Basic Configuration of ASA

Steps for setting up Inside and ouside interface with their ip address

interface ethernet 0/0 as Insidie : 10.0.0.1            default security level 100
interface ethernet 0/0 as Outside: 170.100.100.1 default security level 0

ciscoasa> en
Password: (there is no password for first time use)
ciscoasa# configure terminal
ciscoasa(config)# interface ethernet 0/0
ciscoasa(config-if)# ip address 10.0.0.1 255.255.255.0
ciscoasa(config-if)# nameif inside
INFO: Security level for "inside" set to 100 by default.
ciscoasa(config-if)# no shutdown
ciscoasa(config-if)#
ciscoasa(config-if)# interface ethernet 0/5
ciscoasa(config-if)# ip address 170.100.100.1 255.255.255.0
ciscoasa(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
ciscoasa(config-if)# no shutdown

Confgure ASA to accept HTTPS connections from inside

Configure from global configuration

ciscoasa(config-if)# exit

ciscoasa(config)# http server enable
ciscoasa(config)# http 10.0.0.2 255.255.255.255 inside
ciscoasa(config)#
ciscoasa(config)# copy run disk0:/.private/startup-config

Source filename [running-config]?

Destination filename [/.private/startup-config]?
Cryptochecksum: a33b008e 92e77294 9d7a6088 27ff113f

1596 bytes copied in 2.420 secs (798 bytes/sec)open(ffsdev/2/write/41) failed
open(ffsdev/2/write/40) failed

ciscoasa(config)# username imran password cisco privilege 15
ciscoasa(config)#
ciscoasa(config)# copy run disk0:/.private/startup-config

Source filename [running-config]?

Destination filename [/.private/startup-config]?

%Warning:There is a file already existing with this name
Do you want to over write? [confirm]
Cryptochecksum: 231499c4 db3e4734 3c37be8e 166f9b83

1660 bytes copied in 2.850 secs (830 bytes/sec)open(ffsdev/2/write/41) failed
open(ffsdev/2/write/40) failed

REMEMBER to turnoff your local computer FIREWALL

Local PC configuration
IP of loopback interface: 10.0.0.2
copy of asdm-645-204.bin file to TFTP server directory.
Install -> Start/restart of TFTP-server and listen on loopback interface

Check connection:
ASA side

ciscoasa# ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/10 ms
ciscoasa#

Local pc side

ping from local pc to ASA inside interface:

ciscoasa(config)# copy tftp: flash:

Address or name of remote host []?  10.0.0.2

Source filename []?   asdm-645-204.bin

Destination filename  [asdm-645-204.bin]?

Accessing tftp://10.0.0.2/asdm-645-204.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing current ASDM file disk0:/asdm-645-204.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
17010808 bytes copied in 44.550 secs (386609 bytes/sec)
ciscoasa(config)#

Show flash memory to see the downloaded file.

ciscoasa(config)# show flash:

--#--  --length--  -----date/time------  path

    6  4096        Apr 05 2012 11:45:10  .private

    7  0           Apr 05 2012 11:23:19  .private/mode.dat

    8  0           Apr 05 2012 11:46:03  .private/DATAFILE

    9  1660        Apr 05 2012 11:46:03  .private/startup-config

   10  4096        Apr 05 2012 11:46:03  boot

   11  0           Apr 05 2012 11:46:03  boot/grub.conf

   12  17010808    Apr 05 2012 12:41:16  asdm-645-204.bin

255320064 bytes total (212803584 bytes free)

Download the ASDM file from ASA using browser. Use HTTPS and ip address: 10.0.0.1

Install and run the ASDM provide credentials

IP:10.0.0.1
Username:imran
Passwordd: cisco

After log-in

Now you can perform configuration using gui

Installation of GNS3 on Windows

Installation of GNS3 on Windows (7)

It is better if you have already install loopbak interface on your machine.




VMware Workstation: Download from vmware site.

Loopback interface: Installation of loopback interface on windows 7


GNS3:Download GNS3: GNS3 v08.2 all-in-on, this will intstall all necessary tools and packages.

Cisco router IOS images: Download IOS-images from this location

Cisco ASA firewall IOS and ASDM: Download ASA_IOS and ASDM-645-204

TFTP server: Download and run the setup to install.

Intrusion Detection and Prevention Using OSSEC

What is OSSEC?
According to OSSEC "It is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response."

Installation on Debian Server
I installed on Debian .6.24-19-server, already running web service.
Install environment
Make sure you have compiler e.g gcc or cc and 'make' already installed in your system, otherwise you will get error message and abort the installation process.

root@www:/usr/local/src/ossec-hids-2.4.1# apt-get install gcc

Dwonload the latest build from www.ossec.net website

Extract into folder and start installation
imran@web:~/ossec-hids-2.4.1$ tar -zxvf ossec-hids-2.4.1.tar.gz
imran@web:~/ossec-hids-2.4.1$ cd ossec-hids-2.4.1/

Run the installation script;

root@web:~/ossec-hids-2.4.1# ./install.sh
** Para instalação em português, escolha [br].
** 要使用中文进行安装, 请选择 [cn].
** Fur eine deutsche Installation wohlen Sie [de].
** Για εγκατάσταση στα Ελληνικά, επιλέξτε [el].
** For installation in English, choose [en].
** Para instalar en Español , eliga [es].
** Pour une installation en français, choisissez [fr]
** Per l'installazione in Italiano, scegli [it].
** 日本語でインストールします．選択して下さい．[jp].
** Voor installatie in het Nederlands, kies [nl].
** Aby instalować w języku Polskim, wybierz [pl].
** Для инструкций по установке на русском ,введите [ru].
** Za instalaciju na srpskom, izaberi [sr].
** Türkçe kurulum için seçin [tr].
(en/br/cn/de/el/es/fr/it/jp/nl/pl/ru/sr/tr) [en]: en

-- Press ENTER to continue or Ctrl-C to abort. --
1- What kind of installation do you want (server, agent, local or help)? local

- Local installation chosen.

2- Setting up the installation environment.

- Choose where to install the OSSEC HIDS [/var/ossec]: /var/ossec

- Installation will be made at /var/ossec .

3- Configuring the OSSEC HIDS.

3.1- Do you want e-mail notification? (y/n) [y]: y
- What's your e-mail address? imran@pingcom.net

- We found your SMTP server as: ASPMX4.GOOGLEMAIL.COM.
- Do you want to use it? (y/n) [y]: y

--- Using SMTP server: ASPMX4.GOOGLEMAIL.COM.

3.2- Do you want to run the integrity check daemon? (y/n) [y]: y

- Running syscheck (integrity check daemon).

3.3- Do you want to run the rootkit detection engine? (y/n) [y]: y

- Running rootcheck (rootkit detection).

3.4- Active response allows you to execute a specific
command based on the events received. For example,
you can block an IP address or disable access for
a specific user.
More information at:
http://www.ossec.net/en/manual.html#active-response

- Do you want to enable active response? (y/n) [y]: y

- Active response enabled.

- By default, we can enable the host-deny and the
firewall-drop responses. The first one will add
a host to the /etc/hosts.deny and the second one
will block the host on iptables (if linux) or on
ipfilter (if Solaris, FreeBSD or NetBSD).
- They can be used to stop SSHD brute force scans,
portscans and some other forms of attacks. You can
also add them to block on snort events, for example.

- Do you want to enable the firewall-drop response? (y/n) [y]: y

- firewall-drop enabled (local) for levels >= 6

- Default white list for the active response:
- xx.xx.xx.xx
- xx.xx.xx.xx

- Do you want to add more IPs to the white list? (y/n)? [n]: y
- IPs (space separated): xx.xx.xx.xx

3.6- Setting the configuration to analyze the following logs:
-- /var/log/messages
-- /var/log/auth.log
-- /var/log/syslog
-- /var/log/mail.info
-- /var/log/dpkg.log
-- /var/log/apache2/error.log (apache log)
-- /var/log/apache2/access.log (apache log)

- If you want to monitor any other file, just change
the ossec.conf and add a new localfile entry.
Any questions about the configuration can be answered
by visiting us online at http://www.ossec.net .

--- Press ENTER to continue ---

Error
Error Making os_xml
make: *** [all] Error 1

Error 0x5.
Building error. Unable to finish the installation.

Solution for above Error
root@web:# apt-get install libc6-dev

- System is Debian (Ubuntu or derivative).
- Init script modified to start OSSEC HIDS during boot.

- Configuration finished properly.

--- Press ENTER to finish (maybe more information below). ---

Configuration File is stored at
root@web:# nano /var/ossec/etc/ossec.conf
It contains the configrations

How to Start

root@web:#/var/ossec/bin/ossec-control start

How to Stop

root@web:#/var/ossec/bin/ossec-control stop


References:
http://www.ossec.net/main/manual/manual-installation
http://newyork.ubuntuforums.org/showthread.php?t=905034

Intrusion Detection Service in IPCOP

Intrusion Detection was stopped in my IPCoP, version 1.4.1, a while a go, I tried to start them all three through GUI but Got message fail to start.
I loged in in console of Ipcop.
I checked the existing version of snort, which was older than latest.

root@firewall:/etc/snort/rules # snort --version
snort: unrecognized option `--version'

,,_ -*> Snort! <*-
o" )~ Version 2.6.1.5 (Build 59)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2007 Sourcefire Inc., et al.

And when tried to start the snort using this command

root@firewall:~ # snort -c /etc/snort/snort.conf -l /var/log/snort/

I got error that there is error in line # 38 in exploit.rules file located in /etc/snort/rules/ folder.
When I tried to comment the line it gives error on line#39.

Solution
Replace the existing rules folder with working one.
For that I installed the latest snort in my laptop, and check the version.
imran@imran-laptop~ $ sudo apt-get install snort-mysql
imran@imran-laptop~ $ snort --version

,,_ -*> Snort! <*-
o" )~ Version 2.8.5.2 (Build 121)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
Copyright (C) 1998-2009 Sourcefire, Inc., et al.
Using PCRE version: 7.8 2008-09-05

and copied the rules folder in to IPcop
imran@imran-laptop~ $ scp '-P 22' exploit.rules root@10.10.0.1:/root

Then I make .tar of existing rules folder in IPCoP

root@firewall:/etc/snort/rules # tar -cvf rules.tar .

and replaced the one copied from my laptop and changed the permission to user nobody:nobody

root@firewall:/etc/snort/rules # chown -R nobody:nobody rules


Now IP cop has new rules list, although these rules were from new version of Snort 2.8.6
When I restarted snort again from console with above command, this time no error and it started straight away.
Then I can start and stop from GUI successfully.

MyCRM Connector Tool for Google Calendar Error

After installation of "MyCRM Connector Tool", followed the procedure described in manual.
The test machine shows successful result when configured Google calander under My Account.
But production CRM gives following error.

"Fatal error: Call to undefined function curl_init() in /home/path/googlecal/MyCurl.php on line 32"

The solution is install php5-curl libraries.
root@server:~# sudo apt-get install curl libcurl3
root@server:~# sudo apt-get install php5-curl
root@server:~# apt-get install php5

I also restarted the mysql server and apache2 just for precaution, not necessary.


Recheck settings after entering my Google email address it worked.
Got this message.

****** Get events from meetings
Synced successfully.
****** Get events from calls
Synced successfully.
****** Get events from tasks
Synced successfully.

Daily Backup Using RSYNC

Using these steps your system backup automatically using rsync.

Step 1: Generate a Public Key using ssh-keygen at Host machine.

root@home:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
19:44:5f:1c:92:27:26:25:9b:13:df:dc:89:71:f0:c1 root@home

Step 2: Insert the key to authorized_key at host machine
root@home:~# cd /root/.ssh/
root@home:/root/.ssh# ls
id_rsa id_rsa.pub known_hosts
root@home:/root/.ssh# cp id_rsa.pub authorized_keys
root@home:/root/.ssh# ls
authorized_keys id_rsa id_rsa.pub known_hosts
root@home:/root/.ssh#

Step 3: Copy the ~/.ssh/authorized_keys file to the remote(back) machine
As the backup machine storing backup of several machines, authorized_keys file already exits, just copy the line whole string from ~/.ssh/authorized_keys from host machine and append to the file at backup machine.

Step 4: Change permission of ~/.ssh/authorized_keys file, if needed.

#chmod 644 /.ssh/authorized_keys

Step 5: Create a script e.g backup and place in /etc/cron.daily/ and change permission to execute.

This will backup the whole machine, you can add specific files instead of /

#!/bin/sh
#
# backup
#
DEST=root@backup.yourdomain.com
RSYNC="rsync -aqP --delete -e ssh"

dpkg -l | cut -d' ' -f3 > /etc/deblist

$RSYNC / $DEST:/var/backups/.

(Optional)Step6: Change the time of /cron.daily from /etc/crontab file
So that your machines start syncing different time.

/etc/crontab
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
30 4 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

Readings
http://www.scrounge.org/linux/rsync.html

Cloning SugarCRM

Step 1: Clone the sugarcrm Directory
There is a script "CopySugarFile.sh", see script also in bottom.
Running the Script, remember you have to provide the paths both source directory and clone directory.

root@imran:~# ./sugarclone
Missing First Argument:
Syntax: copySugarFiles.sh /var/www/html/FROM_SUGAR_DIR /var/www/html/TO_SUGAR_DIR
exited with status -1

root@imran:~# ./sugarclone /var/www/sugar /var/www/clone
Compressing /var/www/sugar Sugar and saving to /home/imran/sugarFilesFromBackup201001111322.tgz
Compressing /var/www/clone Sugar and saving to /home/imran/sugarFilesToBackup201001111322.tgz
tar: Cowardly refusing to create an empty archive
Try `tar --help' or `tar --usage' for more information.
Extracting the /var/www/sugar Sugar tgz to /var/www/clone Sugar directory
Script complete.

Step2: Clone the Database

First Create a new database for Cloning e.g clone
Export the sugarcrm database using PHPMyAdmin tool e.g sugarcrm.sql
Import the sugarcrm.sql data into clone database.

root@imran:/srv/mysql# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 15595
Server version: 5.1.37-1ubuntu5 (Ubuntu)
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database clone
-> ;
Query OK, 1 row affected (0.18 sec)
mysql> GRANT ALL ON clone.* TO clone@localhost IDENTIFIED BY "clone";
Query OK, 0 rows affected (1.24 sec)
mysql>

Script

#!/bin/bash
# copySugarFiles.sh

exitcode=0
# insert the path to your production directory here to ensure nobody copies to it by mistake
blockdirprefix="/path/to/production/directory"

if [ -z "$1" ]
then
     echo -e "\nMissing First Argument:"
exitcode=-1;
elif [ "$1" = "--help" ] || [ "$1" = "-h" ]
then
exitcode=1;
elif [ -z "$2" ]
then
     echo -e "\nMissing Second Argument:"
exitcode=-2;
elif [ "$#" != "2" ] && [ "$#" != "3" ]
then
echo -e "\nInvalid number of arguments:"
exitcode=-3;
elif [ ! -d "$1" ]
then
echo -e "\nThe directory $1 doesn't exist."
exitcode=-7;
elif [ ! -d "$2" ]
then
echo -e "\nThe directory $2 doesn't exist:"
exitcode=-8;
elif [ "$1" = "$2" ]
then
echo -e "\nThe 'from' directory must be different than the 'to' directory:"
exitcode=-4;
# this checks that the blockdirprefix above is not being copied to
elif [ "${2:0:${#blockdirprefix}}" = "${blockdirprefix:0:${#blockdirprefix}}" ] && [ "$3" != "iamsure" ]
then
echo -e "\nCan't copy to production ($blockdirprefix) without third parameter of \"iamsure\""
exitcode=-10;
fi

if [ "$exitcode" -lt "0" ]
then
echo -e "Syntax: copySugarFiles.sh /var/www/html/FROM_SUGAR_DIR /var/www/html/TO_SUGAR_DIR\nexited with status $exitcode\n"
exit $exitcode;
elif [ "$exitcode" -gt "0" ]
then
echo -e "The first parameter should be the sugar directory you are copying from."
echo -e "The second parameter should be the sugar directory you are copying to."
echo -e "\nThis script will skip the following directories and files:"
echo -e "./cache\n./custom\n./config.php\n./config_override.php\n./*.log*"
exit $exitcode;
fi

date=$(date +%Y%m%d%H%M);

# Backing up the from sugar directory and saving to the user's home directory
echo -e "\nCompressing $1 Sugar and saving to $HOME/sugarFilesFromBackup$date.tgz\n"
cd "$1"
filelist=$(find . -maxdepth 1 ! -name "." ! -name "cache" ! -name "custom" ! -name "config.php" ! -name "config_override.php" ! -name "*.log*" -exec echo "{}" \;)
tarcommand="tar cfz $HOME/sugarFilesFromBackup$date.tgz $filelist"
$tarcommand;

# Backing up the from sugar directory and saving to the user's home directory
echo -e "\nCompressing $2 Sugar and saving to $HOME/sugarFilesToBackup$date.tgz\n"
cd "$2"
filelist=$(find . -maxdepth 1 ! -name "." ! -name "cache" ! -name "custom" ! -name "config.php" ! -name "config_override.php" ! -name "*.log*" -exec echo "{}" \;)
tarcommand="tar cfz $HOME/sugarFilesToBackup$date.tgz $filelist"
$tarcommand;

cd "$HOME"
# Extracting the from sugar directory to the to sugar directory
echo -e "\nExtracting the $1 Sugar tgz to $2 Sugar directory\n"
cp $HOME/sugarFilesFromBackup$date.tgz "$2"
cd "$2"
tarcommand="tar xf ./sugarFilesFromBackup$date.tgz"
$tarcommand;
rm "./sugarFilesFromBackup$date.tgz"

echo -e "\nScript complete."
exit 0

Readings
Cloning SugarCRM document
Exporting data using PHPMyAdmin

SugarCRM Changing Max file Upload Limit

In sugar while uploading a file as attachment to e.g Marketing->Accounts->youraccount->Create Note or Attachment.
I tried to upload a file size 20M, it did not attached and no error message as well. Here is to fix this.After doing the following changes, performance of site also improves.

Step 1: Change in SugarCRM
Go to Admin->System Settings->Advanced
change Maximum upload size e.g 41943040 (40M) default was 3000000 (3M)

Step 2: Change in php.ini file
Login to your server hosting the site,
Go to /etc/php5/apache2/php.ini and change the following, Max, limit 40M

       post_max_size = 40M
   upload_max_size = 40M

   max_execution_time = 1000
   max_input_time = 60
   memory_limit = 128M

imran@venus:/var/www/sugar$ sudo nano /etc/php5/apache2/php.ini

;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;

max_execution_time = 100 ; Maximum execution time of each script, in seconds, 30s default
max_input_time = 60 ; Maximum amount of time each script may spend parsing request data
;max_input_nesting_level = 64 ; Maximum input variable nesting level
memory_limit = 128M ; Maximum amount of memory a script may consume (16MB), change to 50M, 50M defau$

;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
;

; Maximum size of POST data that PHP will accept, 8M default
post_max_size = 40M


;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;

; Maximum allowed size for uploaded files. change sizd 2M to 10M, 10M default
upload_max_filesize = 40M

Save the file and exit.

Step 3: Restart the apache2 web server
imran@venus:/var/www/sugar$ sudo nano /etc/php5/apache2/php.ini

Step 4: Test the upload Limit
Go to Marketing->Accounts->youraccount->Create Note or Attachment.
and attach a file e.g 20 M, it should be attached now.

NFS on Debian/Ubuntu

Installation of NFS on server

Considering how powerful NFS is and the flexibility it gives you it is amazingly simple to set up. I expected it to be on a par with setting up Samba which can be a complete nightmare. Typically when setting up Samba one would use Swat or another configuration tool. With NFS set us is as easy as entering the paths you want exported into /etc/exports and making sure the correct packages are installed.

There are two implementations of NFS one runs in kernel space (nfs-kernel-server) the other in user space (nfs-user-server). The kernel space implementation is faster and more stable but if something goes wrong it could bring your box down. In reality the kernel space NFS implementation very rarely fails. I have been running it for years (and on at least one occasion for 150 days straight) and have had it fail only a couple of times. The times it did fail it simply needed restarting. In fact the only way I have even managed to get it to make a noise is when I had a box with a network card that was on the way out. The port on the card was bad which caused it to repeatedly drop and re-aquire the network sometimes several times a minute. After a few hours of that NFS would sometimes start to refuse new connections.

As well as the server you will need portmap. Fortunately if you chose NFS when you first installed the server you will have all the required packages already installed, configured and running.

One important point to remember when setting up NFS is to make sure that the user id (uid) of the user on the server matches the uid of the user on the local machine. NFS has no way of mapping "fred" on the local machine to "fred" on the server other than by relying on the uids being the same. Typically when you create a user the uid given is just the next one available but you can specify it explicitly.

Once you have made the required entries in /etc/exports you need to tell the NFS server about them. Typically I restart all three required utilities (portmap, nfs-kernel-server and nfs-common) as it is generally the best way to make sure everything is working correctly. See the section below on restarting NFS.

Step 0: Installation of NFS-server and NFS-client
Server:
# apt-get install nfs-kernel-server nfs-common portmap
Client
apt-get install nfs-common portmap

Step 1: Export directories on server
At server machine, export the directory in /etc/export file
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
/home 192.168.0.0/26(rw,sync)

Step 2: Restarting NFS on server

nfs-server:/samba#/etc/init.d/portmap start
nfs-server:/samba#/etc/init.d/nfs-kernel-server start
nfs-server:/samba#/etc/init.d/nfs-common start

Verify NFS is runnning
nfs-server:/samba# rpcinfo -p
  program vers proto   port
   100000    2   tcp    111  portmapper
   100000    2   udp    111  portmapper
   100004    2   udp    878  ypserv
   100004    1   udp    878  ypserv
   100004    2   tcp    881  ypserv
   100004    1   tcp    881  ypserv
   100009    1   udp    880  yppasswdd
600100069    1   udp    883  fypxfrd
600100069    1   tcp    885  fypxfrd
   100007    2   udp    892  ypbind
   100007    1   udp    892  ypbind
   100007    2   tcp    895  ypbind
   100007    1   tcp    895  ypbind
   100003    2   udp   2049  nfs
   100003    3   udp   2049  nfs
   100021    1   udp  32868  nlockmgr
   100021    3   udp  32868  nlockmgr
   100021    4   udp  32868  nlockmgr
   100005    1   udp    709  mountd
   100005    1   tcp    712  mountd
   100005    2   udp    709  mountd
   100005    2   tcp    712  mountd
   100005    3   udp    709  mountd
   100005    3   tcp    712  mountd
   100024    1   udp  32869  status
   100024    1   tcp  58711  status

Step3: Mounting NFS drives on Client
Add location with drive and options.

:  nfs  0 0

# Mounts from other hosts

nfs-server:/home           /home           nfs     rw,rsize=32768,wsize=32768,hard,intr,async      0       2


Mount also on command line
client:/# mount -t nfs nfs-server:/home /home

Verification of mounting the drive.
On Client verify the mount point

client:/# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1             2.8G  2.1G  578M  79% /
tmpfs                 126M     0  126M   0% /lib/init/rw
udev                   10M   52K   10M   1% /dev
tmpfs                 126M     0  126M   0% /dev/shm
nfs-server:/home         123G  105G   12G  90% /home

Reference
http://www.crazysquirrel.com/computing/debian/servers/nfs.jspx
http://www.debianhelp.co.uk/nfs.htm

Upgrading Subversion in Ubuntu 9.10 server

Step 1:Install the subversion
apt-get install subversion libapache2-svn

Step 2: Create the repository

svnadmin create /svn

Configuration
Edit the directory
/etc/apache2/mods-enabled/dav_svn.conf


# Uncomment this to enable the repository,
DAV svn
# Set this to the path to your repository
SVNPath /svn
# Uncomment the following 3 lines to enable Basic Authentication
AuthType Basic
AuthName “Subversion Repository”
AuthUserFile /etc/apache2/dav_svn.passwd

Require valid-user

Save and exit the file

Creation of user
htpasswd -cm /etc/apache2/dav_svn.passwd imran
New password:
Re-type new password:
Adding password for user imran

Enable ssl (if required)
#a2enmod ssl

This will enable the ssl if you have problem to set it.

Migration
Export by :Dumping the existing repository
root@jupiter:/svn# svnadmin dump svn > reposdump.dmp
Import by:
root@saturn:/srv# svnadmin load srv-jupiter < /home/imran/reposdump.dmp