Wednesday, December 26, 2012

possible SYN flooding on port 80.

Issue:

possible SYN flooding on port 80.
internal dummy connection

1, original rules

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited


Canon PIXMA iX6520 Inkjet Business Printer 4895B002 (Google Affiliate Ad)
COMMIT

1, iptables rules
# Generated by iptables-save v1.4.7 on Wed Dec 26 16:40:57 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [68044:6930314]
:syn_flood - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A syn_flood -m limit --limit 1/sec --limit-burst 3 -j RETURN
-A syn_flood -j DROP
COMMIT

Tuesday, December 25, 2012

install cuckoo 5.0

1, install magic
Magic (Optional): for identifying files’ formats (otherwise use “file” command line utility)

2, install bottle
sudo easy_install -U bottle

bottle.py --version
Bottle 0.11.4


3, install   mongoDB
 sudo easy_install pymongo

Tuesday, December 11, 2012

get external ip

[root@ris cg]# curl http://ipecho.net/plain; echo
18.6.46.146

ssh: Could not resolve hostname note2: Name or service not known

 need to add node2.home


127.0.0.1   note1 localhost localhost.localdomain
::1         note1 localhost localhost.localdomain
192.168.1.239 node1.home  node1
192.168.1.238 node2.home  note2

hadoop tutorial

single node
http://www.michael-noll.com/tutorials/running-hadoop-on-ubuntu-linux-single-node-cluster/

Multi-Node Cluster

http://www.michael-noll.com/tutorials/running-hadoop-on-ubuntu-linux-multi-node-cluster/

Wednesday, December 5, 2012

ruby dbi error : uninitialized constant Mysql::Driver

need to install dbd-mysql

[cg@centos63 webbot]$ sudo gem install dbd-mysql

2.1 Make the file under certain folder not accessable directly




      .htaccess

We can modify the .htaccess file to achieve  this.


RewriteEngine On
Options –Indexes
RewriteRule ^(.+)$ /access_file.php [L,R]     
Make sure access_file.php is not in the same folder; otherwise it will generate a redirect loop

Tuesday, December 4, 2012

clear tomcat cache

CLEAR TOMCAT CACHE in /opt/tomcat/work/Catalina/localhost/aaa

libxml2 is missing - install nokogiri - centos

[cg@centos63 webbot]$ sudo yum install libxml2-devel libxslt-devel




[cg@centos63 webbot]$ sudo /usr/local/bin/gem install nokogiri
Building native extensions.  This could take a while...
Successfully installed nokogiri-1.5.5
1 gem installed
Installing ri documentation for nokogiri-1.5.5...
Installing RDoc documentation for nokogiri-1.5.5...

ruby - create a resource / table

[cg@centos63 virusdepot]$ rails generate scaffold Viursdb id:integer docid:integer severity:string vname:string vtype:string discovered:string vlink:string vendor:string summary:text details:text






[cg@centos63 virusdepot]$ rake db:migrate
==  CreateViursdbs: migrating =================================================
-- create_table(:viursdbs)
   -> 0.1339s
==  CreateViursdbs: migrated (0.1342s) ========================================


mysql> desc viursdbs;
+------------+--------------+------+-----+---------+----------------+
| Field      | Type         | Null | Key | Default | Extra          |
+------------+--------------+------+-----+---------+----------------+
| id         | int(11)      | NO   | PRI | NULL    | auto_increment |
| docid      | int(11)      | YES  |     | NULL    |                |
| severity   | varchar(255) | YES  |     | NULL    |                |
| vname      | varchar(255) | YES  |     | NULL    |                |
| vtype      | varchar(255) | YES  |     | NULL    |                |
| discovered | varchar(255) | YES  |     | NULL    |                |
| vlink      | varchar(255) | YES  |     | NULL    |                |
| vendor     | varchar(255) | YES  |     | NULL    |                |
| summary    | text         | YES  |     | NULL    |                |
| details    | text         | YES  |     | NULL    |                |
| created_at | datetime     | NO   |     | NULL    |                |
| updated_at | datetime     | NO   |     | NULL    |                |
+------------+--------------+------+-----+---------+----------------+
12 rows in set (0.00 sec)

Monday, December 3, 2012

how to send mail to a Gmail address using Postfix in localhost

http://souptonuts.sourceforge.net/postfix_tutorial.html

Monitoring a process using monit

[root@FSWWW cg]# vim /usr/local/etc/monitrc




check process StaticScan_files.rb with pidfile /opt/FS_QPID/StaticScan/StaticScan_files.rb.pid
    start program = "/opt/FS_QPID/StaticScan/StaticScan_files_control.rb start" with timeout 60 seconds
    stop program  = "/opt/FS_QPID/StaticScan/StaticScan_files_control.rb stop"
    if cpu > 60% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if totalmem > 200.0 MB for 5 cycles then restart
    if children > 250 then restart
    if loadavg(5min) greater than 10 for 8 cycles then stop

check process query_files.rb with pidfile /opt/FS_QPID/PDF/querystatus/query_files.rb.pid
    start program = "/opt/FS_QPID/PDF/querystatus/query_files_control.rb start" with timeout 60 seconds
    stop program  = "/opt/FS_QPID/PDF/querystatus/query_files_control.rb stop"
    if cpu > 60% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if totalmem > 200.0 MB for 5 cycles then restart
    if children > 250 then restart
    if loadavg(5min) greater than 10 for 8 cycles then stop

check process upload_files.rb with pidfile /opt/FS_QPID/PDF/uploadfile/upload_files.rb.pid
    start program = "/opt/FS_QPID/PDF/uploadfile/upload_files_control.rb start" with timeout 60 seconds
    stop program  = "/opt/FS_QPID/PDF/uploadfile/upload_files_control.rb stop"
    if cpu > 60% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if totalmem > 200.0 MB for 5 cycles then restart
    if children > 250 then restart
    if loadavg(5min) greater than 10 for 8 cycles then stop

rake aborted!

[cg@centos63 virusdepot]$ rake db:create
rake aborted!
Could not find a JavaScript runtime. See https://github.com/sstephenson/execjs for a list of available runtimes.
/home/cg/virusdepot/config/application.rb:7:in `<top (required)>'
/home/cg/virusdepot/Rakefile:5:in `<top (required)>'
(See full trace by running task with --trace)






==============================
solution:
In your gemfile add:
gem 'execjs'
gem 'therubyracer', :platforms => :ruby