cisco SNMPV3 only connect to a remote host - snmp

here is the SNMPv3 i am using
snmp-server group GROUP1 v3 Priv match prefix read v1default write v1default
snmp-server user USER1 group1 v3 auth sha PASSWORD109 priv aes 128 Password234
i have changed the priv and sha passwords and the group and user names my question is how do i target so that only a specific host can access the SNMPV3 for example host = 192.168.1.200

You can set an ACL to the group on Cisco IOS:
switch(config)#snmp-server group fish v3 auth access ?
<1-99> Std IP accesslist allowing access with this group
WORD Access-list name
ipv6 Specify IPv6 Named Access-List
Of course you'd need to have an ACL prepared in the fist place like:
access-list 1 permit 192.168.1.200
and then apply this to the group with:
snmp-server group GROUP1 v3 auth access 1

Related

I can ping the DC, Domain, IP, but cannot join the domain

So, setting up a brand new domain for the very first time (never set up a brand brand new domain) of Azure boxes (but not AAD - using traditional AD over Azure) trying to get these boxes to communicate has taken me literal days and I am getting very frustrated at these.
DC is VT-EDD-Server
Domain is VT-EDD.local
Client is VT-EDD-IIS1 (I'll have others, but once this is fixed I'll have this solved)
Not sure if I even NEEDED to, but I added the IP for the DC and domain to the client's host file, and now I can ping the server. I have also updated the client's DNS to:
and when I still try to join the domain I get
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "VTT-EDD.local":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.VTT-EDD.local
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
168.63.129.16
- One or more of the following zones do not include delegation to its child zone:
VTT-EDD.local
local
. (the root zone)
I can ping both the DC and the domain by name and IP, but can't join it.
After creating a ADDC in azure, joining the server to it, and adding the DC's IP to the DNS in Azure, I was able to complete the process.

Vertica Authentication Allow all IPv4

When I am creating AUTHENTICATION in vertica to allow users to connect from any IP its only allowing localhost connections.
CREATE AUTHENTICATION noIpRestictionNoTLS METHOD 'hash' HOST NO TLS '0.0.0.0/0';
Below is the document provided by Vertica which states to allow users to connect from any ipv4 address.
Please let me know what command we can use to create authentication to allow from any IP .
Authentication Diagram With Roles

How do I change my whm/cpanel to use a FQDN and SSL?

I have purchased a server through GoDaddy and when I access WHM or the CPanel, it uses the IP address of the server rather than the host name. How to I change this to use the host name and put SSL on that host name?
You could access WHM both on IP and hostname. Please check if your server actually has a valid hostname. If not, then you can't use WHM via hostname, so you'll have to configure a domain on that server and create a hostname for your WHM server.
Upon provision I was given a hostname of the form:
s192.168.2.###.secureserver.net This will not resolve in a browser. Nor will a ping -a to an IP address. It is a temporary hostname. It will work for creating resellers and putting up websites but you will not be able to secure it with an SSL cert as far as I know. You need a hostname that is also a domain that resolves to your server's primary IP address to allow login to WHM.
And the server has a requirement for hostnames as being an FQDN. The requirements for an FQDN are:
- Do not select a hostname that begins with www or a number, or a hostname that ends with a hyphen (-).
- You must use a fully-qualified domain name (FQDN) that contains two periods (for example, hostname.example.com).
- Do not choose a hostname that a cPanel account on your server will use.
- Do not choose a potential proxy subdomain as a hostname (for example, cpanel.example.com or whm.example.com).
- Do not select a socially-unacceptable hostname. The hostname will appear in mail headers.
- Only use lowercase, Latin-script letters in hostnames.
On the part that requires that you install an SSL for connecting to a URL and port number I cannot address yet but I purchased a cheam domain name from Godaddy, it was then auto parked.
Went into the DNS records for the domain and pointed the A record to the primary IP address of the server.
Record: A # 192.168.2.#### TTL: 18000
You will want to delete all the other records listed there as an FQDN cannot have any subdomain or potential proxy. So no CNAMEs allowed.
Leave Godaddy's name servers NS as they are.
Give the domain settings time to propagate. (i.e. 15min - 24hours)
Connect back to your WHM via ip (https://192.168.2.###:2087)
Navigate to Basic Setup or enter Basic Setup into the search and click on the link.
Change the NS servers at the bottom of the page to GoDaddy's name servers.
Save Settings change.
Enter the new hostname in the Set Up Networking section of WHM's Initial Setup Assistant interface.
Save your settings.
Navigate to your new domain name preceded by "https://" and followed by ":2087" (i.e https://mynewhostname.com:2087 ).
I believe this will get you at least that far for your process.

Is it possible to retrieve Elastic IP address with boto only using IAM user credentials?

Having created a boto connection with IAM user credentials, I'm not able to get Elastic IPs are being allocated by the same user:
conn = boto.ec2.connect_to_region(region, **iam_user_only_credentials)
addresses = con.get_all_addresses(filters={'public_ip': "my EIP address"})
# addresses array is empty here
Are Elastic IP addresses only associated to root credentials (AWS root credentials)? Is it possible to associate them to a user? (as mine was created being myself an IAM user -- w/ pretty much full access)
I agree. It appears that boto2 does not return addresses as documented.
Fortunately, it does function in boto3:
import boto3
client = boto3.client('ec2')
client.describe_addresses(Filters=[{'Name':'public-ip','Values':['54.XX.XX.XX']}])

IIS7 permit access only to local network

I am having a problem with the IIS 7 on a Win 2008 server. I only want to have access to it inside my network and denied access from anyone outside the network. I had created a rule to permit access to the group of computers with the IP: 192.168.0.1 (255.255.255.0). In the IIS6 this was enougth to prevent access of any IP that don't belong to the network. Any idea of how can I block these access? Thanks!
Use IP Seсurity (IP Address and Domain restrictions role for IIS7) - it allows you to block a list of IP addresses.
Look at IP Security
The same rule should work in IIS7, you may need to install the component for IP Filtering though via the Role Manager.
In addition to the built-in request filtering, there is an addon for dynamic filtering -- http://www.iis.net/download/DynamicIPRestrictions
The rule should be: 192.168.0.0 (255.255.255.0)
to allow all clients on the 192.168.0.x network access.
First edit the configuration to deny all, then add this rule

Resources