.117)




		

dimanche 6 décembre 2009

[FreeRadius 2.1.7/OpenLdap] Partie 2 - "EAP-TTLS": installation, test en wpa_supplicant et fichiers de configurations

Je colle ici mes fichier de configuration. J'écrirais la documentation un peu plus tard...Il est déjà  23h40 quand j'écris ce billet et Simba m'attend pour dormir LOL..

FreeRadius: Compilation et installation (mode quick)

J'ai effectué les tests su une Ubutnu 8.04.3 Server Edition fraà®chement installé sous ma VMWare

apt-get install gcc make libldap2-dev libssl-dev openssl
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.7.tar.gz -O - | tar xzf -
cd freeradius-server-2.1.7
./configure --prefix=/opt/freeradius  && make && make install

Génération des certificats

Une fois freeradius installé, se conformer au fichier /opt/freeradius/etc/raddb/certs/README que je ne détaillerais pas ici. A la fin de la génération, ne pas oublier de faire
make random
make dh

Configuration cliente en utilisant wpa_supplicant

Avec la configuration suivante dans le fichier
root@bremko:/var/lib/david/# cat /etc/wpa_supplicant/wifi_belkin54g.conf |grep -v '#'
ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
network={
        ssid="belkin54g"
        scan_ssid=1
        key_mgmt=WPA-EAP
        phase2="auth=PAP"
        identity="LOGIN_LDAP"
        password="PASSWORD_LDAP"
        ca_cert="/etc/wpa_supplicant/certs/ca.pem"
}
Bien sà»r, ici on prendra soin de remplaçer comme il se doit les paramètres identify et password. Puisque on utilise ici de l'EAP-TTLS, le certificat n'est pas obligatoire mais bon c'est l'habitude de l'avoir :)

On aura en lançant la connexion

root@bremko:~# /sbin/wpa_supplicant -P /var/run/wpa_supplicant.ath0.pid -i ath0 -Dwext -c /etc/wpa_supplicant/wifi_belkin54g.conf 
Trying to associate with 00:30:bd:98:88:5b (SSID='belkin54g' freq=2462 MHz)
Associated with 00:30:bd:98:88:5b
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
WPA: Key negotiation completed with 00:30:bd:98:88:5b [PTK=TKIP GTK=TKIP]
CTRL-EVENT-CONNECTED - Connection to 00:30:bd:98:88:5b completed (auth) [id=0 id_str=]
WPA: Group rekeying completed with 00:30:bd:98:88:5b [GTK=TKIP]

Cà´té serveur: fichiers de configurations

  1. fichier etc/raddb/radiusd.conf
    prefix = /opt/freeradius
    exec_prefix = ${prefix}
    sysconfdir = ${prefix}/etc
    localstatedir = ${prefix}/var
    sbindir = ${exec_prefix}/sbin
    logdir = ${localstatedir}/log/radius
    raddbdir = ${sysconfdir}/raddb
    radacctdir = ${logdir}/radacct
    name = radiusd
    confdir = ${raddbdir}
    run_dir = ${localstatedir}/run/${name}
    db_dir = ${raddbdir}
    libdir = ${exec_prefix}/lib
    pidfile = ${run_dir}/${name}.pid
    max_request_time = 30
    cleanup_delay = 5
    max_requests = 1024
    listen {
    	type = auth
    	ipaddr = *
    	port = 0
    }
    listen {
    	ipaddr = *
    	port = 0
    	type = acct
    }
    hostname_lookups = no
    allow_core_dumps = no
    regular_expressions	= yes
    extended_expressions	= yes
    log {
    	destination = files
    	file = ${logdir}/radius.log
    	syslog_facility = daemon
    	stripped_names = no
    	auth = yes
    	auth_badpass = yes
    	auth_goodpass = yes
    	msg_goodpass = "[* * * GOOD LOGIN * * *]"
    	msg_badpass = "[* * * BAD LOGIN * * *]"
    }
    checkrad = ${sbindir}/checkrad
    security {
    	max_attributes = 200
    	reject_delay = 1
    	status_server = yes
    }
    proxy_requests  = yes
    $INCLUDE proxy.conf
    $INCLUDE clients.conf
    thread pool {
    	start_servers = 5
    	max_servers = 32
    	min_spare_servers = 3
    	max_spare_servers = 10
    	max_requests_per_server = 0
    }
    modules {
    	$INCLUDE ${confdir}/modules/
    	$INCLUDE eap.conf
    }
    instantiate {
    	exec
    	expr
    	expiration
    	logintime
    }
    $INCLUDE policy.conf
    $INCLUDE sites-enabled/
    
  2. fichier etc/raddb/modules/pap
    pap {
    	auto_header = yes
    }
    
  3. fichier etc/raddb/modules/ldap
    ldap {
    	server = "olivia.davidgis.fr"
    	basedn = "dc=chezdavid,dc=local"
    	filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
    	ldap_connections_number = 5
    	timeout = 4
    	timelimit = 3
    	net_timeout = 1
    	tls {
    		start_tls = no
    	}
    	dictionary_mapping = ${confdir}/ldap.attrmap
    	password_attribute = userPassword
    	edir_account_policy_check = no
    	set_auth_type = yes
    }
    
  4. fichier etc/raddb/eap.conf
    	eap {
    		default_eap_type = ttls 
    		timer_expire     = 60
    		ignore_unknown_eap_types = no
    		cisco_accounting_username_bug = no
    		max_sessions = 2048
    		md5 {
    		}
    		leap {
    		}
    		gtc {
    			auth_type = PAP
    		}
    		tls {
    			certdir = ${confdir}/certs
    			cadir = ${confdir}/certs
    			private_key_password = 20091206
    			private_key_file = ${certdir}/server.pem
    			certificate_file = ${certdir}/server.pem
    			CA_file = ${cadir}/ca.pem
    			dh_file = ${certdir}/dh
    			random_file = ${certdir}/random
    			include_length = yes
    			check_cert_cn = %{User-Name}
    			cipher_list = "DEFAULT"
    			make_cert_command = "${certdir}/bootstrap"
    			cache {
    			      enable = no
    			      max_entries = 255
    			}
    		}
    		ttls {
    			default_eap_type = gtc
    			copy_request_to_tunnel = yes
    			use_tunneled_reply =  yes
    			virtual_server = "inner-tunnel"
    			include_length = yes
    		}
    		peap {
    			default_eap_type = mschapv2
    			copy_request_to_tunnel = no
    			use_tunneled_reply = no
    			virtual_server = "inner-tunnel"
    		}
    		mschapv2 {
    		}
    	}
    
  5. fichier etc/raddb/clients.conf
    client 127.0.0.1 {
    	secret		= oliviatuesmonamour
    	shortname	= monroe
    }
    client 192.168.2.0/24 {
    	secret		= oliviatuesmonamour
    	shortname	= reseaudavidgis
    }
    client 192.168.2.254 {
    	secret		= oliviatuesmonamour
    	shortname	= belkin54g
    }
    
    Ici le mot secret est a saisir depuis l'interface de l'A.P dont l'IP est 192.168.2.254
  6. fichier etc/raddb/sites-enabled/default
    authorize {
    	preprocess
    	chap
    	mschap
    	suffix
    	eap {
    		ok = return
    	}
    	unix
    	files
    	ldap
    	expiration
    	logintime
    	pap
    }
    authenticate {
    	Auth-Type PAP {
    		pap
    	}
    	Auth-Type CHAP {
    		chap
    	}
    	Auth-Type MS-CHAP {
    		mschap
    	}
    	unix
    	Auth-Type LDAP {
    		ldap
    	}
    	eap
    }
    preacct {
    	preprocess
    	acct_unique
    	suffix
    	files
    }
    accounting {
    	detail
    	unix
    	radutmp
    	attr_filter.accounting_response
    }
    session {
    	radutmp
    }
    post-auth {
    	exec
    	Post-Auth-Type REJECT {
    		attr_filter.access_reject
    	}
    }
    pre-proxy {
    }
    post-proxy {
    	eap
    }
    
  7. fichier etc/raddb/sites-enabled/inner-tunnel
    server inner-tunnel {
    authorize {
    	chap
    	mschap
    	unix
    	suffix
    	update control {
    	       Proxy-To-Realm := LOCAL
    	}
    	eap {
    		ok = return
    	}
    	files
    	ldap
    	expiration
    	logintime
    	pap
    }
    authenticate {
    	Auth-Type PAP {
    		pap
    	}
    	Auth-Type CHAP {
    		chap
    	}
    	Auth-Type MS-CHAP {
    		mschap
    	}
    	unix
    	Auth-Type LDAP {
    		ldap
    	}
    	eap
    }
    session {
    	radutmp
    }
    post-auth {
    	Post-Auth-Type REJECT {
    		attr_filter.access_reject
    	}
    }
    pre-proxy {
    }
    post-proxy {
    	eap
    }
    

vendredi 4 décembre 2009

[FreeRadius 2.1.7/OpenLdap] Partie 1 - "configure: WARNING: FAILURE: rlm_ldap requires: libldap_r ldap.h."

J'ai commencé à  effectué mes tests d'installation. J'ai eu cette fameuse erreur pour le module rlm_ldap.Pas de panique!!! Il suffit de faire

apt-get install libldap2-dev