authorized_keys vs authorized_keys2

Your current ssh version:  

# rpm -q openssh

Earlier today I was setting up a brand new server for a migration and just as I was typing scp .ssh/authorized_keys2 my brain went and asked a question..

What is the difference between authorized_keys and authorized_keys2?

I’ve been working with Linux for well over a decade and some of my practices stem from things I learned in the ’90s that still work, putting all my public keys in ~/.ssh/authorized_keys2 is one of those things.

authorized_keys vs authorized_keys2

In OpenSSH releases earlier than 3, the sshd man page said:

The $HOME/.ssh/authorized_keys file lists the RSA keys that are permitted for RSA authentication in SSH protocols 1.3 and 1.5 Similarly, the $HOME/.ssh/authorized_keys2 file lists the DSA and RSA keys that are permitted for public key authentication (PubkeyAuthentication) in SSH protocol 2.0.

Which is pretty self explanatory, so that’s what the key difference in the files were originally, authorized_keys for RSA in SSH 1.3 and 1.5 and authorized_keys2 for 2.0

What is the difference between authorized_keys and authorized_keys2?

However, that’s from releases of OpenSSH earlier than 3.0, which was released in 2001, a long time ago.. looking back at the OpenSSH 3.0 release announcement authorized_keys2 is now actually deprecated. We should all just be using authorized_keys instead from now (er, 2001..) onwards!

Original Post: http://www.idimmu.net/2014/03/26/authorized_keys-vs-authorized_keys2/

How to Hack/Reset Kali linux login password

Recently changed Kali Linux Log in Password and you have forgotten it. or May be You want to Hack someone's Kali Linux PC. I am giving you one full proof solution for both issues. I really don't know why Kali developers left a loophole behind the Kali Linux well i also want to tell you that this is also working with Backtrack. So doesn't matter you have forgotten your Backtrack Admin log in password or Kali Linux Admin Log in Password just follow below instruction.
1. First boot your kali linux and wait  untill the Grub will come,  As you will see the grub , then scroll down to recovery mode  then press E

                                                                   (click image for large view)

2. After pressing E you will see this screen. Here you have to change some words and need to add some sentence as shown in image 

3. After changing and adding just press F10

4. After pressing F10 it will be reboot and you will see this screen, Here you have to type a command passwd root and hit enter

5. Then type your new root password, hit enter and again retype your root password and hit enter afterthat you will see a massage password update successfully 

6. Now power off by pressing your laptop/PC power button and switch on it again and login with your new password 

Original post: http://www.geekyshows.com/2013/06/how-to-hackreset-kali-linux-login.html

Download test VMs of IE for Windows, Linux, OSX

Test versions of IE using Virtual Machines that you download and manage in your own development environment.

The Microsoft Software License Terms for the IE VMs are included in the release notes and supersede any conflicting Windows license terms included in the VMs.
By downloading and using this software, you agree to these license terms.

http://www.modern.ie/en-us/virtualization-tools#downloads

Getting started with VMs

Instructions

1. Download the SFX and all RAR files for the VM (smaller VMs may not have files with RAR extension). In each set below that contains a split archive, the provided text file (.txt) contains URLs to all files in the set, and this can be used directly with the 'wget' command in Linux. From the terminal, enter wget -i [URL TO TEXT FILE]. For Windows XP single file downloads, use wget [URL TO DOWNLOAD FILE] instead.
   Example 1: wget -i https://az412801.vo.msecnd.net/vhd/IEKitV1_Final/VirtualBox/Linux/IE8_Win7/IE8.Win7.For.LinuxVirtualBox_2.txt
   Example 2: wget https://az412801.vo.msecnd.net/vhd/IEKitV1_Final/VirtualBox/Linux/IE6_XP/IE6.WinXP.For.LinuxVirtualBox.sfx
   
2. After the download of all files for a set is complete, give the SFX file execute permission by typing chmod +x filename.sfx at the terminal.
3. Execute the SFX executable from the terminal with ./filename.sfx to expand the virtual machine to the current directory.

Alternative Extraction Option

Regardless of the host platform that you are using, if you have problems using the self extracting archive, you can always install a program that can extract RAR files and use that to extract the VM.

How To Install Virtualbox On Ubuntu

Quick & easy Guide:

$ sudo add-apt-repository ppa:dreibh/ppa
$ sudo apt-get update
$ sudo apt-get install virtualbox

UNABLE TO LOGON VMWARE VCENTER APPLIANCE WITH ROOT

Symptoms

• You are unable to log into the root account for the vCenter Server Appliance (vCSA).
• The root account for the vCSA is locked.

Purpose

This article provides instructions on preventing the forced lockout of the root account and on unlocking a locked root account.

Cause

The 5.5 release of the vCenter Server Appliance (vCSA) enforces local account password expiration after 90 days by default. This policy locks out the root account when the password expiration date is reached.

Resolution

This behavior affects vCenter Server Appliance 5.5.

Prevent forced lockout when the root account is still active

If the root account is still accessible through the vCSA console or via the secure shell (SSH), you can prevent this issue from occurring by modifying the /etc/cron.daily/pass-expiration script.

To prevent the forced lockout when the root account is still active:

1. Log in to the vCSA as the root user.
   
2. Open the /etc/cron.daily/pass-expiration script in a text editor.
   
3. Replace the commands at the bottom of the script to replace the forced lockout with a forced password change:
   
   
   1. Delete these commands:
      
      # disable the password if it's time and not already done.
      # don't rely on the pam account facility. prepend an x in the shadow file.
      if [ $TODAY -ge $DEADLINE ] && ! grep -q 'root:x' $SHADOW; then
         sed -e 's/^root:\(.*\)/root:x\1/' $SHADOW -i
      fi
      
   2. Enter these commands:
      
      # force a password change for root if we've reached the password expiration date.
      # pam.unix2 doesn't do this the way we would like, so we do this instead.
      if [ $TODAY -ge $DEADLINE ]; then
         chage –d 0 root
      fi
4. Save and close the file.

Unlocking a locked out root account

If the root account is not accessible via the console, the secure shell, and the Virtual Appliance Management Interface (VAMI), the root account has been inactivated due to password expiration. To reactivate the root account, the vCSA must be rebooted and the kernel option modified in the GRUB bootloader to obtain a root shell.

To reactivate the root account:

1. Reboot the vCSA using the vSphere Client.
   
2. When the GRUB bootloader appears, press the spacebar to disable autoboot.
   
   
   
   Note: If the time between when you power on the virtual machine and when it exits the BIOS or EFI and launches the guest operating system is too short, you can adjust the delay. For more information, see Delay the Boot Sequence in the vSphere Client in the vSphere Single Host Management guide.
   
3. Type p to access the appliance boot options.
   
4. Enter the GRUB password.
   
   Note:
   
   • If the vCSA was deployed without editing the root password in the Virtual Appliance Management Interface (VAMI), the default GRUB password is vmware.
   • If the vCSA root password was reset using the VAMI, then the GRUB password is the password last set in the VAMI for the root account.
5. Use the arrow keys to highlight VMware vCenter Server Appliance and type e to edit the boot commands.
   
   
   
6. Scroll to the second line displaying the kernel boot parameters.
   
   
   
7. Type e to edit the boot command.
   
8. Append init=/bin/bash to the kernel boot options.
   
   
   
9. Press Enter. The GRUB menu reappears.
   
10. Type b to start the boot process. The system boots to a shell.
    
11. Reset the root password by running the passwd root command.
    
12. Restart the appliance by running the reboot command.
    
13. Important: Follow the instructions in the Prevent forced lockout when the root account is still active section of this article to prevent future root account lock out and retain password expiration functionality.

Additional Information

The vCSA allows you to establish your own password expiration and warning email policies by using the Admin tab of the Virtual Appliance Management Interface (VAMI).



By default, the password expiration on the local root account in the vCSA is set to 90 days after the password has been changed. This typically occurs at first boot. If the password is not changed on installation, there is a 90-day period before expiration.

Email addresses configured in the Admin tab in the VAMI (https://IP_address:5480 or https://VAMI_host_name:5480) receive email notifications each day for seven days prior to password expiration. The email settings, such as relay SMTP server, are configured through the vSphere Client in the vCenter Server mail settings.  

* Original KB: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2069041

How to Install Komodo Edit on Ubuntu 14.04

This simple tutorial shows how to install latest Komodo edit on Ubuntu 13.04 Raring, 12.10 Quantal, 12.04 Precise via ppa repository.

Komodo Edit, based on the award-winning Komodo IDE, offers sophisticated support for all major scripting languages, including in-depth autocomplete and calltips, multi-language file support, syntax coloring and syntax checking, Vi emulation, Emacs key bindings. It provides dynamic language expertise for Perl, PHP, Python, Ruby, and Tcl, plus JavaScript, CSS, HTML, and XML, and template languages like RHTML, Template-Toolkit, HTML-Smarty and Django.

Install Komodo Edit

A PPA repository has been created for Ubuntu users. So far it supports Ubuntu 13.04, 12.04 and 12.10.

To add the repository, press Ctrl+Alt+T on your keyboard to open terminal. When it opens, run below commands:

sudo add-apt-repository ppa:mystic-mirage/komodo-edit

After that, update your package lists and install this tool via command below:

sudo apt-get update; sudo apt-get install komodo-edit

Once installed, open it by running komodo command. 

Thanks to Ji m from http://ubuntuhandbook.org/index.php/2013/07/install-komodo-ubuntu-13-04-12-04-12-10/

Enable SSH in Ubuntu 14.04 Trusty Tahr

his simple tutorial is going to show you how to enable Secure Shell (SSH) service in Ubuntu 14.04 Trusty Tahr.

Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers.

SSH is not enabled by default in Ubuntu, but you can easily enable this service viaOpenSSH, a free version of the SSH connectivity tools developed by the OpenBSD Project.

To do so, run the command below in terminal:

sudo apt-get install openssh-server

Or install the openssh-server package via Ubuntu Software Center if you’re on Desktop edition:

Once installed, you can change the port, disable root login and do other changes by editing the config file:

sudo gedit /etc/ssh/sshd_config

Finally restart the ssh server to take place:

sudo /etc/init.d/ssh restart

Thanks to Ji M from: http://ubuntuhandbook.org/index.php/2014/04/enable-ssh-ubuntu-14-04-trusty-tahr/

OpenSSL Security Advisory - TLS heartbeat read overrun CVE-2014-0160

OpenSSL Security Advisory [07 Apr 2014]

========================================

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.

More information:

• https://bugzilla.redhat.com/show_bug.cgi?id=1084875
• http://heartbleed.com/
• http://www.openssl.org/news/secadv_20140407.txt
• http://www.centosblog.com/critical-openssl-vulnerability-heartbleed-openssl-1-0-1-1-0-1f-patch-bug-centos-system/
• http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
• http://serverfault.com/questions/587329/heartbleed-what-is-it-and-what-are-options-to-mitigate-it
• http://seclists.org/fulldisclosure/2014/Apr/92
• https://isc.sans.edu/diary/OpenSSL+CVE-2014-0160+Fixed/17917

Check you OpenSSL Version (CentOS):

#openssl version
#openssl version -a
#rpm -q openssl
#yum update openssl
#rpm -q --changelog openssl-1.0.1e | grep -B 1 CVE-2014-0160


How can I check if my HTTPS site is still vulnerable?

You can use http://filippo.io/Heartbleed/ to test if your HTTPS site is vulnerable (thanks to Filipo).


OpenSSL 1.0.1g has been released to fix "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server. This issue did not affect versions of OpenSSL prior to 1.0.1."[1] known as the Heartbleed Bug [3].

/*** update by Johannes Ullrich ...: ***/

Ubuntu released a patch for affected versions:

http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0160.html

Ubuntu also updated OpenSSH.

CentOS/RHEL has a patch available. 

https://rhn.redhat.com/errata/RHSA-2014-0376.html

For CentOS, the OpenSSL version did not change. Instead, only the compile time changed. To test if you are running the right version, look at the second line of the "openssl version -a" output:

Fixed version:

$ openssl version -a | head -2
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Tue Apr  8 02:39:29 UTC 2014
 
Old version:
 
OpenSSL 1.0.1e-fips 11 Feb 2013
built on: Wed Jan  8 18:40:59 UTC 2014
 
You probably want to make sure you at least restart affected daemons that load OpenSSL, or just reboot the system. 
 
If you are concerend that the vulnerability was already used to read memory from your systems, you at least should change your SSL keys.
---

The quickest way to figure out which version of OpenSSL you are using is:

openssl version -a

But not that some software may be compiled statically with openssl.

For a vulnerable system, this will return a version of 1.0.1f (or anything but 'g'). Also there will be no complier flag-DOPENSL_NO_HEARTBEATS.

Hide the Apache Web Server Version number with ServerSignature and ServerTokens directives

You can easily hide Apche (httpd) version number and other information. There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules. By setting this to Prod you only displays back Apache as server name and no version number displayed back.

Open your httpd.conf file using text editor such as vi:
vi httpd.conf

Append/modify config directive as follows:
ServerSignature Off
ServerTokens Prod

Save and close the file. Restart Apache web server:
# /etc/init.d/httpd restart

Orinigal link: http://www.cyberciti.biz/faq/rhel-centos-hide-httpd-version/

Thanks to nixCraft from cyberciti

CentOS policy routing

Over the years working in LAN networking there are several situations that dictate a host/server have multiple IP addresses on the same or different, physical or logical, devices.  For instance, connecting to a private management-only network/vlan, offering connectivity to a inside network on a private NIC, etc etc.

This scenario often causes two somewhat annoying behaviours:

1) the return traffic often is sourced from the “primary” IP address of the host/server, most often the one that is on the subnet associated with the default gateway

2) a surprising number of alleged “network administrators” seem to think having multiple gateways (one for each IP address of course )  is a good idea.  Well, over the years I have come across this situation and, in every case, this has obviously  NEVER WORKED.  

Situation #2 can only be fixed by education and occasionally the dismissal of the “IT” person for someone more qualified.  As for situation #1, RedHat/CentOS supports viaiproute2 the ability to make traffic rules, ensuring that IP traffic is sourced by a particular IP in cases you can define.  Great!  Multiple NIC or logical interface routing on Linux is possible! (and yes, it involves having multiple gateways, but not stupidly and blindly adding them in the routing table….)

It is very simple to implement and involves the steps below.  As an example, lets assume we created a management VLAN (VLAN4) and want to add an logical interface on a server in that VLAN to access it internally.  We will be using 10.0.10.0/28 as an inside network.

Step 1: Create a VLAN interface

This creates the necessary interface on VLAN4 from primary physical interface eth0:

vi /etc/sysconfig/network-scripts/ifcfg-eth0.4

DEVICE=eth0.4
BOOTPROTO=static
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
IPADDR=10.0.10.2
NETMASK=255.255.255.240
NETWORK=10.0.10.0
VLAN=yes

Step 2: Create a iproute2 table for that management network

Edit /etc/iproute2/rt_tables to add a new entry and give it a arbitrary (unused  ) name:

vi /etc/iproute2/rt_tables

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
200     MGMT

Note that between 200 and MGMT is a tab character.

Step 3: Create a default route for that network

vi /etc/sysconfig/network-scripts/route-eth0.4

default table MGMT via 10.0.10.1

this creates a default route for the MGMT/10.0.10.0/28 network to 10.0.10.1 which is your inside routing intelligence.

Step 4: Create routing rule for 10.0.10.2

To ensure that traffic received on 10.0.10.2 is utilizing the MGMT network only as a source address, a rule must be defined to enable this:

vi /etc/sysconfig/network-scripts/rule-eth0.4

from 10.0.10.2 table MGMT

and thats it!  restart your network:

/etc/rc.d/init.d/network restart

Using iproute2 commands, we can check that what we did works (as well as using wireshark  )

[root@server network-scripts]# ip rule show
0:      from all lookup local
32765:  from 10.0.10.2 lookup MGMT
32766:  from all lookup main
32767:  from all lookup default

 

[root@server network-scripts]# ip route show
10.0.10.0/28 dev eth0.4  proto kernel  scope link  src 10.0.10.2
66.1.1.0/25 dev eth0  proto kernel  scope link  src 66.1.1.12
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth0.4  scope link  metric 1006
default via 66.1.1.125 dev eth0

Note: this also would work with a second physical interface, for instance to utilize a second NIC card instead of a VLAN logical interface, substitute all use of eth0.4 for eth1.

Thanks to: ChrisConn

Original text from: http://random.cconn.info/2013/01/14/centos-policy-routing-why-yes-it-can-be-done/

Setup NFS Server On CentOS 6.X

NFS, Network File System, is a server-client protocol used for sharing files between linux/unix to unix/linux systems. NFS enables you to mount a remote share locally. You can then directly access any of the files on that remote share.

Scenario

In this how-to I use two systems running with CentOS 6.5, but it will work on all CentOS / RHEL / Scientific Linux 6.x distros.

NFS Server IP Address: 192.168.1.250/24

NFS Client IP Address: 192.168.1.251/24

1. Install NFS in Server system

# yum install nfs* -y

 2. Start NFS service

# service rpcbind start

# chkconfig rpcbind on

hkconfig nfs on

# service nfs start

# 

c

3. Install NFS in Client System

# yum install nfs* -y

4. Start NFS service

# service rpcbind start

# chkconfig rpcbind on

hkconfig nfs on

# service nfs start

# 

c

5. Create shared directories in server

Create a shared directory named ‘/var/unixmen_share’ in server and let the client users to read and write files in that directory.

# mkdir /var/unixmen_share 

# chmod 755 /var/unixmen_share/

6. Export shared directory on NFS Server

Edit file /etc/exports,

# vi /etc/exports

Add the entry as shown below.

/var/unixmen_share/     192.168.1.0/24(rw,sync,no_root_squash,no_all_squash)

 where,

/var/unixmen_share  – shared directory

192.168.1.0/24           – IP address range of clients

rw                               – Writable permission to shared folder

sync                            – Synchronize shared directory

no_root_squash          – Enable root privilege

no_all_squash             – Enable user’s authority

7. Restart the NFS service.

# service nfs restart

 8. Mount the share directory in client

Create a mount point to mount the share directory ‘var/unixmen_local’ which we created in the earlier step 5.

# mkdir /var/nfs_share

 Mount the share from server to client as shown below

# mount -t nfs 192.168.1.250:/var/unixmen_share/ /var/nfs_share/ 

mount.nfs: Connection timed out 

Probably it will show a connection timed out error which means that the firewall is blocking NFS server. To allow NFS server to access from outbound, goto NFS server system and add the as shown below in the ‘etc/sysconfig/iptables’ file.

# vi /etc/sysconfig/iptables

Append the following lines shown in red colour.

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.



*filter

 -A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT  

-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT 

 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT 

-A INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEP

T 

-A INPUT -m state --state NEW -m tcp -p tcp --dport 875 -j ACCEPT 

 

-A INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEP

T

INPUT ACCEPT [0:0]





::FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

tate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j 

-A INPUT -m state --

sACCEPT

-A INPUT -i lo -j ACCEPT

tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with

-A INPUT -m state --state NEW -m

  icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited



COMMIT

Now restart the iptables service.

# service iptables restart

Again mount the share in client system with command:

# mount -t nfs 192.168.1.250:/var/unixmen_share/ /var/nfs_share/

Now the NFS share will mount without any connection timed out error.

9. Verify NFS

Verify the share from the server is mounted or not using ‘mount’ command.

# mount

Sample output:

/dev/mapper/vg_client-lv_root on / type ext4 (rw)




proc on /proc type proc (rw)


devpts on /dev/pts type devpt
sysfs on /sys type sysfs (rw)

s (rw,gid=5,mode=620)


:object_r:tmpfs_t:s0")

/dev/sda1 on /boot type ext4 (rw)

none on /proc/sys
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_
u/fs/binfmt_misc type binfmt_misc (rw)

rpc_pipefs (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type
 





nfsd on /proc/fs/nfsd type nfsd (rw)


192.168.1.250:/var/unixmen_share/ on /var/nfs_share type nfs (rw,vers=4,addr=192.168.1.250,clientaddr=192.168.1.251) 

10.  Automount the Shares

To mount the shares automatically instead of mounting them manually at every reboot, add the following lines shown in red colour in the ‘/etc/fstab’ file of your client system.

# vi /etc/fstab

#

# /etc/fstab

# Created by anaconda on Sun Mar 3 22[root@client unixmen]:10:15 2013

#

Accessible filesystems, by reference, are maintained under '/dev/disk'
#

#

  See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info

#

dev/mapper/vg_client-lv_root / ext4 defaults 1 1

/

defaults 1 2
/dev/mapper/vg_client-lv_swap swap swap defaults 0 0

UUID=1aa7d041-056b-48f4-a773-f713759e981f /boot ext4

 

tmpfs /dev/shm tmpfs defaults 0 0

devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0


proc /proc proc defaults 0 0

192.168.1.250:/var/unixmen_share/ /var/nfs_share/ nfs rw,sync,hard,intr 0 0

Reboot the client system and check the share whether it is automatically mounted or not.

# mount

Sample output:

/dev/mapper/vg_client-lv_root on / type ext4 (rw)




proc on /proc type proc (rw)


devpts on /dev/pts type devpt
sysfs on /sys type sysfs (rw)

s (rw,gid=5,mode=620)


:object_r:tmpfs_t:s0")

/dev/sda1 on /boot type ext4 (rw)

none on /proc/sys
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_
u/fs/binfmt_misc type binfmt_misc (rw)

sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)



nfsd on /proc/fs/nfsd type nfsd (rw)


192.168.1.250:/var/unixmen_share/ on /var/nfs_share type nfs (rw,vers=4,addr=192.168.1.250,clientaddr=192.168.1.251) 

Thanks to: sk from unixmen

http://www.unixmen.com/nfs-server-installation-and-configuration-in-centos-6-3-rhel-6-3-and-scientific-linux-6-3/