Canonical Ubuntu 10.10 on Amazon EC2 + Nginx + PHP-FPM
12/31/2010 03:46:00 AM
Posted by johnhomer
This procedure was performed on a 32bit OS (Micro instance) but may also work with little or no modification. Drop me a note if you get this to work on a 64bit without modification.
1. First you need to install pre-reqs
apt-get install gcc autoconf libevent-dev libxml2-dev libssl-dev libpcre++-dev libbz2-dev libcurl4-openssl-dev libgmp3-dev libmysql++-dev libmcrypt-dev
2. Add the nginx user
useradd nginx
3. Compile and install PHP
mkdir /root/files && mkdir /etc/php.d && cd /root/files wget http://sg2.php.net/get/php-5.3.4.tar.gz/from/sg.php.net/mirror tar xvfz php-5.3.4.tar.gz && cd php-5.3.4 ./configure --host=i686-ubuntu-linux-gnu --build=i686-ubuntu-linux-gnu --target=i386-ubuntu-linux --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --cache-file=../config.cache --with-libdir=lib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --disable-debug --disable-rpath --without-pear --without-gdbm --without-gd --without-pspell --without-unixODBC --without-sqlite --without-sqlite3 --with-libxml-dir=/usr --with-pic --with-bz2 --with-curl --with-exec-dir=/usr/bin --with-freetype-dir=/usr --with-png-dir=/usr --with-gettext --with-gmp --with-iconv --with-jpeg-dir=/usr --with-openssl --with-pcre-regex=/usr --with-zlib --with-layout=GNU --with-mysql --enable-gd-native-ttf --enable-exif --enable-magic-quotes --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-wddx --enable-ucd-snmp-hack --enable-calendar --enable-xml --enable-mbstring --enable-inline-optimization --disable-dom --disable-dba --disable-pdo --disable-xmlreader --disable-xmlwriter --disable-json --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx make all install cp /root/files/php-5.3.4/php.ini-production /etc/php.ini && mv /etc/php-fpm.conf.default /etc/php-fpm.conf && cp /root/files/php-5.3.4/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm chmod +x /etc/init.d/php-fpm
4. PHP-FPM configuration
cat << END >> /etc/php-fpm.conf pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 END
5. Compile and install Nginx
cd /root/files && wget http://nginx.org/download/nginx-0.8.53.tar.gz tar xvfz nginx-0.8.53.tar.gz mkdir /etc/nginx/ && mkdir /var/log/nginx/ && cd nginx-0.8.53 ./configure --sbin-path=/usr/sbin --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --user=nginx --group=nginx --http-log-path=/var/log/nginx/access.log make && make install
6. Fast-CGI Configuration
cat << END >> /etc/nginx/fastcgi_params fastcgi_connect_timeout; fastcgi_send_timeout 180; fastcgi_read_timeout 180; fastcgi_buffer_size 128k; fastcgi_buffers 4 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; END
7. Get Nginx init script from http://wiki.nginx.org/Nginx-init-ubuntu. Make the following changes:
DAEMON=/usr/sbin/nginx NGINX_CONF_FILE="/etc/nginx/nginx.conf
8. Make Nginx and PHP-FPM run on start-up
update-rc.d nginx start 99 2 3 4 5 . stop 80 0 1 6 . update-rc.d php-fpm start 99 2 3 4 5 . stop 80 0 1 6 .
9. Setup log rotate
cat << END > /etc/logrotate.d/nginx /var/log/nginx/*.log { weekly missingok rotate 52 compress delaycompress notifempty create 640 root adm sharedscripts postrotate [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` endscript } END
10. Installing additional modules. If you want to install additional PHP modules for your applications, it's easy. All you have to do is go to your PHP source directory, compile the module and copy the compiled module to the PHP modules directory which in this case is /usr/lib/20090626. It looks something like this:
cd /root/files/php-5.3.4/ext/json phpize ./configure && make cp modules/json.so /usr/lib/20090626/ /etc/init.d/php-fpm restart
Connecting to MySQL from C -- Sample Code
9/16/2010 11:26:00 PM
Posted by johnhomer
gcc -o test $(mysql_config --cflags) test.c $(mysql_config --libs)
Code
Election 2010 Anomaly Watcher - revised
5/19/2010 07:48:00 AM
Posted by johnhomer
I modified the original script to include another check. So the script now checks for two things. First, it checks for candidates having a high percentage of votes and second, it checks for low percentage of votes in a position as compared to the total of people you actually voted. See example below:
In the figure above, the number of people who actually voted for a president is 27 but the total number of people who voted in that CP is 189. What happened to the other 162? On that same page other positions like Governor/Vice-governor looked normal.
So there is my modified script:
Howto Recompile the Kernel - UBUNTU Way
5/18/2010 03:57:00 PM
Posted by johnhomer
- You need a feature that only the newer kernel supports
- You came across a bug which is fixed in the newer version
- You have a device driver that needs kernel recompile either as a module or compiled with the kernel
- You are bored
- Update apt sources
- Install the necessary pre-requisites
- Get the kernel source
- Compile
- Install the kernel and modules
- Reboot with the new kernel
apt-get update
rm -f /bin/sh ln -s /bin/bash /bin/sh
apt-get install kernel-package libncurses5-dev fakeroot wget bzip2
cd /usr/src/
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.34.tar.bz2
tar xjf linux-2.6.34.tar.bz2
ln -s linux-2.6.34 linux
cd linux
cp /boot/config-`uname -r` ./.config
6. Now we are ready to select kernel options. This is also the time to select weather you want a driver compiled as module, with the kernel or not to include at all. You have to options in doing this -- using a nice GTK menu or using the console (curses based). The latter is usually the way to go but if you want the former make sure you install libgtk2.0-dev and libglade2-dev first. For now, we will go with the console (curses)
make menuconfig
or
make gconfig
make-kpkg clean
fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers
You can substitute anything for --append-to-version paramater as long as it starts with a "-". This string may be your version or revision number or simply just a tag.
8. When compilation is done, we can now install the new kernel and modules
cd /usr/src/ [email protected]:/usr/src# ls -la total 106128 drwxrwsr-x 5 root src 4096 2010-05-18 14:50 . drwxr-xr-x 11 root root 4096 2010-05-18 09:29 .. lrwxrwxrwx 1 root src 12 2010-05-18 09:33 linux -> linux-2.6.34 drwxr-xr-x 25 root root 4096 2010-05-18 14:48 linux-2.6.34 -rw-r--r-- 1 root src 67633622 2010-05-17 05:37 linux-2.6.34.tar.bz2 drwxr-xr-x 24 root root 4096 2010-02-10 01:07 linux-headers-2.6.32-12 drwxr-xr-x 7 root root 4096 2010-02-10 01:07 linux-headers-2.6.32-12-generic -rw-r--r-- 1 root src 6675822 2010-05-18 14:50 linux-headers-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb -rw-r--r-- 1 root src 34340580 2010-05-18 14:47 linux-image-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb
dpkg -i linux-image-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb dpkg -i linux-headers-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb
Channel Vision Telephone Lightning Protector
5/14/2010 02:07:00 PM
Posted by johnhomer
- Complies with UL 1459 and UL 1950 power cross requirements
- Passes FCC Part 68 Type A and Type B lighting tests operationally
- Provides un-balanced line over voltage and over current protection
- Automatically resets once surge condition has cleared restoring the phone line
- 4 lines in
- 4 lines out
Election 2010 Anomaly Watcher
5/13/2010 07:24:00 PM
Posted by johnhomer
wget --mirror –w 2 –-convert-links http://electionresults.ibanangayon.ph
#!/usr/bin/perl # # Election 2010 Anomaly Watcher # John Homer H Alvero # [email protected] # May 13, 2010 use HTML::TableExtract; use LWP::Simple; # SearchFor: # Possible Values: # # 1 = President # 3 = Vice President # 5 = Senator # 7 = Party List my $SearchFor = 1; my $mirror = "/var/www/election/electionresults.ibanangayon.ph/"; my $threshold = 90; &check_folders($mirror); # SUB(s) sub check_folders { my($dir) = @_; local (*FOLDER); my(@subfiles, $file, $specfile); opendir(FOLDER, $dir) or die "cannot open $dir"; @subfiles = readdir(FOLDER); closedir(FOLDER); foreach $file (@subfiles) { $specfile = $dir . $file; if (-f $specfile && $file =~ m/\S+\.html/) { my $page = get("file://" . $specfile) or die $!; $te = HTML::TableExtract->new( headers => [qw(Candidate Votes Percentage)], depth => 0, count => $SearchFor ); $te->parse($page); foreach $ts ($te->tables) { foreach $row ($ts->rows) { chop( $votes = @$row[2]); if ($votes > $threshold) { print "Found filename " . $specfile . " name:" . @$row[0] . " at $votes%" . "\n"; } } } #Check for Subdirectories (not really needed) } elsif (-d $specfile) { if ($specfile !~ m/\S+\.$/) { &check_folders($specfile . "\/"); } }#if }#for }#sub
[email protected]:/home/john/ibangangayon/124.105.166.195# /root/table.pl Found filename res_reg3629006.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg3615004.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg3636022.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg5512002.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg313022.html name:AQUINO, Benigno Simeon III C. at 99.20% Found filename res_reg3516000.html name:AQUINO, Benigno Simeon III C. at 98.20% Found filename res_reg3807028.html name:VILLAR, Manuel Jr B. at 99.09% Found filename res_reg3826010.html name:VILLAR, Manuel Jr B. at 99.49% Found filename res_reg6615003.html name:VILLAR, Manuel Jr B. at 98.15% Found filename res_reg3601016.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg705032.html name:AQUINO, Benigno Simeon III C. at 98.55% Found filename res_reg3812027.html name:AQUINO, Benigno Simeon III C. at 99.64% Found filename res_reg6610016.html name:TEODORO, Gilberto Jr. C. at 98.01% Found filename res_reg6606006.html name:AQUINO, Benigno Simeon III C. at 98.35% Found filename res_reg3807036.html name:VILLAR, Manuel Jr B. at 98.84% Found filename res_reg3835015.html name:VILLAR, Manuel Jr B. at 98.18% Found filename res_reg302019.html name:AQUINO, Benigno Simeon III C. at 98.88% Found filename res_reg3812029.html name:AQUINO, Benigno Simeon III C. at 99.67% Found filename res_reg705034.html name:AQUINO, Benigno Simeon III C. at 98.79% Found filename res_reg3826008.html name:VILLAR, Manuel Jr B. at 98.97% Found filename res_reg3803017.html name:TEODORO, Gilberto Jr. C. at 98.32% Found filename res_reg3803013.html name:TEODORO, Gilberto Jr. C. at 98.92% Found filename res_reg3807018.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg3835014.html name:VILLAR, Manuel Jr B. at 98.73% Found filename res_reg3832009.html name:TEODORO, Gilberto Jr. C. at 99.24% Found filename res_reg3812064.html name:AQUINO, Benigno Simeon III C. at 99.29% Found filename res_reg3617010.html name:VILLAR, Manuel Jr B. at 99.34% Found filename res_reg3807023.html name:TEODORO, Gilberto Jr. C. at 99.57% Found filename res_reg3626009.html name:AQUINO, Benigno Simeon III C. at 98.84% Found filename res_reg702017.html name:AQUINO, Benigno Simeon III C. at 98.02% Found filename res_reg3832010.html name:TEODORO, Gilberto Jr. C. at 99.37% Found filename res_reg3812047.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg6615012.html name:VILLAR, Manuel Jr B. at 99.19% Found filename res_reg3812050.html name:AQUINO, Benigno Simeon III C. at 99.87% Found filename res_reg3629002.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg6607015.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg6610014.html name:TEODORO, Gilberto Jr. C. at 98.87% Found filename res_reg4406026.html name:TEODORO, Gilberto Jr. C. at 100.00% Found filename res_reg4406026.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg4406026.html name:PERLAS, Jesus Nicanor P. at 100.00% Found filename res_reg4406026.html name:DE LOS REYES, John Carlos G. at 100.00% Found filename res_reg4406026.html name:ESTRADA EJERCITO, Joseph M. at 100.00% Found filename res_reg4406026.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg4406026.html name:VILLANUEVA, Eduardo C. at 100.00% Found filename res_reg4406026.html name:MADRIGAL, Jamby A. at 100.00% Found filename res_reg4406026.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg4406026.html name:GORDON, Richard J. at 100.00% Found filename res_reg112002.html name:TEODORO, Gilberto Jr. C. at 98.33% Found filename res_reg6606002.html name:AQUINO, Benigno Simeon III C. at 98.58% Found filename res_reg3832011.html name:TEODORO, Gilberto Jr. C. at 99.61% Found filename res_reg3629018.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg6610010.html name:TEODORO, Gilberto Jr. C. at 99.37% Found filename res_reg5535035.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg5535035.html name:VILLANUEVA, Eduardo C. at 100.00% Found filename res_reg5535035.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg5535035.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg5535035.html name:DE LOS REYES, John Carlos G. at 100.00% Found filename res_reg5535035.html name:ESTRADA EJERCITO, Joseph M. at 100.00% Found filename res_reg5535035.html name:GORDON, Richard J. at 100.00% Found filename res_reg5535035.html name:MADRIGAL, Jamby A. at 100.00% Found filename res_reg5535035.html name:PERLAS, Jesus Nicanor P. at 100.00% Found filename res_reg5535035.html name:TEODORO, Gilberto Jr. C. at 100.00% Found filename res_reg3812025.html name:AQUINO, Benigno Simeon III C. at 99.62% Found filename res_reg7001014.html name:TEODORO, Gilberto Jr. C. at 99.70% Found filename res_reg3812069.html name:AQUINO, Benigno Simeon III C. at 99.58% Found filename res_reg1529053.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg1529053.html name:VILLANUEVA, Eduardo C. at 100.00% Found filename res_reg1529053.html name:PERLAS, Jesus Nicanor P. at 100.00% Found filename res_reg1529053.html name:TEODORO, Gilberto Jr. C. at 100.00% Found filename res_reg1529053.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg1529053.html name:MADRIGAL, Jamby A. at 100.00% Found filename res_reg1529053.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg1529053.html name:GORDON, Richard J. at 100.00% Found filename res_reg1529053.html name:DE LOS REYES, John Carlos G. at 100.00% Found filename res_reg1529053.html name:ESTRADA EJERCITO, Joseph M. at 100.00% Found filename res_reg3818005.html name:AQUINO, Benigno Simeon III C. at 98.55% Found filename res_reg3637008.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg3833002.html name:AQUINO, Benigno Simeon III C. at 99.59% Found filename res_reg3807022.html name:TEODORO, Gilberto Jr. C. at 99.67% Found filename res_reg3802024.html name:AQUINO, Benigno Simeon III C. at 99.37% Found filename res_reg3836018.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg3635006.html name:TEODORO, Gilberto Jr. C. at 98.31% Found filename res_reg3803011.html name:TEODORO, Gilberto Jr. C. at 98.98% Found filename res_reg3807007.html name:VILLAR, Manuel Jr B. at 98.72% Found filename res_reg3835017.html name:VILLAR, Manuel Jr B. at 99.11% Found filename res_reg6610001.html name:TEODORO, Gilberto Jr. C. at 99.59% Found filename res_reg3114084.html name:BINAY, Jejomar C. at 100.00% Found filename res_reg3114084.html name:CHIPECO, Dominador Jr F. at 100.00% Found filename res_reg3114084.html name:FERNANDO, Bayani F. at 100.00% Found filename res_reg3114084.html name:LEGARDA, Loren B. at 100.00% Found filename res_reg3114084.html name:MANZANO, Eduardo B. at 100.00% Found filename res_reg3114084.html name:ROXAS, Manuel A. at 100.00% Found filename res_reg3114084.html name:SONZA, Jose Y. at 100.00% Found filename res_reg3114084.html name:YASAY, Perfecto R. at 100.00% Found filename res_reg3812057.html name:AQUINO, Benigno Simeon III C. at 98.96% Found filename res_reg3812014.html name:AQUINO, Benigno Simeon III C. at 98.59% Found filename res_reg3812019.html name:AQUINO, Benigno Simeon III C. at 98.92% Found filename res_reg6604024.html name:VILLAR, Manuel Jr B. at 98.72% Found filename res_reg5527039.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg5527039.html name:VILLANUEVA, Eduardo C. at 100.00% Found filename res_reg5527039.html name:DE LOS REYES, John Carlos G. at 100.00% Found filename res_reg5527039.html name:ESTRADA EJERCITO, Joseph M. at 100.00% Found filename res_reg5527039.html name:TEODORO, Gilberto Jr. C. at 100.00% Found filename res_reg5527039.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg5527039.html name:PERLAS, Jesus Nicanor P. at 100.00% Found filename res_reg5527039.html name:MADRIGAL, Jamby A. at 100.00% Found filename res_reg5527039.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg5527039.html name:GORDON, Richard J. at 100.00% Found filename res_reg3836013.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg3817021.html name:ESTRADA EJERCITO, Joseph M. at 98.65% Found filename res_reg705005.html name:AQUINO, Benigno Simeon III C. at 98.51% Found filename res_reg3637017.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg3601017.html name:MADRIGAL, Jamby A. at 300.00% Found filename res_reg3601017.html name:ACOSTA, Vetellano S. at 300.00% Found filename res_reg3601017.html name:GORDON, Richard J. at 300.00% Found filename res_reg3601017.html name:DE LOS REYES, John Carlos G. at 300.00% Found filename res_reg3601017.html name:ESTRADA EJERCITO, Joseph M. at 300.00% Found filename res_reg3601017.html name:VILLAR, Manuel Jr B. at 300.00% Found filename res_reg3601017.html name:TEODORO, Gilberto Jr. C. at 300.00% Found filename res_reg3601017.html name:PERLAS, Jesus Nicanor P. at 300.00% Found filename res_reg3601017.html name:AQUINO, Benigno Simeon III C. at 300.00% Found filename res_reg3601017.html name:VILLANUEVA, Eduardo C. at 300.00%
Booting with OCZ Vertex 60GB SSD
3/18/2010 03:49:00 PM
Posted by johnhomer
I recently got i nice piece of hardware and I love it. It is intended for a VoIP asterisk server but I took the liberty of testing it first with common operating system (Windows XP, Ubuntu). Here is what I got.
Beginning subversion - svn for the n00b
3/18/2010 11:43:00 AM
Posted by johnhomer
I compiled a small set of commands for the svn newbie like me. I will update this post whenever needed as I am still learning it myself.
# Create a repository svnadmin create d:\repos\dbf2009 # Import initial files to repository svn import -m "Initial Import" DBF2009 svn://ip.address/dbf2009 --username harry # Checkout svn co svn://ip/reponame #checkout from same machine svn co file:///e:/repos/dbf2009 # Update working copy (local copy) svn update # See overview of changed files (comparison from .svn) svn status # See defailed info of cahnged files (comparison from server) svn status -u -v # Commit changes to svn server svn commit -m "testing lang" # See defailed diff svn diff # Schedule addition of a file or directory svn add# Rename a repository # There is no rename command, create a new repo, create a dump file from the old repo, # load the dump file to the new repo. Don't forget to fix permissions in config directory svnadmin create /path/to/new/repository/ svnadmin dump /the/path/to/old/repository/ > old-repo.dump svnadmin load /the/path/to/new/repository/ < old-repo.dump
Basic IPTABLES Firewall Script
3/09/2010 01:56:00 PM
Posted by johnhomer
./iptables.sh start
or
./iptables.sh stop
#!/bin/sh # John Homer H Alvero # [email protected] # March 9, 2010 set -e iptables="/sbin/iptables" modprobe="/sbin/modprobe" dnsIP="8.8.8.8" #IP Address of DNS server allow_tcp="80 22" #This will allow SSH and HTTP, add more ports as needed allow_udp="" load () { echo "Loading Kernel modules" $modprobe ip_tables $modprobe ip_conntrack $modprobe iptable_filter $modprobe ipt_state echo "Kernel modules loaded." echo "Loading rules" #Set Default policy $iptables -P FORWARD DROP $iptables -P INPUT DROP $iptables -P OUTPUT DROP #Allow RELATED and ESTABLISHED connections $iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #Allow traffic to localhost $iptables -A INPUT -s 127.0.0.1 -j ACCEPT #Allow DNS Queries to DNS Server $iptables -A INPUT -p udp -s $dnsIP/32 --source-port 53 -d 0/0 --destination-port 1024:65535 -j ACCEPT $iptables -A OUTPUT -p udp --destination $dnsIP --dport 53 -j ACCEPT if [ -n "$allow_tcp" ]; then for i in $allow_tcp do $iptables -A INPUT -p tcp -m tcp --destination-port $i -j ACCEPT done fi if [ -n "$allow_udp" ]; then for i in $allow_udp do $iptables -A INPUT -p udp --destination-port $i -j ACCEPT done fi #Add additional rules here. echo "Rules loaded." } flush () { echo "Flushing rules..." $iptables -P FORWARD ACCEPT $iptables -P OUTPUT ACCEPT $iptables -P INPUT ACCEPT $iptables -F echo "Rules flushed." } case "$1" in start|restart) flush load ;; stop) flush ;; *) echo "usage: start|stop|restart" ;; esac exit 0
Ubuntu 9.10 + Asterisk + Asterisk-GUI Installation
2/25/2010 11:22:00 AM
Posted by johnhomer
- Ubuntu 9.10 Karmic
- Asterisk 1.4.30-rc2
- libpri 1.4.10.2
- dahdi drivers/tools 2.2.1
- asterisk-gui 2.0
sudo apt-get install linux-headers-$(uname -r) build-essential autoconf automake autotools-dev bison flex libncurses5-dev libssl-dev libtool subversion svn-buildpackage libxml2-dev
sudo mkdir /usr/src/asterisk
sudo cd /usr/src/asterisk
sudo wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.4.30-rc2.tar.gz
sudo wget http://downloads.asterisk.org/pub/telephony/libpri/releases/libpri-1.4.10.2.tar.gz
sudo wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/releases/dahdi-linux-complete-2.2.1+2.2.1.tar.gz
sudo svn co http://svn.digium.com/svn/asterisk-gui/branches/2.0 asterisk-gui
sudo tar -xvf asterisk-1.4.30-rc2.tar.gz
sudo tar -xvf libpri-1.4.10.2.tar.gz
sudo tar -xvf dahdi-linux-complete-2.2.1+2.2.1.tar.gz
cd libpri-1.4.10.2
sudo make clean
sudo make
sudo make install
cd ..
cd dahdi-linux-complete-2.2.1+2.2.1
sudo make
sudo make install
6. Asterisk
cd ..
cd asterisk-1.4.30-rc2
sudo make clean
sudo ./configure
sudo make install
sudo make samples
sudo make config
cd ../asterisk-gui
sudo make clean
sudo ./configure
sudo make
sudo make install
sudo vim /etc/asterisk/http.conf
[general]
enabled=yes
enablestatic=yes
bindaddr=0.0.0.0 or your IP Server
bindport=8088
sudo vi /etc/asterisk/manager.conf
[general]
enabled = yes
webenabled = yes
port = 5038
bindaddr = 0.0.0.0 or your IP Server
[admin]
secret = yourpassword
read = system,call,log,verbose,command,agent,user,config
write = system,call,log,verbose,command,agent,config
Windows 2003 RAID1 mini HOW TO (recovering from a failed drive) - Part 2
2/22/2010 11:12:00 AM
Posted by johnhomer
Do the same to other partitions.
Windows 2003 RAID1 mini HOW TO - Part 1
2/19/2010 09:50:00 AM
Posted by johnhomer
- At least two hard-disk drives; IDE, small computer system interface (SCSI), or mixed architecture is permissible.
- The second drive must be at least the size of the volume on which the operating system boot and system files reside to permit mirroring.
- The Windows Server 2003 system and boot files must reside on the same volume to be mirrored.
- To add a mirror to the primary drive for redundancy so that when either of the drive fails, quick recovery can be done.
3. Tick Disk0 and Disk1 and click OK.
5. The next menu is a warning that other operating systems installed on any volumes on any disks can no longer start. Make sure that you are not dual booting other operating systems. Click Yes to proceed.
6. Now for the final confirmation. Click Yes to proceed.
7. Click OK when prompted. This will restart your server.
9. That completes the process of converting to dynamic disks. You can now proceed to adding actual mirror.
4. The partition will now sync to the second drive. Notice that the mirrored partition will now be color coded. It will look something like this.
5. Repeat the same step to the second partition.
When the sync-ing process is done. You now have a RAID 1 system when means, you have 1 parity. Your data is safe even if 1 drive fails.
Untangle UTM IPS Update Script
2/17/2010 09:30:00 AM
Posted by johnhomer
psql -e -f newrules.sql uvm postgres
#! /bin/bash # John Homer H Alvero # Feb 13, 2010 # Change to working directory cd /root/emergingthreats RULEFILE='emerging-all.rules' LIVE="t" LOGGING="t" /usr/bin/wget http://www.emergingthreats.net/version.txt if [ "$?" -ne "0" ]; then # failed download - abort run exit fi exec < version.txt read CURRENTVERSION echo $CURRENTVERSION exec < oldversion.txt read OLDVERSION echo $OLDVERSION if [ ${CURRENTVERSION} -eq ${OLDVERSION} ]; then echo "same release available - checking next for updates to exceptions" rm -f version.txt* else echo "new version available" rm -f $RULEFILE /usr/bin/wget http://www.emergingthreats.net/rules/$RULEFILE if [ "$?" -ne "0" ]; then echo "failed retrieve of new files - exiting" exit 3 fi mv version.txt oldversion.txt rm -f version.txt* # Process file now echo "delete from n_ips_rule where Category = 'EmergingThreat';">newrules.sql RACK=( ) DATA=`psql -c "SELECT settings_id from n_ips_settings;" uvm postgres` for d in $DATA do if [ -z "$(echo "$d" |\ sed 's/[0-9]//g;s/[0-9]//g;s/\.//' \ )" ] ; then RACK=`echo " $RACK $d" ` fi done CUSTOMSID=50000 exec <$RULEFILE while read RULES do CHAR1=`echo $RULES|awk '{print substr($0,1,1)}'` WORD1=`echo $RULES|awk '{print $1}'` if [ "$CHAR1" = "#" ]; then DESCRIPTION=`echo $RULES|awk '{gsub(/\047/,"");print substr($0,1,60)}'` elif [ "$WORD1" = "alert" ]; then RULE=`echo -e $RULES|awk '{sub(/alert /,"");gsub(/\047/,"");print}'` SID=`echo $RULES|awk '{FS=";";;print $(NF-1)}'|awk '{sub(/sid:/,"");sub(/;/,"");print $0}'` NAME="Name" CATEGORY="EmergingThreat" ALERT="f" SETTINGSID=$CURRENTVERSION for r in $RACK do echo -e "INSERT INTO n_ips_rule (rule_id, rule, sid, name, category, description, live, alert, log, settings_id)" \ " VALUES ( $CUSTOMSID, \047$RULE\047, $SID , \047$NAME\047, \047$CATEGORY\047," \ " \047$DESCRIPTION\047, \047$LIVE\047, \047$ALERT\047, \047$LOGGING\047, \047" \ "$r\047);" >>newrules.sql CUSTOMSID=$(($CUSTOMSID+1)) done fi done fi echo "Done generating SQL" echo "Load SQL with psql -e -f newrules.sql uvm postgres"
e-RPTS RFI Vulnerability
2/12/2010 05:21:00 PM
Posted by johnhomer
Cisco Router Provider / Subscriber Configuration
2/06/2010 09:05:00 AM
Posted by johnhomer
Current configuration : 3467 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname CiscoHost ! ! enable secret 5 $1$JGXe$Y2vHtRP89namalZbyeMG./ enable password 7 104D010A0618 ! username root password 7 0449030F15400D1A5A ip subnet-zero ! ! no ip domain-lookup ip name-server 8.8.8.8 ip name-server 8.8.4.4 ! ! interface FastEthernet0/0 description connected to EthernetLAN ip address x.x.x.197 255.255.255.192 duplex auto speed auto ! interface Serial0/0 no ip address encapsulation frame-relay IETF frame-relay lmi-type ansi ! interface Serial0/0.200 point-to-point description Link to upstream provider bandwidth 2048 ip address x.x.x.2 255.255.255.252 frame-relay interface-dlci 200 IETF ! interface Serial0/0.201 point-to-point description frame-relay to Site1 ip address 10.1.10.9 255.255.255.252 frame-relay interface-dlci 201 IETF ! interface Serial0/0.205 point-to-point description frame-relay to Site2 ip address 10.1.10.25 255.255.255.252 frame-relay interface-dlci 205 IETF ! interface FastEthernet0/1 no ip address shutdown ! interface Serial0/1 no ip address description This interface is for another carrier's backhaul encapsulation frame-relay IETF frame-relay lmi-type ansi ! interface Serial0/1.25 point-to-point description frame-relay link to Site3 ip address 10.1.10.13 255.255.255.252 frame-relay interface-dlci 25 IETF ! interface Serial0/1.30 point-to-point description frame-relay link to Site4 ip address 10.1.10.33 255.255.255.252 frame-relay interface-dlci 30 IETF ! ip classless ip route 0.0.0.0 0.0.0.0 202.78.109.1 ip route x.x.x.224 255.255.255.248 10.1.10.6 ip route x.x.x.232 255.255.255.248 10.1.10.10 ip route x.x.x.240 255.255.255.248 10.1.10.14 ip route x.x.x.248 255.255.255.248 10.1.10.18 ip route x.x.x.0 255.255.255.248 10.1.10.22 ip route x.x.x.8 255.255.255.248 10.1.10.30 ip route x.x.x.16 255.255.255.248 10.1.10.26 ip route x.x.x.24 255.255.255.248 10.1.10.34 no ip http server ip pim bidir-enable ! ! line con 0 exec-timeout 0 0 password 7 1511021A0725 line aux 0 line vty 0 4 exec-timeout 0 0 password 7 02050D300809 login authentication local ! ! end
Using 1540 out of 32762 bytes ! version 11.2 no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Site1 ! enable secret 5 $1$38vT$uCzNqai0a69mBYhyadqnS/ enable password secretpassword ! ! interface Ethernet0 ip address x.x.x.17 255.255.255.248 no ip route-cache no ip mroute-cache ! interface Serial0 no ip address encapsulation frame-relay IETF frame-relay lmi-type ansi ! interface Serial0.100 point-to-point description frame-relay link to Upstream provider ip address 10.1.10.10 255.255.255.252 frame-relay interface-dlci 200 IETF ! interface Serial1 shutdown ! no ip classless ip route 0.0.0.0 0.0.0.0 10.1.10.9 ! line con 0 exec-timeout 2 0 password secretpassword login line aux 0 password secretpassword login transport input all line vty 0 4 password secretpassword login ! end
FreeBSD PF Script
2/05/2010 08:50:00 AM
Posted by johnhomer
Sample pf script for FreeBSD. This is what i used and it worked for me. WMMV
#! /bin/sh /sbin/ipfw -f flush # Block an IP address from connecting to external hosts/servers /sbin/ipfw add deny tcp from 192.168.1.57 to any # Redirect port all http traffic to a local proxy server /sbin/ipfw add fwd [ip.address.of.proxy],3128 tcp from any to any 80 # IPNAT /sbin/ipfw add divert natd all from any to any via dc0 # Some traffic shapping ipfw add pipe 2 ip from any to 192.168.1.101 ipfw pipe 2 config bw 33Kbit/s ipfw add pipe 3 ip from any to 192.168.1.102 ipfw pipe 3 config bw 512Kbit/s /sbin/ipfw add pass all from any to any
WiFiCalc
2/03/2010 04:39:00 PM
Posted by johnhomer
RFIScan - a Remote File Include Vulnerability Scanner
2/02/2010 02:52:00 PM
Posted by johnhomer
I wrote a perl script to find for RFI vulnerabilities in PHP scripts. It takes a folder name as paramater. The script will scan the specified folder and its sub-folders recursively.
usage: ./scan /var/www/html/
#!/usr/bin/perl # # PHP RFI Vulnerability Scanner # John Homer H Alvero # Feb. 1, 2010 my $file = ''; my @filelist = (); my $txt_folder = $ARGV[0] . '/'; my $check_declarations = 1; my $found = 0; &check_folders($txt_folder); if ($found) { print "RFI Vulnerability Found!\n"; } else { print "No vulnerability found\n"; } # SUB(s) sub check_folders { my($dir) = @_; local (*FOLDER); my @fileVars = (); my $lineVar; my(@subfiles, $file, $specfile); opendir(FOLDER, $dir) or die "cannot open $dir"; print "opening folder $dir \n"; @subfiles = readdir(FOLDER); closedir(FOLDER); foreach $file (@subfiles) { $specfile = $dir . $file; if (-f $specfile && $file =~ m/\S+\.php/) { open FILE, "<", $specfile or die $!; my $line_ctr = 0; print "in file $specfile\n"; while (< FILE >) { $line_ctr++; if ($_ =~ m/^(\s|\t)*(include|include\_once|require|require\_once)\s*\(?\s*\$\w*\s*\)?/) { my ($line1,$line2,$line3) = $_ =~ m/^(\s|\t)*(include|include\_once|require|require\_once)\s*\(?\s*(\$\w+)\s*\)?/; if ($check_declarations) { if (!(chomp($line2) !~ @fileVars)) { print "Line No: $line_ctr $_"; $found = 1; } } else { print "Line No: $line_ctr $_"; $found = 1; } } if ($_ =~ m/^(\s*\$\S*\s*\=\s*)/i) { my ($lineVar) = $_ =~ m/^(\s*\$\S*)/i; push(@fileVars,$lineVar); } } close(FILE); @fileVars = (); } elsif (-d $specfile) { if ($specfile !~ m/\S+\.$/) { &check_folders($specfile . "\/"); } }#if }#for }#sub
bash looping
1/30/2010 09:52:00 AM
Posted by johnhomer
#!/bin/bash for i in 1 2 3 4 5 do echo "Number $i" done
1 2 3 4 5
#!/bin/bash for i in $(seq 1 2 20) do echo "Number $i" done
1 3 5 7 9 11 13 15 17 19
#!/bin/bash for (( c=1; c<=5; c++ )) do echo "Number $c" done
#!/bin/bash for (( ; ; )) do echo "infinite loops [ hit CTRL+C to stop]" done
#!/bin/bash for file in /etc/* do echo $file done
whowas.pl - a radius current user viewer
1/27/2010 01:44:00 PM
Posted by johnhomer
Usage:
Make sure to set +x attribute to whowas.pl.
$ chmod +x whowas.pl
Software syntax:
$ whowas.pl <detail_file> <date_time>
e.g.
$ whowas.pl detail "2004-1-10 11:00:00"
The above line will display users currently logged in at "2004-1-10 11:00:00"
Code:
#!/usr/bin/perl # John Homer H Alvero # Jan. 11, 2004 use HTTP::Date; my $Line; my @Record; my $SearchTime = $ARGV[1]; #$ARGV[1]; my $SearchTimestamp = str2time($SearchTime); sub ProcessRec { my $Header; my %AuthRec; my $Fieldname; my $Value; my $Login; my $Logout; $Header = $Record[0]; for ($i = 1; $i <= $#Record; $i++) { ($Fieldname, $Value) = split("=",$Record[$i]); $Fieldname =~ s/\t//g; $Fieldname =~ s/ //g; $Value =~ s/ //g; $Value =~ s/\"//g; chomp($Value); $AuthRec{$Fieldname} = $Value; } $Login = scalar($AuthRec{"Timestamp"}) - scalar($AuthRec{"Acct-Session-Time"}); $Logout = scalar($AuthRec{"Timestamp"}); if ($AuthRec{"Acct-Status-Type"} =~ /Stop/) { if (($SearchTimestamp >= $Login) && ($SearchTimestamp <= $Logout)) { print $AuthRec{"User-Name"} . "\t\t" . $AuthRec{"Framed-IP-Address"} . "\t\t" . $AuthRec{"NAS-Port"} . "\n"; } } } open(FILE1,$ARGV[0]); while () { $Line = $_; if ($Line eq "\n") { ProcessRec; @Record = (); end; } else { push @Record, $Line; } } close(FILE1);
Sending / Receiving a file using hping
1/25/2010 05:10:00 PM
Posted by johnhomer
[host_a]# hping2 host_b --udp -p 53 -d 100 --sign signature --safe --file /etc/passwd
On the receiving host, do this:
[host_b]# hping2 host_a --listen signature --safe --icmp
Sending email direct to qmail-queue with DKIM
1/24/2010 05:07:00 PM
Posted by johnhomer
#!/usr/bin/perl # John Homer H Alvero # Oct 24, 2008 use Mail::QmailQueue; use Mail::DomainKeys::Message; use Mail::DomainKeys::Key::Private; $FinalString = <<EOS; From: user\@domain.com MIME-Version: 1.0 Subject: Hello World To: target\@gmail.com Test Email! This mail should have valid domain keys. EOS open my $fh_message, '<', \ $FinalString; my $mail = load Mail::DomainKeys::Message(File => $fh_message) or die "unable to load message"; my $priv = load Mail::DomainKeys::Key::Private(File => "/path/to/private/key/file") or die "unable to load key"; $mail->sign(Method => "nofws", Selector => "private", Private => $priv); $signature = $mail->signature->as_string; my $qmail = Mail::QmailQueue->new("/var/qmail/bin/qmail-queue"); $qmail->sender('[email protected]'); $qmail->recipient('[email protected]'); $qmail->data('DomainKey-Signature: ' . $signature .';' . "\r\n" . $FinalString); $qmail->send; close fh_message;
asterisk cheat-sheet
1/23/2010 04:41:00 PM
Posted by johnhomer
Command | Description |
---|---|
reload | soft-restarts Asterisk and updates internal configs with changes you’ve made to /etc/asterisk/* - does not hang up calls |
sip no debug | Disable SIP debugging |
show dialplan | shows the full dialplan of how your calls will be handled |
sip show peers | shows all registered SIP clients |
sip show channels | shows current “live” channels that are in use by SIP clients (off-hook) |
sip show registry | this command will show you the status of any SIP connections with remote hosts. (eg: Your VOIP carrier.) If you have an authenticated connection with them, it will show as registered otherwise it will show it as unregistered. |
sip show users | this command will show you a list of all the SIP Users setup in the sip.conf - along with their secret password. This is great for when you go to setup the phones. |
database show | database Dump |
sip debug ip | Enable SIP debugging on IP |
sip debug peer | Enable SIP debugging on Peername |
sip no debug | Disable SIP debugging |
stop gracefully | shuts down Asterisk after all calls have hung up |
stop now | shuts down Asterisk, hanging up any current calls |
Outlook 2007 + OpenLdap + CentOS 5.2
1/22/2010 03:30:00 PM
Posted by johnhomer
yum install openldap-servers.i386
2. Install LDAP clients
yum install openldap-clients.i386
3. Edit the file /etc/openldap/slapd.conf. Make necessary changes specially “dc=companyname,dc=com”
suffix “dc=companyname,dc=com”
rootdn “cn=manager,dc=companyname,dc=com”
rootpw {SSHA}wCaiPZjCvjCbQX7xp8j/95zBnl9XQQIj
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
5. Restart the LDAP service
service ldap restart