root@SS:/# a2enmod rewrite
Module rewrite installed; run /etc/init.d/apache2 force-reload to enable.
root@SS:/# /etc/init.d/apache2 force-reload
Thursday, December 16, 2010
Thursday, November 25, 2010
Adding a startup script to be run at bootup - ubuntu
513 mkdir startup
514 mv iptable-rules.20101124 startup/
515 cd startup/
516 ll
517 vim mybootup.sh
518 ll
519 cp mybootup.sh /etc/init.d/
520 chmod +x /etc/init.d/mybootup.sh
521 update-rc.d mybootup.sh defaults
514 mv iptable-rules.20101124 startup/
515 cd startup/
516 ll
517 vim mybootup.sh
518 ll
519 cp mybootup.sh /etc/init.d/
520 chmod +x /etc/init.d/mybootup.sh
521 update-rc.d mybootup.sh defaults
Tuesday, November 23, 2010
Could not find gem 'mysql2 (>= 0, runtime)' in any of the gem sources listed in your Gemfile.
My OS is ubuntu.
I have issue when I try to run 'rake db:create'.
greg@cm-test:/mydisk/ruby/blog/config$ rake db:create
(in /mydisk/ruby/blog)
Could not find gem 'mysql2 (>= 0, runtime)' in any of the gem sources listed in your Gemfile.
Try running `bundle install`.
Here is what I did to fix this issue
1, find current libmysqlclient for your system. Then install it
greg@cm-test:/mydisk/ruby/blog/config$ sudo apt-get install libmysqlclient15-dev
2, After install mysql lib, need to install gem mysql
greg@cm-test:/mydisk/ruby/blog/config$ sudo gem install mysql -- --with-mysql-config=/usr/bin/mysql_config
You need to find correct path for mysql_config
greg@cm-test:/mydisk/ruby/blog/config$ sudo updatedb
greg@cm-test:/mydisk/ruby/blog/config$ locate mysql_config
3, do bundle all
greg@cm-test:/mydisk/ruby/blog/config$ sudo bundle install
Fetching source index for http://rubygems.org/
Using rake (0.8.7)
Using abstract (1.0.0)
Using activesupport (3.0.3)
Using builder (2.1.2)
Using i18n (0.4.2)
Using activemodel (3.0.3)
Using erubis (2.6.6)
Using rack (1.2.1)
Using rack-mount (0.6.13)
Using rack-test (0.5.6)
Using tzinfo (0.3.23)
Using actionpack (3.0.3)
Using mime-types (1.16)
Using polyglot (0.3.1)
Using treetop (1.4.9)
Using mail (2.2.10)
Using actionmailer (3.0.3)
Using arel (2.0.4)
Using activerecord (3.0.3)
Using activeresource (3.0.3)
Using bundler (1.0.7)
Installing mysql2 (0.2.6) with native extensions
Using thor (0.14.6)
Using railties (3.0.3)
Using rails (3.0.3)
Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed.
greg@cm-test:/mydisk/ruby/blog/config$ bundle show
Gems included by the bundle:
* abstract (1.0.0)
* actionmailer (3.0.3)
* actionpack (3.0.3)
* activemodel (3.0.3)
* activerecord (3.0.3)
* activeresource (3.0.3)
* activesupport (3.0.3)
* arel (2.0.4)
* builder (2.1.2)
* bundler (1.0.7)
* erubis (2.6.6)
* i18n (0.4.2)
* mail (2.2.10)
* mime-types (1.16)
* mysql2 (0.2.6)
* polyglot (0.3.1)
* rack (1.2.1)
* rack-mount (0.6.13)
* rack-test (0.5.6)
* rails (3.0.3)
* railties (3.0.3)
* rake (0.8.7)
* thor (0.14.6)
* treetop (1.4.9)
* tzinfo (0.3.23)
greg@cm-test:/mydisk/ruby/blog/config$ rake db:create
(in /mydisk/ruby/blog)
I have issue when I try to run 'rake db:create'.
greg@cm-test:/mydisk/ruby/blog/config$ rake db:create
(in /mydisk/ruby/blog)
Could not find gem 'mysql2 (>= 0, runtime)' in any of the gem sources listed in your Gemfile.
Try running `bundle install`.
Here is what I did to fix this issue
1, find current libmysqlclient for your system. Then install it
greg@cm-test:/mydisk/ruby/blog/config$ sudo apt-get install libmysqlclient15-dev
2, After install mysql lib, need to install gem mysql
greg@cm-test:/mydisk/ruby/blog/config$ sudo gem install mysql -- --with-mysql-config=/usr/bin/mysql_config
You need to find correct path for mysql_config
greg@cm-test:/mydisk/ruby/blog/config$ sudo updatedb
greg@cm-test:/mydisk/ruby/blog/config$ locate mysql_config
3, do bundle all
greg@cm-test:/mydisk/ruby/blog/config$ sudo bundle install
Fetching source index for http://rubygems.org/
Using rake (0.8.7)
Using abstract (1.0.0)
Using activesupport (3.0.3)
Using builder (2.1.2)
Using i18n (0.4.2)
Using activemodel (3.0.3)
Using erubis (2.6.6)
Using rack (1.2.1)
Using rack-mount (0.6.13)
Using rack-test (0.5.6)
Using tzinfo (0.3.23)
Using actionpack (3.0.3)
Using mime-types (1.16)
Using polyglot (0.3.1)
Using treetop (1.4.9)
Using mail (2.2.10)
Using actionmailer (3.0.3)
Using arel (2.0.4)
Using activerecord (3.0.3)
Using activeresource (3.0.3)
Using bundler (1.0.7)
Installing mysql2 (0.2.6) with native extensions
Using thor (0.14.6)
Using railties (3.0.3)
Using rails (3.0.3)
Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed.
greg@cm-test:/mydisk/ruby/blog/config$ bundle show
Gems included by the bundle:
* abstract (1.0.0)
* actionmailer (3.0.3)
* actionpack (3.0.3)
* activemodel (3.0.3)
* activerecord (3.0.3)
* activeresource (3.0.3)
* activesupport (3.0.3)
* arel (2.0.4)
* builder (2.1.2)
* bundler (1.0.7)
* erubis (2.6.6)
* i18n (0.4.2)
* mail (2.2.10)
* mime-types (1.16)
* mysql2 (0.2.6)
* polyglot (0.3.1)
* rack (1.2.1)
* rack-mount (0.6.13)
* rack-test (0.5.6)
* rails (3.0.3)
* railties (3.0.3)
* rake (0.8.7)
* thor (0.14.6)
* treetop (1.4.9)
* tzinfo (0.3.23)
greg@cm-test:/mydisk/ruby/blog/config$ rake db:create
(in /mydisk/ruby/blog)
Thursday, November 18, 2010
ubuntu add extra sata hard disk
1, fdisk /dev/sdb1
2, mkfs -t ext3 /dev/sdb1
3, mount /dev/sdb1 /mydisk/
2, mkfs -t ext3 /dev/sdb1
3, mount /dev/sdb1 /mydisk/
Wednesday, October 6, 2010
nessus: The remote service supports the use of weak SSL ciphers.
1, test your ssl if support weak ssl
openssl s_client -connect 172.22.113.113:8443 -cipher LOW
2, disable tomcat weak ciphers
In order to achieve this I made a simple change:
in //conf/templates/server.xml I added:
ciphers="SSL_RSA_WITH_RC4_128_MD5" right after sslProtocol = "TLS" and restarted the hyperic server.
openssl s_client -connect 172.22.113.113:8443 -cipher LOW
2, disable tomcat weak ciphers
In order to achieve this I made a simple change:
in /
ciphers="SSL_RSA_WITH_RC4_128_MD5" right after sslProtocol = "TLS" and restarted the hyperic server.
Tuesday, September 28, 2010
enable https in apache
step 1: generate a Private Key
openssl genrsa -des3 -out es.key 1024
step 2: generate a Certificate Signing Request
openssl req -new -key es.key -out es.csr
step 3: send csr to certificate company, like McAfee to generate certificate file
or generate a Self-Signed Certificate by yourself
openssl req -new -key es.key -x509 -out es.crt
step 4: update ssl.conf
Store public key, private key in a folder
[root@aaa ssl2010]# ll
total 44
-rw-r--r-- 1 cdong users 1488 Sep 29 13:39 cnn.com.cer
-rw-r--r-- 1 root root 4203 Sep 29 16:34 es.crt
-rw-r--r-- 1 root root 781 Sep 28 17:26 es.csr
-rw-r--r-- 1 root root 887 Sep 28 17:24 es.key
SSLCertificateFile /usr/local/apache2/conf/ssl2010/cnn.com.cer
SSLCertificateKeyFile /usr/local/apache2/conf/ssl2010/es.key
SSLCertificateChainFile /usr/local/apache2/conf/ssl2010/es.crt
Please be noticed: SSLCertificateChainFile includes 3 certificates - McAfee, RSA and PEM
Tehn reboot apache
/usr/local/apache2/bin/apachectl stop
/usr/local/apache2/bin/apachectl start
Verify public key and private key
1, public key
openssl x509 -noout -text -in es.crt -modulus
2, private key
openssl rsa -noout -text -in es.key -modulus
The "modulus" and "publicExponent" portions in the key and the certificate must match exactly.
openssl genrsa -des3 -out es.key 1024
step 2: generate a Certificate Signing Request
openssl req -new -key es.key -out es.csr
step 3: send csr to certificate company, like McAfee to generate certificate file
or generate a Self-Signed Certificate by yourself
openssl req -new -key es.key -x509 -out es.crt
step 4: update ssl.conf
Store public key, private key in a folder
[root@aaa ssl2010]# ll
total 44
-rw-r--r-- 1 cdong users 1488 Sep 29 13:39 cnn.com.cer
-rw-r--r-- 1 root root 4203 Sep 29 16:34 es.crt
-rw-r--r-- 1 root root 781 Sep 28 17:26 es.csr
-rw-r--r-- 1 root root 887 Sep 28 17:24 es.key
SSLCertificateFile /usr/local/apache2/conf/ssl2010/cnn.com.cer
SSLCertificateKeyFile /usr/local/apache2/conf/ssl2010/es.key
SSLCertificateChainFile /usr/local/apache2/conf/ssl2010/es.crt
Please be noticed: SSLCertificateChainFile includes 3 certificates - McAfee, RSA and PEM
Tehn reboot apache
/usr/local/apache2/bin/apachectl stop
/usr/local/apache2/bin/apachectl start
Verify public key and private key
1, public key
openssl x509 -noout -text -in es.crt -modulus
2, private key
openssl rsa -noout -text -in es.key -modulus
The "modulus" and "publicExponent" portions in the key and the certificate must match exactly.
Wednesday, September 15, 2010
Tuesday, September 7, 2010
restrict users to their home dir in the ssh
http://www.howtoforge.com/chroot_ssh_sftp_debian_etch
Check out your current bash binary:
# ls -la /bin/*bash*
if you see a "bash2" and don't see a sym-link for "rbash" then your system
is ready to be secured. Just create the needed symlink from rbash to
bash2:
# ln -s bash2 rbash
Now simply change your user's login shells in /etc/passwd from /bin/bash to
/bin/rbash
Check out your current bash binary:
# ls -la /bin/*bash*
if you see a "bash2" and don't see a sym-link for "rbash" then your system
is ready to be secured. Just create the needed symlink from rbash to
bash2:
# ln -s bash2 rbash
Now simply change your user's login shells in /etc/passwd from /bin/bash to
/bin/rbash
Thursday, August 12, 2010
mysql add field default
mysql> alter table text_products add plimit int ;
alter table text_products alter plimit set default '500' ;
alter table text_products alter plimit set default '500' ;
Friday, August 6, 2010
enable tomcat https
#! /bin/sh
KEYTOOL=/usr/java/jdk1.6.0_11/bin/keytool
echo "check keytool"
if [ -e $KEYTOOL ]
then
echo "JDK keytool found."
else
echo "/usr/java/jdk1.6.0_11/bin/keytool not found"
exit
fi
echo "install tomat ssl self-signed certificate"
sudo $KEYTOOL -genkey -alias tomcat -keyalg RSA -keystore ntr_new.jks -storepass changeit -keypass changeit -dname "CN=Greg Smith, OU=GF, O=AMP, L=Mountain, ST=VA, C=US" -validity 360
sudo rm /opt/tomcat/ntr.jks
sudo cp ntr_new.jks /opt/tomcat/ntr.jks
sudo rm -f ntr_new.jks
KEYTOOL=/usr/java/jdk1.6.0_11/bin/keytool
echo "check keytool"
if [ -e $KEYTOOL ]
then
echo "JDK keytool found."
else
echo "/usr/java/jdk1.6.0_11/bin/keytool not found"
exit
fi
echo "install tomat ssl self-signed certificate"
sudo $KEYTOOL -genkey -alias tomcat -keyalg RSA -keystore ntr_new.jks -storepass changeit -keypass changeit -dname "CN=Greg Smith, OU=GF, O=AMP, L=Mountain, ST=VA, C=US" -validity 360
sudo rm /opt/tomcat/ntr.jks
sudo cp ntr_new.jks /opt/tomcat/ntr.jks
sudo rm -f ntr_new.jks
Sunday, August 1, 2010
mysql remove hex a0, 0d etc
SELECT TRIM(BOTH 'A0' FROM HEX(CAS)), UNHEX(TRIM(BOTH 'A0' FROM HEX(CAS))), HEX(CAS), CAS
FROM compounds
WHERE CAS REGEXP '[0-9]-[0-9]{2}-[0-9]{1}' AND CAS LIKE '1%' AND mol_id=2100088;
161735-79-1 161735-79-1 161735-79-1 ;
SELECT * FROM compounds WHERE CAS LIKE '%157283-68-6%' ;
31 35 37 32 38 33 2D 36 38 2D 36 A00D
SELECT * FROM compounds WHERE TRIM(CAS) = '161735-79-1' ;
SELECT CAS FROM compounds WHERE TRIM(CAS) LIKE "1%" ;
UPDATE compounds
SET CAS = UNHEX(TRIM(BOTH 'A0' FROM HEX(CAS)))
WHERE uid=21 ;
FROM compounds
WHERE CAS REGEXP '[0-9]-[0-9]{2}-[0-9]{1}' AND CAS LIKE '1%' AND mol_id=2100088;
161735-79-1 161735-79-1 161735-79-1 ;
SELECT * FROM compounds WHERE CAS LIKE '%157283-68-6%' ;
31 35 37 32 38 33 2D 36 38 2D 36 A00D
SELECT * FROM compounds WHERE TRIM(CAS) = '161735-79-1' ;
SELECT CAS FROM compounds WHERE TRIM(CAS) LIKE "1%" ;
UPDATE compounds
SET CAS = UNHEX(TRIM(BOTH 'A0' FROM HEX(CAS)))
WHERE uid=21 ;
Friday, July 30, 2010
redhat network config - ip address mask etc
[root@reloadedOld ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
BROADCAST=x.x.x.191
IPADDR=x.x.x..169
NETMASK=255.255.255.224
NETWORK=x.x.x.160
ONBOOT=yes
TYPE=Ethernet
GATEWAY=x.x.x.161
HWADDR=00:11:25:c4:6a:aa
DEVICE=eth0
BOOTPROTO=none
BROADCAST=x.x.x.191
IPADDR=x.x.x..169
NETMASK=255.255.255.224
NETWORK=x.x.x.160
ONBOOT=yes
TYPE=Ethernet
GATEWAY=x.x.x.161
HWADDR=00:11:25:c4:6a:aa
Thursday, July 29, 2010
Monday, July 12, 2010
show detail table info and drop unique key
mysql> alter table commenting drop key user_ip;
Query OK, 4 rows affected (0.03 sec)
Records: 4 Duplicates: 0 Warnings: 0
mysql> show create table commenting;
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Table | Create Table |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| commenting | CREATE TABLE `commenting` (
`id` int(10) NOT NULL auto_increment,
`product_id` int(10) default NULL,
`user_ip` varchar(15) default NULL,
`uname` varchar(255) default NULL,
`uemail` varchar(160) default NULL,
`comments` text NOT NULL,
`ctime` timestamp NOT NULL default CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=30 DEFAULT CHARSET=latin1 |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
Query OK, 4 rows affected (0.03 sec)
Records: 4 Duplicates: 0 Warnings: 0
mysql> show create table commenting;
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Table | Create Table |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| commenting | CREATE TABLE `commenting` (
`id` int(10) NOT NULL auto_increment,
`product_id` int(10) default NULL,
`user_ip` varchar(15) default NULL,
`uname` varchar(255) default NULL,
`uemail` varchar(160) default NULL,
`comments` text NOT NULL,
`ctime` timestamp NOT NULL default CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=30 DEFAULT CHARSET=latin1 |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
Friday, July 2, 2010
add unique key and show full table
mysql> show create table rating;
+--------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Table | Create Table |
+--------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| rating | CREATE TABLE `rating` (
`id` int(10) NOT NULL auto_increment,
`domain_name` varchar(255) default NULL,
`product_id` int(10) default NULL,
`user_ip` varchar(15) default NULL,
`rate` int(1) default '5',
`comments` text,
PRIMARY KEY (`id`),
UNIQUE KEY `domain_name` (`domain_name`,`product_id`)
) ENGINE=MyISAM AUTO_INCREMENT=369 DEFAULT CHARSET=latin1 |
+--------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> alter table rating add UNIQUE (domain_name, product_id);
+--------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Table | Create Table |
+--------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| rating | CREATE TABLE `rating` (
`id` int(10) NOT NULL auto_increment,
`domain_name` varchar(255) default NULL,
`product_id` int(10) default NULL,
`user_ip` varchar(15) default NULL,
`rate` int(1) default '5',
`comments` text,
PRIMARY KEY (`id`),
UNIQUE KEY `domain_name` (`domain_name`,`product_id`)
) ENGINE=MyISAM AUTO_INCREMENT=369 DEFAULT CHARSET=latin1 |
+--------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> alter table rating add UNIQUE (domain_name, product_id);
Wednesday, June 23, 2010
how to disable directory indexing in ubuntu Apache2, virtual hosting?
1, greg@SS:~$ sudo vim /etc/apache2/sites-available/yourwebsite.com
ServerAdmin xxxxx@gmail.com
ServerName yourwebsite.com
ServerAlias www.yourwebsite.com
DocumentRoot /var/www/vhosts/yourwebsite.com/htdocs
Options -Indexes
ErrorLog /var/www/vhosts/yourwebsite.com/log/error.log
LogLevel warn
CustomLog /var/www/vhosts/yourwebsite.com/log/access.log combined
2, restart apache service
sudo /etc/init.d/apache2 stop
sudo /etc/init.d/apache2 start
ServerAdmin xxxxx@gmail.com
ServerName yourwebsite.com
ServerAlias www.yourwebsite.com
DocumentRoot /var/www/vhosts/yourwebsite.com/htdocs
Options -Indexes
ErrorLog /var/www/vhosts/yourwebsite.com/log/error.log
LogLevel warn
CustomLog /var/www/vhosts/yourwebsite.com/log/access.log combined
2, restart apache service
sudo /etc/init.d/apache2 stop
sudo /etc/init.d/apache2 start
Tuesday, June 22, 2010
Friday, June 18, 2010
linux show yesterday date in shell script
yday=$(date --date "1 day ago" +%Y%m%d)
echo "Backup table CSummary day=$yday"
echo "Backup table CSummary day=$yday"
Thursday, June 3, 2010
how to download yum package
1, install yum downloadonly
yum install yum-downloadonly
2, check the config
vim /etc/yum/pluginconf.d/downloadonly.conf
3, download package
yum install --downloadonly libaio libaio-devel
updatedb
locate libaio-0.3.106-5.i386.rpm
ll /var/cache/yum/base/packages/
4, you will find two packages in this folder
[root@localhost download]# ll /var/cache/yum/base/packages/
total 40
-rw-r--r-- 1 root root 19798 Jun 3 18:06 libaio-0.3.106-5.i386.rpm
-rw-r--r-- 1 root root 11784 Jun 3 18:06 libaio-devel-0.3.106-5.i386.rpm
yum install yum-downloadonly
2, check the config
vim /etc/yum/pluginconf.d/downloadonly.conf
3, download package
yum install --downloadonly libaio libaio-devel
updatedb
locate libaio-0.3.106-5.i386.rpm
ll /var/cache/yum/base/packages/
4, you will find two packages in this folder
[root@localhost download]# ll /var/cache/yum/base/packages/
total 40
-rw-r--r-- 1 root root 19798 Jun 3 18:06 libaio-0.3.106-5.i386.rpm
-rw-r--r-- 1 root root 11784 Jun 3 18:06 libaio-devel-0.3.106-5.i386.rpm
Sunday, May 30, 2010
ie iframe php session lost issues
Problem: IE lost ifrmae php page session when go to next page
Solution:
Add one line before session_start();
header('P3P: CP="CAO PSA OUR"');
session_start();
Solution:
Add one line before session_start();
header('P3P: CP="CAO PSA OUR"');
session_start();
Friday, May 28, 2010
mount USB drive on linux
1, before connect USB do
[root@localhost intel]# fdisk -l
Disk /dev/sda: 80.0 GB, 80000000000 bytes
255 heads, 63 sectors/track, 9726 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 9726 78019672+ 8e Linux LVM
Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 121601 976760001 83 Linux
2, after connect usa drive, do
[root@localhost intel]# fdisk -l
Disk /dev/sda: 80.0 GB, 80000000000 bytes
255 heads, 63 sectors/track, 9726 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 9726 78019672+ 8e Linux LVM
Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 121601 976760001 83 Linux
Disk /dev/sdc: 2030 MB, 2030043136 bytes
63 heads, 62 sectors/track, 1015 cylinders
Units = cylinders of 3906 * 512 = 1999872 bytes
This doesn't look like a partition table
Probably you selected the wrong device.
Device Boot Start End Blocks Id System
/dev/sdc1 ? 773303 773432 253319 e4 SpeedStor
Partition 1 has different physical/logical beginnings (non-Linux?):
phys=(190, 120, 0) logical=(773302, 15, 51)
Partition 1 has different physical/logical endings:
phys=(544, 125, 44) logical=(773431, 60, 24)
Partition 1 does not end on cylinder boundary.
/dev/sdc2 ? 257697 766649 993984023 98 Unknown
Partition 2 has different physical/logical beginnings (non-Linux?):
phys=(1010, 16, 43) logical=(257696, 24, 10)
Partition 2 has different physical/logical endings:
phys=(205, 205, 22) logical=(766648, 48, 55)
Partition 2 does not end on cylinder boundary.
/dev/sdc3 ? 434364 925892 959953209 7d Unknown
Partition 3 has different physical/logical beginnings (non-Linux?):
phys=(252, 139, 46) logical=(434363, 62, 54)
Partition 3 has different physical/logical endings:
phys=(367, 195, 2) logical=(925891, 31, 25)
Partition 3 does not end on cylinder boundary.
/dev/sdc4 ? 1427 3557 4161536 0 Empty
Partition 4 has different physical/logical beginnings (non-Linux?):
phys=(0, 10, 0) logical=(1426, 9, 47)
Partition 4 has different physical/logical endings:
phys=(0, 0, 0) logical=(3556, 62, 52)
Partition 4 does not end on cylinder boundary.
Partition table entries are not in disk order
3,
mount /dev/sdc /flash/
[root@localhost intel]# fdisk -l
Disk /dev/sda: 80.0 GB, 80000000000 bytes
255 heads, 63 sectors/track, 9726 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 9726 78019672+ 8e Linux LVM
Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 121601 976760001 83 Linux
2, after connect usa drive, do
[root@localhost intel]# fdisk -l
Disk /dev/sda: 80.0 GB, 80000000000 bytes
255 heads, 63 sectors/track, 9726 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 9726 78019672+ 8e Linux LVM
Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sdb1 1 121601 976760001 83 Linux
Disk /dev/sdc: 2030 MB, 2030043136 bytes
63 heads, 62 sectors/track, 1015 cylinders
Units = cylinders of 3906 * 512 = 1999872 bytes
This doesn't look like a partition table
Probably you selected the wrong device.
Device Boot Start End Blocks Id System
/dev/sdc1 ? 773303 773432 253319 e4 SpeedStor
Partition 1 has different physical/logical beginnings (non-Linux?):
phys=(190, 120, 0) logical=(773302, 15, 51)
Partition 1 has different physical/logical endings:
phys=(544, 125, 44) logical=(773431, 60, 24)
Partition 1 does not end on cylinder boundary.
/dev/sdc2 ? 257697 766649 993984023 98 Unknown
Partition 2 has different physical/logical beginnings (non-Linux?):
phys=(1010, 16, 43) logical=(257696, 24, 10)
Partition 2 has different physical/logical endings:
phys=(205, 205, 22) logical=(766648, 48, 55)
Partition 2 does not end on cylinder boundary.
/dev/sdc3 ? 434364 925892 959953209 7d Unknown
Partition 3 has different physical/logical beginnings (non-Linux?):
phys=(252, 139, 46) logical=(434363, 62, 54)
Partition 3 has different physical/logical endings:
phys=(367, 195, 2) logical=(925891, 31, 25)
Partition 3 does not end on cylinder boundary.
/dev/sdc4 ? 1427 3557 4161536 0 Empty
Partition 4 has different physical/logical beginnings (non-Linux?):
phys=(0, 10, 0) logical=(1426, 9, 47)
Partition 4 has different physical/logical endings:
phys=(0, 0, 0) logical=(3556, 62, 52)
Partition 4 does not end on cylinder boundary.
Partition table entries are not in disk order
3,
mount /dev/sdc /flash/
Friday, May 21, 2010
mysql remove space, line break etc
select count(*) from compounds as c where 1=1 and c.CAS REGEXP '[0-9]-[0-9]{2}-[0-9]{1}';
update compounds set CAS=REPLACE(CAS, '\r','');
update compounds set CAS=REPLACE(CAS, '\r\n','');
mysql> update chemmolc_customer.compounds set CAS=TRIM(CAS);
mysql> update a.compounds as cc, b.compounds as bc set cc.CAS=bc.CAS where cc.mol_id=bc.mol_id;
update compounds set CAS=REPLACE(CAS, '\r','');
update compounds set CAS=REPLACE(CAS, '\r\n','');
mysql> update chemmolc_customer.compounds set CAS=TRIM(CAS);
mysql> update a.compounds as cc, b.compounds as bc set cc.CAS=bc.CAS where cc.mol_id=bc.mol_id;
linux REGEXP
mysql> select distinct(CAS) from compounds where CAS REGEXP '[0-9]-[0-9]-[0-9]' limit 1000;
Friday, May 14, 2010
mysql php support chinese
$host="localhost";
$usr="xxxxx";
$pwd="xxxxx";
$db="xxxxxx";
$link = mysql_connect($host, $usr, $pwd);
mysql_select_db($db);
mysql_query('SET NAMES "gb2312"');
if( mysql_error() ) { print "Database ERROR: " . mysql_error(); }
$query = "INSERT INTO ch VALUES ('034',convert('浏览器' using gb2312))";
mysql_query($query);
if (mysql_error()) { print "Database ERROR: " . mysql_error(); }
$query="SELECT * FROM ch";
$result=mysql_query($query);
while($row = mysql_fetch_array($result))
{
echo $row['ucs2'] . " || " . $row['gb2312'];
echo "
";
}
?>
$usr="xxxxx";
$pwd="xxxxx";
$db="xxxxxx";
$link = mysql_connect($host, $usr, $pwd);
mysql_select_db($db);
mysql_query('SET NAMES "gb2312"');
if( mysql_error() ) { print "Database ERROR: " . mysql_error(); }
$query = "INSERT INTO ch VALUES ('034',convert('浏览器' using gb2312))";
mysql_query($query);
if (mysql_error()) { print "Database ERROR: " . mysql_error(); }
$query="SELECT * FROM ch";
$result=mysql_query($query);
while($row = mysql_fetch_array($result))
{
echo $row['ucs2'] . " || " . $row['gb2312'];
echo "
";
}
?>
php-mbstring
1002 yum install php-mbstring
1003 httpd -k restart
1004 /etc/init.d/httpd -k restart
1005 /etc/init.d/httpd -k stop
1006 /etc/init.d/httpd stop
1007 /etc/init.d/httpd start
1003 httpd -k restart
1004 /etc/init.d/httpd -k restart
1005 /etc/init.d/httpd -k stop
1006 /etc/init.d/httpd stop
1007 /etc/init.d/httpd start
ubuntu open iptables mysql port
121 iptables -A INPUT -s x.x.x.x -p tcp --dport 3306 -j ACCEPT
122 iptables -L
123 iptables -A INPUT -j REJECT
118 iptables -D INPUT 5
2003 iptables -L INPUT
2004 iptables -L INPUT
2005 iptables -L INPUT 4
2006 iptables -I INPUT 5 -s 71.26.22.12 -p tcp --dport 3306 -j ACCEPT
2007 iptables -L INPUT 5
2008 iptables -L INPUT
2009 iptables -D INPUT 4
2010 iptables -L INPUT
122 iptables -L
123 iptables -A INPUT -j REJECT
118 iptables -D INPUT 5
2003 iptables -L INPUT
2004 iptables -L INPUT
2005 iptables -L INPUT 4
2006 iptables -I INPUT 5 -s 71.26.22.12 -p tcp --dport 3306 -j ACCEPT
2007 iptables -L INPUT 5
2008 iptables -L INPUT
2009 iptables -D INPUT 4
2010 iptables -L INPUT
mysql add chinese support
mysql> alter table compounds add CNameCN varchar(255) CHARACTER SET gb2312 after CName;
Thursday, May 13, 2010
Block brute force attacks with iptables
8 sudo iptables -D INPUT 1
9 sudo iptables -L
10 sudo iptables -D INPUT 1
11 sudo iptables -L
12 sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
13 sudo iptables -L
14 sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
9 sudo iptables -L
10 sudo iptables -D INPUT 1
11 sudo iptables -L
12 sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
13 sudo iptables -L
14 sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
apache support chinese charset
.htaccess
AddType text/html;charset=gb2312 html php
============
cg@SS$ sudo apt-get install xfonts-intl-chinese
AddType text/html;charset=gb2312 html php
============
cg@SS$ sudo apt-get install xfonts-intl-chinese
Thursday, May 6, 2010
Tuesday, April 27, 2010
linux script to print out memory size
head -n1 /proc/meminfo | awk '
BEGIN {}
{ TOTAL = $2; }
END {
print "Total memory: " TOTAL;
}'
BEGIN {}
{ TOTAL = $2; }
END {
print "Total memory: " TOTAL;
}'
Thursday, April 22, 2010
remove "Antispyware soft" virus
1, The virus is in this folder
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe
C:\Documents and Settings\Chang\Local Settings\Application Data
You cannot delete this folder, but you can change the folder name.
Try to rename the folder and reboot your pc.
2, reboot your pc and go to safe mode
3, update your regedit
Here is the reference link:
http://www.2-viruses.com/remove-antispyware-soft
4, fuck Antispyware soft
%Documents and Settings%\[UserName]\Local Settings\Application Data\[random characters ]\[random characters]tssd.exe
C:\Documents and Settings\Chang\Local Settings\Application Data
You cannot delete this folder, but you can change the folder name.
Try to rename the folder and reboot your pc.
2, reboot your pc and go to safe mode
3, update your regedit
Here is the reference link:
http://www.2-viruses.com/remove-antispyware-soft
4, fuck Antispyware soft
Monday, April 19, 2010
dump mysql record into a txt file - under linux
step 1 : create a sql file wg.sql
SELECT signature FROM sig_db.signatures ;
Step 2: create shell script file: wg.sh
mysql -N -u yourusername -pyourpassword sig_db < wg.sql > wg.rules
Step 3: run wg.sh
./wg.sh
SELECT signature FROM sig_db.signatures ;
Step 2: create shell script file: wg.sh
mysql -N -u yourusername -pyourpassword sig_db < wg.sql > wg.rules
Step 3: run wg.sh
./wg.sh
Friday, April 16, 2010
view access log, exclude google and yahoo
grreg@abc:~$ sudo tail -f /var/log/apache2/access.log | grep -v yahoo | grep -v google
Thursday, April 15, 2010
reverse mapping checking getaddrinfo
This is dictionary attack - literally a machine trying to connect and login over and over again using usernames and passwords from a dictionary.
In this situation you can create a collection of firewalling rules which will deny access from remote clients who attempt to connect "too many" times.
If you have an existing firewall in place, using iptables, then adding the rules is very straightforward.
The way the recent module works is fairly straightforward, you basically add IP addresses to a list, which can then be used in the future to test connection attempts against. This allows you to limit the number of connections against either a number of seconds, or connection attempts. In our example we'll do both.
An example is probably the simplest way to illustrate how it works. The following two rules will limit incoming connections to port 22 to no more than 3 attemps in five minutes - an more than that will be dropped:
sudo iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
sudo iptables -L
sudo iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 300 --hitcount 4 -j DROP
============ log file: sudo less /var/log/auth.log ==================
Apr 15 02:10:44 SS sshd[23278]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
Apr 15 02:10:44 SS sshd[23278]: Invalid user rfmngr from 200.123.146.53
Apr 15 02:10:44 SS sshd[23278]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 02:10:44 SS sshd[23278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.123.146.53
Apr 15 02:10:46 SS sshd[23278]: Failed password for invalid user rfmngr from 200.123.146.53 port 46864 ssh2
Apr 15 02:10:47 SS sshd[23281]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
Apr 15 02:10:47 SS sshd[23281]: Invalid user sales from 200.123.146.53
Apr 15 02:10:48 SS sshd[23281]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 02:10:48 SS sshd[23281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.123.146.53
Apr 15 02:10:49 SS sshd[23281]: Failed password for invalid user sales from 200.123.146.53 port 47024 ssh2
Apr 15 02:10:51 SS sshd[23283]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
Apr 15 02:10:51 SS sshd[23283]: Invalid user recruit from 200.123.146.53
Apr 15 02:10:51 SS sshd[23283]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 02:10:51 SS sshd[23283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.123.146.53
Apr 15 02:10:53 SS sshd[23283]: Failed password for invalid user recruit from 200.123.146.53 port 47137 ssh2
Apr 15 02:10:54 SS sshd[23285]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
Apr 15 02:10:54 SS sshd[23285]: Invalid user alias from 200.123.146.53
Apr 15 02:10:54 SS sshd[23285]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 02:10:54 SS sshd[23285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.123.146.53
Apr 15 02:10:56 SS sshd[23285]: Failed password for invalid user alias from 200.123.146.53 port 47248 ssh2
Apr 15 02:10:57 SS sshd[23287]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
Apr 15 02:10:57 SS sshd[23287]: Invalid user office from 200.123.146.53
Apr 15 02:10:57 SS sshd[23287]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 02:10:57 SS sshd[23287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.123.146.53
Apr 15 02:11:00 SS sshd[23287]: Failed password for invalid user office from 200.123.146.53 port 47357 ssh2
Apr 15 02:11:01 SS sshd[23289]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
In this situation you can create a collection of firewalling rules which will deny access from remote clients who attempt to connect "too many" times.
If you have an existing firewall in place, using iptables, then adding the rules is very straightforward.
The way the recent module works is fairly straightforward, you basically add IP addresses to a list, which can then be used in the future to test connection attempts against. This allows you to limit the number of connections against either a number of seconds, or connection attempts. In our example we'll do both.
An example is probably the simplest way to illustrate how it works. The following two rules will limit incoming connections to port 22 to no more than 3 attemps in five minutes - an more than that will be dropped:
sudo iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
sudo iptables -L
sudo iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 300 --hitcount 4 -j DROP
============ log file: sudo less /var/log/auth.log ==================
Apr 15 02:10:44 SS sshd[23278]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
Apr 15 02:10:44 SS sshd[23278]: Invalid user rfmngr from 200.123.146.53
Apr 15 02:10:44 SS sshd[23278]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 02:10:44 SS sshd[23278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.123.146.53
Apr 15 02:10:46 SS sshd[23278]: Failed password for invalid user rfmngr from 200.123.146.53 port 46864 ssh2
Apr 15 02:10:47 SS sshd[23281]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
Apr 15 02:10:47 SS sshd[23281]: Invalid user sales from 200.123.146.53
Apr 15 02:10:48 SS sshd[23281]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 02:10:48 SS sshd[23281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.123.146.53
Apr 15 02:10:49 SS sshd[23281]: Failed password for invalid user sales from 200.123.146.53 port 47024 ssh2
Apr 15 02:10:51 SS sshd[23283]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
Apr 15 02:10:51 SS sshd[23283]: Invalid user recruit from 200.123.146.53
Apr 15 02:10:51 SS sshd[23283]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 02:10:51 SS sshd[23283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.123.146.53
Apr 15 02:10:53 SS sshd[23283]: Failed password for invalid user recruit from 200.123.146.53 port 47137 ssh2
Apr 15 02:10:54 SS sshd[23285]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
Apr 15 02:10:54 SS sshd[23285]: Invalid user alias from 200.123.146.53
Apr 15 02:10:54 SS sshd[23285]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 02:10:54 SS sshd[23285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.123.146.53
Apr 15 02:10:56 SS sshd[23285]: Failed password for invalid user alias from 200.123.146.53 port 47248 ssh2
Apr 15 02:10:57 SS sshd[23287]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
Apr 15 02:10:57 SS sshd[23287]: Invalid user office from 200.123.146.53
Apr 15 02:10:57 SS sshd[23287]: pam_unix(sshd:auth): check pass; user unknown
Apr 15 02:10:57 SS sshd[23287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.123.146.53
Apr 15 02:11:00 SS sshd[23287]: Failed password for invalid user office from 200.123.146.53 port 47357 ssh2
Apr 15 02:11:01 SS sshd[23289]: reverse mapping checking getaddrinfo for customer-static-123-146-53.
Friday, April 9, 2010
install fio - linux check disk IO
1, yum install libaio libaio-devel
2, download and install fio
wget http://freshmeat.net/urls/3aa21b8c106cab742bf1f20d60629e3f
tar zxvf fio-1.38.tar.gz
2, download and install fio
wget http://freshmeat.net/urls/3aa21b8c106cab742bf1f20d60629e3f
tar zxvf fio-1.38.tar.gz
3, cd fio-1.38
make
make install
4, create fio test file
vim random-read-test.fio
fio random-read-test.fio
mkdir /tmp/fio-testing/
mkdir /tmp/fio-testing/data
fio random-read-test.fio
fio random-read-test-aio.fio
=== random-read-test.fio =======
[random-read]
rw=randread
size=128m
directory=/tmp/fio-testing/data
=====random-read-test-aio.fio===
[random-read]
rw=randread
size=128m
directory=/tmp/fio-testing/data
ioengine=libaio
iodepth=8
direct=1
invalidate=1
5, test
fio random-read-test.fio
[root@localhost mcafee]# fio random-read-test.fio
random-read: (g=0): rw=randread, bs=4K-4K/4K-4K, ioengine=sync, iodepth=1
Starting 1 process
random-read: Laying out IO file(s) (1 file(s) / 128MB)
Jobs: 1 (f=1): [r] [100.0% done] [1,588K/0K /s] [387/0 iops] [eta 00m:00s]
random-read: (groupid=0, jobs=1): err= 0: pid=8230
read : io=128MB, bw=1,143KB/s, iops=285, runt=114704msec
clat (usec): min=184, max=54,583, avg=3491.60, stdev=2170.71
bw (KB/s) : min= 760, max= 1612, per=100.09%, avg=1143.00, stdev=80.09
cpu : usr=0.03%, sys=1.75%, ctx=32778, majf=0, minf=32
IO depths : 1=100.0%, 2=0.0%, 4=0.0%, 8=0.0%, 16=0.0%, 32=0.0%, >=64=0.0%
submit : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
complete : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
issued r/w: total=32768/0, short=0/0
lat (usec): 250=3.67%, 500=8.09%, 750=0.87%, 1000=2.25%
lat (msec): 2=13.63%, 4=28.85%, 10=42.39%, 20=0.19%, 50=0.05%
lat (msec): 100=0.01%
Run status group 0 (all jobs):
READ: io=128MB, aggrb=1,142KB/s, minb=1,170KB/s, maxb=1,170KB/s, mint=114704msec, maxt=114704msec
Disk stats (read/write):
dm-0: ios=32743/2373, merge=0/0, ticks=112699/206517, in_queue=319223, util=98.62%, aggrios=0/0, aggrmerge=0/0, aggrticks=0/0, aggrin_queue=0, aggrutil=0.00%
sda: ios=0/0, merge=0/0, ticks=0/0, in_queue=0, util=nan%
[root@localhost mcafee]# fio random-read-test
random-read-test-aio.fio random-read-test.fio
[root@localhost mcafee]# fio random-read-test-aio.fio
random-read: (g=0): rw=randread, bs=4K-4K/4K-4K, ioengine=libaio, iodepth=8
Starting 1 process
Jobs: 1 (f=1): [r] [100.0% done] [5,801K/0K /s] [1K/0 iops] [eta 00m:00s]
random-read: (groupid=0, jobs=1): err= 0: pid=8237
read : io=128MB, bw=5,357KB/s, iops=1,339, runt= 24467msec
slat (usec): min=8, max=39,678, avg=18.37, stdev=295.99
clat (usec): min=5, max=74,765, avg=5943.53, stdev=5904.37
bw (KB/s) : min= 4392, max= 5992, per=99.88%, avg=5350.44, stdev=364.84
cpu : usr=0.04%, sys=7.98%, ctx=30600, majf=0, minf=34
IO depths : 1=0.1%, 2=0.1%, 4=0.1%, 8=100.0%, 16=0.0%, 32=0.0%, >=64=0.0%
submit : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
complete : 0=0.0%, 4=100.0%, 8=0.1%, 16=0.0%, 32=0.0%, 64=0.0%, >=64=0.0%
issued r/w: total=32768/0, short=0/0
lat (usec): 10=0.01%, 250=4.06%, 500=6.07%, 750=1.39%, 1000=2.27%
lat (msec): 2=9.86%, 4=19.62%, 10=40.74%, 20=12.70%, 50=3.21%
lat (msec): 100=0.08%
Run status group 0 (all jobs):
READ: io=128MB, aggrb=5,357KB/s, minb=5,485KB/s, maxb=5,485KB/s, mint=24467msec, maxt=24467msec
Disk stats (read/write):
dm-0: ios=32464/54, merge=0/0, ticks=191666/2553, in_queue=194260, util=99.75%, aggrios=0/0, aggrmerge=0/0, aggrticks=0/0, aggrin_queue=0, aggrutil=0.00%
sda: ios=0/0, merge=0/0, ticks=0/0, in_queue=0, util=nan%
Thursday, April 8, 2010
install pdflib
Step 1: download pdflib lite
wget http://www.pdflib.com/binaries/PDFlib/704/PDFlib-Lite-7.0.4p4.tar.gz
Step 2: install pdflib lite
./configure
make
make install
Step 3: Pecl for PDFlib
wget http://www.pdflib.com/binaries/PDFlib/704/PDFlib-Lite-7.0.4p4.tar.gz
Step 2: install pdflib lite
./configure
make
make install
Step 3: Pecl for PDFlib
install:
install dependences: phpize (php5-dev package)
pecl install pdflib
path to pdflib installation? :/usr/local
Step 4: php.ini
extension=pdf.so
Step 5:
/etc/init.d/apache2 reloadSaturday, March 13, 2010
linux find command - to find file with some content
find files with password under folder /opt/activemq
sudo find /opt/activemq/ -exec grep -l password {} \;
sudo find /opt/SWS_4/ -exec grep -l "sigTypeList" {} \;
find . -name "*.log" | xargs grep "localhost post"
sudo find /opt/activemq/ -exec grep -l password {} \;
sudo find /opt/SWS_4/ -exec grep -l "sigTypeList" {} \;
find . -name "*.log" | xargs grep "localhost post"
Tuesday, March 9, 2010
enable mysql slow query log in my.cnf
Step 1: add following two line under mysqld
[mysqld]
log-slow-queries=/var/log/mysql-slow.log
long_query_time = 10
step 2: create an empty log file and chage the owner
vim /var/log/mysql-slow.log
chown mysql:mysql /var/log/mysql-slow.log
step 3: reboot mysql
/etc/init.d/mysqld stop
/etc/init.d/mysqld start
Saturday, February 27, 2010
ssh scp without password
Issue: How to login (ssh or scp) from your homepc to your remote server without password.
If authorized_keys not exist, this command will create it.
c, change file permission
chmod 700 authorized_keys
You should be able to login to your server without password.
There are some tricks about the account:
In the home box, if your user name is bob, the public key and private key is on /home/bob/.ssh/ folder
If you want to log to remote server using account greg, then copy public key to remote server folder /home/greg/.ssh/
This case only allow home pc bob logon to remote server using greg account.
Solution:
1, in your homepc
bob@homepc ~ $ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa): # Press 'enter' here
Enter passphrase (empty for no passphrase): # Press 'enter' here
Enter same passphrase again: # Press 'enter' here
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
# Entering a password when asked during the key generation processes when prompted would require you to enter a password each time you SSH/SCP to the server which defeats the purpose of this document.
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa): # Press 'enter' here
Enter passphrase (empty for no passphrase): # Press 'enter' here
Enter same passphrase again: # Press 'enter' here
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
# Entering a password when asked during the key generation processes when prompted would require you to enter a password each time you SSH/SCP to the server which defeats the purpose of this document.
DO NOT enter the password
You will find two files generated:
greg
id_dsa id_dsa.pub known_hosts
2, in your remote server
a, go to .ssh folder
cd ~/.ssh
b, add public key into this file authorized_keys
run:
cat id_dsa.pub >> authorized_keys
You will find two files generated:
greg
@cm-test:~/.ssh$ ls
id_dsa id_dsa.pub known_hosts
Then scp
id_dsa.pub to you remote server
scp ~/.ssh/id_dsa.pub bob@yourserver.com:~/.ssh/
2, in your remote server
a, go to .ssh folder
cd ~/.ssh
b, add public key into this file authorized_keys
run:
cat id_dsa.pub >> authorized_keys
If authorized_keys not exist, this command will create it.
c, change file permission
chmod 700 authorized_keys
You should be able to login to your server without password.
There are some tricks about the account:
In the home box, if your user name is bob, the public key and private key is on /home/bob/.ssh/ folder
If you want to log to remote server using account greg, then copy public key to remote server folder /home/greg/.ssh/
This case only allow home pc bob logon to remote server using greg account.
Monday, February 22, 2010
change host name without reboot - redhat
1, update hosts
vim /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 revolutionNew localhost.localdomain localhost
cd /etc/sysconfig/
vim network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=revolutionNew
hostname revolutionNew
4, run
hostname
5, restart network
/etc/init.d/network restart
6, disconnect ssh and relogin
vim /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 revolutionNew localhost.localdomain localhost
2, update network
cd /etc/sysconfig/
vim network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=revolutionNew
3, run
hostname revolutionNew
4, run
hostname
5, restart network
/etc/init.d/network restart
6, disconnect ssh and relogin
Friday, February 19, 2010
how to enable xmlwriter in php
By install php-xml, you may enable it.
[root@localhost html]# yum install php-xml
[root@localhost html]# yum install php-xml
check:
[root@localhost html]# php -m
[PHP Modules]
bz2
calendar
ctype
curl
date
dbase
dom
exif
ftp
gettext
gmp
hash
iconv
libxml
mime_magic
mysql
mysqli
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_sqlite
posix
pspell
Reflection
session
shmop
SimpleXML
sockets
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
wddx
xml
xmlreader
xmlwriter
xsl
zlib
how to redirect root to a specified path?
I want to redirect all incoming traffic from http://www.example.com https://www.example.com
to https://www.example.com/new
Step 1: enable overwrite in httpd.conf
Options FollowSymLinks
#AllowOverride None
AllowOverride all
[root@localhost html]# pwd
vim /var/www/html/.htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 [OR]
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(/)?$ https://www.example.com/new/$1 [R,L]
to https://www.example.com/new
Step 1: enable overwrite in httpd.conf
Options FollowSymLinks
#AllowOverride None
AllowOverride all
Step 2, generate .htaccess under root /
[root@localhost html]# pwd
vim /var/www/html/.htaccess
RewriteEngine On
RewriteCond %{SERVER_PORT} 80 [OR]
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(/)?$ https://www.example.com/new/$1 [R,L]
error message - RewriteEngine not allowed here
If you try to redirect your root to a folder and got this error msg
for example:
redirect www.example.com/ www.example.com/new/
You may update https.conf
Options FollowSymLinks
#AllowOverride None
AllowOverride all
for example:
redirect www.example.com/ www.example.com/new/
You may update https.conf
Options FollowSymLinks
#AllowOverride None
AllowOverride all
mysql create use with read privilege
mysql> CREATE USER 'alice'@'localhost' IDENTIFIED BY 'passw0rd';
Query OK, 0 rows affected (0.07 sec)
mysql> GRANT SELECT ON mydb.* TO 'alice'@'localhost';
Query OK, 0 rows affected (0.01 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
ALL PRIVILEGES:
granT ALL PRIVILEGES on *.* to 'alice'@'localhost';
Query OK, 0 rows affected (0.07 sec)
mysql> GRANT SELECT ON mydb.* TO 'alice'@'localhost';
Query OK, 0 rows affected (0.01 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
ALL PRIVILEGES:
granT ALL PRIVILEGES on *.* to 'alice'@'localhost';
How to Password Protect a Directory on Your Website - linux apache
This is for linux apache only, if you use windows, iis, it doesn't apply your case.
There are two way you can do it.
1, update httpd.conf file.
For example, if you want to protect download folder and your www path is /var/www/html/,
you can add following code into httpd.conf file:
=================================
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/password/downloadpassword
Require valid-user
=================================
After change the file, need to restart the httpd service.
/etc/init.d/httpd restart
You need to restart apache service after you update httpd.conf file every time. Sometimes, it is not easy to restart the service. So, you may use the other way - .htaccess file
2, use .htaccess
If you want to protect this folder /var/www/html/download
create a file .htaccess
vim .htaccess
AuthType Basic
AuthName "Password Required"
AuthUserFile /var/password/downloadpassword
Require valid-user
Options +Indexes
No need to restart httpd service.
Some security hints
1, you should put the password in a different folder, not www public folder
2, if you have to put password file in the same folder, name it with dot ., like .htmypasswd.
There are two way you can do it.
1, update httpd.conf file.
For example, if you want to protect download folder and your www path is /var/www/html/,
you can add following code into httpd.conf file:
=================================
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/password/downloadpassword
Require valid-user
=================================
You need to use htpasswd command to generate a downloadpassword file
htpasswd -c downloadpassword greg
After change the file, need to restart the httpd service.
/etc/init.d/httpd restart
You need to restart apache service after you update httpd.conf file every time. Sometimes, it is not easy to restart the service. So, you may use the other way - .htaccess file
2, use .htaccess
If you want to protect this folder /var/www/html/download
create a file .htaccess
vim .htaccess
AuthType Basic
AuthName "Password Required"
AuthUserFile /var/password/downloadpassword
Require valid-user
Options +Indexes
You need to use htpasswd command to generate a downloadpassword file
htpasswd -c downloadpassword greg
No need to restart httpd service.
Some security hints
1, you should put the password in a different folder, not www public folder
2, if you have to put password file in the same folder, name it with dot ., like .htmypasswd.
htaccess password not working
Make sure Apache is configured to use .htaccess file
Here is the /etc/httpd/conf/httpd.conf
=============================
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride AuthConfig
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
Here is the /etc/httpd/conf/httpd.conf
=============================
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride AuthConfig
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
===============================
After save the file, restart apache httpd service:
[root@localhost try]# /etc/init.d/httpd restart
Wednesday, February 17, 2010
access tomcat on port 80 using mod_proxy
Apache 2 introduces the mod_proxy module. It is a standard module in most modern distros. This module pretty much deprecates the need for mod_jk2. Full documentation for mod_proxy is available.
To setup mod_proxy_ajp add something like the following inside of your Apache config file /etc/httpd/conf/httpd.conf
vim /etc/httpd/conf/httpd.conf
add two lines to the end.
ProxyPass /AMP ajp://127.0.0.1:8009/AMP
ProxyPassReverse /AMP ajp://127.0.0.1:8009/AMP
To setup mod_proxy_ajp add something like the following inside of your Apache config file /etc/httpd/conf/httpd.conf
vim /etc/httpd/conf/httpd.conf
add two lines to the end.
ProxyPass /AMP ajp://127.0.0.1:8009/AMP
ProxyPassReverse /AMP ajp://127.0.0.1:8009/AMP
Tuesday, February 16, 2010
centos install https web server
1, Install the required software
yum install mod_ssl openssl
2, Generate a self-signed certificate
cd /home/greg/
ls
mkdir certificate
cd certificate/
openssl genrsa -out localhost.key 1024
ll
less localhost.key
openssl req -new -key localhost.key -out localhost.csr
ll
openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt
ll
3, copy the files to the correct locations
mv localhost.crt /etc/pki/tls/certs/
ll
mv * /etc/pki/tls/private/
ll
ll /etc/pki/tls/private/
4, Then, update the Apache SSL configuration file
vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
5, restart apache
/etc/init.d/httpd restart
yum install mod_ssl openssl
2, Generate a self-signed certificate
cd /home/greg/
ls
mkdir certificate
cd certificate/
openssl genrsa -out localhost.key 1024
ll
less localhost.key
openssl req -new -key localhost.key -out localhost.csr
ll
openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt
ll
3, copy the files to the correct locations
mv localhost.crt /etc/pki/tls/certs/
ll
mv * /etc/pki/tls/private/
ll
ll /etc/pki/tls/private/
4, Then, update the Apache SSL configuration file
vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
5, restart apache
/etc/init.d/httpd restart
centos open port number 80 for apache in iptables
[root@localhost ~]# vim /etc/sysconfig/iptables
# add this line
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
# add this line
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Tuesday, February 9, 2010
cent os DNS configuration
Can ping ip address, couldn't ping host name, like google.com
vim /etc/resolv.conf
nameserver 192.168.0.1
vim /etc/resolv.conf
nameserver 192.168.0.1
Thursday, February 4, 2010
a easy way to find mysql slow query
There are several ways to find mysql slow query in your scripts.
The easies way is 'show full processlist' in your mysql terminal.
Here is example:
mysql> show full processlist;
+----+--------+----------------------+------+---------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Id | User | Host | db | Command | Time | State | Info |
+----+--------+----------------------+------+---------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 10 | amp | revolution:54088 | amp | Sleep | 9 | NULL | NULL |
| 9 | amp | revolution:54089 | amp | Sleep | 9 | NULL | NULL |
| 11 | amp | revolution:54090 | amp | Query | 1 | Sorting for group | select bottuples0_.sensor_id as col_0_0_, sensor2_.sensorName as col_1_0_, organizati3_.name as col_2_0_, count(distinct bottuples0_.id) as col_3_0_, count(distinct boteventse1_.id) as col_4_0_, max(bottuples0_.day_index) as col_5_0_ from bot_tuples bottuples0_ left outer join bot_events boteventse1_ on bottuples0_.id=boteventse1_.bot_tuple_id, sensors sensor2_, groups organizati3_ where sensor2_.sensorID=bottuples0_.sensor_id and sensor2_.organizationID=organizati3_.organizationID group by bottuples0_.sensor_id order by count(bottuples0_.id) desc |
| 22 | amp | localhost | amp | Sleep | 0 | NULL | NULL |
|
| 40 | amp | localhost | amp | Sleep | 2889 | NULL | NULL |
|
+----+--------+----------------------+------+---------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7 rows in set (0.00 sec)
mysql>
The easies way is 'show full processlist' in your mysql terminal.
Here is example:
mysql> show full processlist;
+----+--------+----------------------+------+---------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Id | User | Host | db | Command | Time | State | Info |
+----+--------+----------------------+------+---------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 10 | amp | revolution:54088 | amp | Sleep | 9 | NULL | NULL |
| 9 | amp | revolution:54089 | amp | Sleep | 9 | NULL | NULL |
| 11 | amp | revolution:54090 | amp | Query | 1 | Sorting for group | select bottuples0_.sensor_id as col_0_0_, sensor2_.sensorName as col_1_0_, organizati3_.name as col_2_0_, count(distinct bottuples0_.id) as col_3_0_, count(distinct boteventse1_.id) as col_4_0_, max(bottuples0_.day_index) as col_5_0_ from bot_tuples bottuples0_ left outer join bot_events boteventse1_ on bottuples0_.id=boteventse1_.bot_tuple_id, sensors sensor2_, groups organizati3_ where sensor2_.sensorID=bottuples0_.sensor_id and sensor2_.organizationID=organizati3_.organizationID group by bottuples0_.sensor_id order by count(bottuples0_.id) desc |
| 22 | amp | localhost | amp | Sleep | 0 | NULL | NULL |
|
| 40 | amp | localhost | amp | Sleep | 2889 | NULL | NULL |
|
+----+--------+----------------------+------+---------+------+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7 rows in set (0.00 sec)
mysql>
Wednesday, February 3, 2010
How to backup gmail using another gmail account?
1, Create a backup email account, for example backup@gmail.com
2, login backup@gmail.com and click "Settings"
3, Click "Accounts", you will see "Get mail from other accounts:
(Download mail using POP3)"
4, click "Add a mail account you own"
5, a popup window will be opened
6, enter your gmail address
7, enter your pop server info
If you use gmail, your user name is full email address
pop server : pop.gmail.com
port :995
check checkbox: Always use a secure connection (SSL) when retrieving mail.
8, click save
That is it.
You may backup other email using gmail too.
2, login backup@gmail.com and click "Settings"
3, Click "Accounts", you will see "Get mail from other accounts:
(Download mail using POP3)"
4, click "Add a mail account you own"
5, a popup window will be opened
6, enter your gmail address
7, enter your pop server info
If you use gmail, your user name is full email address
pop server : pop.gmail.com
port :995
check checkbox: Always use a secure connection (SSL) when retrieving mail.
8, click save
That is it.
You may backup other email using gmail too.
Tuesday, February 2, 2010
Cross Table Update with MySQL
update a table with data from another table
UPDATE compounds AS c , excel AS e
SET c.Price_1 = e.price
WHERE c.catalog_no = e.cno;
update webcas.all_cas as wac, webcas.compounds as wc, pubchem.compounds as pc
set wc.smiles=pc.smiles
where wc.mol_id=wac.id and pc.pub_id=wac.source_id ;
UPDATE compounds AS c , excel AS e
SET c.Price_1 = e.price
WHERE c.catalog_no = e.cno;
update webcas.all_cas as wac, webcas.compounds as wc, pubchem.compounds as pc
set wc.smiles=pc.smiles
where wc.mol_id=wac.id and pc.pub_id=wac.source_id ;
Monday, February 1, 2010
softlink Symbolic link ln linux
ln -s /htdocs/piano/ newpiano
-s soft link
/htdocs/piano/ target folder - real folder
newpiano - logical folder
-s soft link
/htdocs/piano/ target folder - real folder
newpiano - logical folder
linux send attachement email using mutt
mutt -s 'here is subject' -a kl.sql yourmail@gmail.com < yourmailcontent.txt
backup mysql and zip it
mysqldump -u username -ppasswd -h reloaded DBName --ignore-table=tablename | bzip2 -c > /var/backup/mysql/db.sql.bz2
Saturday, January 30, 2010
Friday, January 29, 2010
Thursday, January 28, 2010
tar - extract files into a different folder
If you want to extract file into a different folder, using -C option
tar -C test -zxvf SWS-4.7.7.r945.tgz
All files extract to folder test
tar -C test -zxvf SWS-4.7.7.r945.tgz
All files extract to folder test
grep not match option
show the modified files in the past 24 hours, not including log file, or tmp file
find /var/www/ -mtime -1 | grep -v log | grep -v tmp
find /var/www/ -mtime -1 | grep -v log | grep -v tmp
Tuesday, January 26, 2010
linux command sendmail with subject
If you send mail using sendmail command, there is no option for subject.
For example:
sendmail -F "system admin" -t "youself@gmail.com" < security.logHere is the trick how to using sendmail command to send mail with subject1, create your log file which you want to email to yourselfadd following line in the front of log file=====================#!/bin/shecho "From: system admin" > security.log
echo "To: youself@gmail.com" >> security.log
echo "Subject: security log" >> security.log
2, using this command to send mail
sendmail -oi -t < security.log
For example:
sendmail -F "system admin" -t "youself@gmail.com" < security.logHere is the trick how to using sendmail command to send mail with subject1, create your log file which you want to email to yourselfadd following line in the front of log file=====================#!/bin/shecho "From: system admin" > security.log
echo "To: youself@gmail.com" >> security.log
echo "Subject: security log" >> security.log
2, using this command to send mail
sendmail -oi -t < security.log
view log file dynamically - linux , tail
If you want to see real time changes, use -f option
sudo tail /var/log/auth.log -f
sudo tail /var/log/auth.log -f
Monday, January 25, 2010
linux - disable or remove a user account
1, delete an account - you need root privileges
/usr/sbin/userdel jason
check /etc/passwd
this guy should be deleted permanently
2, delete this account home directory
rm -Rf /home/jason/
3, disable/lock an account
passwd jason -l
and unlock it with
passwd jason -u
/usr/sbin/userdel jason
check /etc/passwd
this guy should be deleted permanently
2, delete this account home directory
rm -Rf /home/jason/
3, disable/lock an account
passwd jason -l
and unlock it with
passwd jason -u
scp a folder
use -r option
[dad@revolution ~]# scp -r /usr/local/apache2/htdocs/RR/site/download/* dad@walker:/var/www/html/downloads/
[dad@revolution ~]# scp -r /usr/local/apache2/htdocs/RR/site/download/* dad@walker:/var/www/html/downloads/
zip a folder using tar
To tar a folder with all sub-folders and files
tar czf /path/zipfilename.tgz myfolder
tar czf /path/zipfilename.tgz myfolder
Saturday, January 23, 2010
mysql : insert timestamp automatically
If you want to generate timestamp automatically in your table,
save a field as timestamp, and default valur is CURRENT_TIMESTAMP.
CREATE TABLE `news` (
`nid` int(10) NOT NULL auto_increment,
`ntitle` varchar(255) NOT NULL default '',
`ctime` timestamp NOT NULL default CURRENT_TIMESTAMP,
`active` int(1) NOT NULL default '0',
`ndesc` text NOT NULL,
PRIMARY KEY (`nid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1
save a field as timestamp, and default valur is CURRENT_TIMESTAMP.
CREATE TABLE `news` (
`nid` int(10) NOT NULL auto_increment,
`ntitle` varchar(255) NOT NULL default '',
`ctime` timestamp NOT NULL default CURRENT_TIMESTAMP,
`active` int(1) NOT NULL default '0',
`ndesc` text NOT NULL,
PRIMARY KEY (`nid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1
Friday, January 22, 2010
Cent OS - DNS config
Issue:
Couldn't ping google.com, but can ping its ip address directly.
Solution: no DNS config
Open this file
vim /etc/resolv.conf
add:
nameserver 208.67.222.222 # change it to your DNS ip address
You don't need restart any service after change.
You should be able to ping google.com now.
Couldn't ping google.com, but can ping its ip address directly.
Solution: no DNS config
Open this file
vim /etc/resolv.conf
add:
nameserver 208.67.222.222 # change it to your DNS ip address
You don't need restart any service after change.
You should be able to ping google.com now.
DO NOT allow root to login remotely
Most of hackers or bots try to login your system using root account.
Here are my login log for today.
Jan 22 07:33:12 SS sshd[27679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:14 SS sshd[27679]: Failed password for root from 125.100.27.36 port 33058 ssh2
Jan 22 07:33:16 SS sshd[27681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:17 SS sshd[27681]: Failed password for root from 125.100.27.36 port 33251 ssh2
Jan 22 07:33:19 SS sshd[27683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:21 SS sshd[27683]: Failed password for root from 125.100.27.36 port 33652 ssh2
Jan 22 07:33:22 SS sshd[27685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:24 SS sshd[27685]: Failed password for root from 125.100.27.36 port 34040 ssh2
Jan 22 07:33:25 SS sshd[27687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:28 SS sshd[27687]: Failed password for root from 125.100.27.36 port 34421 ssh2
Jan 22 07:33:29 SS sshd[27689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:31 SS sshd[27689]: Failed password for root from 125.100.27.36 port 34794 ssh2
Jan 22 07:33:33 SS sshd[27691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:35 SS sshd[27691]: Failed password for root from 125.100.27.36 port 35120 ssh2
Jan 22 07:33:36 SS sshd[27693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:38 SS sshd[27693]: Failed password for root from 125.100.27.36 port 35430 ssh2
Jan 22 07:33:40 SS sshd[27695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:42 SS sshd[27695]: Failed password for root from 125.100.27.36 port 35781 ssh2
Jan 22 07:33:43 SS sshd[27697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:46 SS sshd[27697]: Failed password for root from 125.100.27.36 port 36107 ssh2
Jan 22 07:33:47 SS sshd[27699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:49 SS sshd[27699]: Failed password for root from 125.100.27.36 port 36419 ssh2
Jan 22 07:33:50 SS sshd[27701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:52 SS sshd[27701]: Failed password for root from 125.100.27.36 port 36732 ssh2
Jan 22 07:33:54 SS sshd[27703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:56 SS sshd[27703]: Failed password for root from 125.100.27.36 port 37035 ssh2
So, for security reason, disable root remote login and choose a strong user name and password.
Here are my login log for today.
Jan 22 07:33:12 SS sshd[27679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:14 SS sshd[27679]: Failed password for root from 125.100.27.36 port 33058 ssh2
Jan 22 07:33:16 SS sshd[27681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:17 SS sshd[27681]: Failed password for root from 125.100.27.36 port 33251 ssh2
Jan 22 07:33:19 SS sshd[27683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:21 SS sshd[27683]: Failed password for root from 125.100.27.36 port 33652 ssh2
Jan 22 07:33:22 SS sshd[27685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:24 SS sshd[27685]: Failed password for root from 125.100.27.36 port 34040 ssh2
Jan 22 07:33:25 SS sshd[27687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:28 SS sshd[27687]: Failed password for root from 125.100.27.36 port 34421 ssh2
Jan 22 07:33:29 SS sshd[27689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:31 SS sshd[27689]: Failed password for root from 125.100.27.36 port 34794 ssh2
Jan 22 07:33:33 SS sshd[27691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:35 SS sshd[27691]: Failed password for root from 125.100.27.36 port 35120 ssh2
Jan 22 07:33:36 SS sshd[27693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:38 SS sshd[27693]: Failed password for root from 125.100.27.36 port 35430 ssh2
Jan 22 07:33:40 SS sshd[27695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:42 SS sshd[27695]: Failed password for root from 125.100.27.36 port 35781 ssh2
Jan 22 07:33:43 SS sshd[27697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:46 SS sshd[27697]: Failed password for root from 125.100.27.36 port 36107 ssh2
Jan 22 07:33:47 SS sshd[27699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:49 SS sshd[27699]: Failed password for root from 125.100.27.36 port 36419 ssh2
Jan 22 07:33:50 SS sshd[27701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:52 SS sshd[27701]: Failed password for root from 125.100.27.36 port 36732 ssh2
Jan 22 07:33:54 SS sshd[27703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.100.27.36 user=root
Jan 22 07:33:56 SS sshd[27703]: Failed password for root from 125.100.27.36 port 37035 ssh2
So, for security reason, disable root remote login and choose a strong user name and password.
Thursday, January 21, 2010
Who is currently logged in? - linux
Who is currently logged in?
who: lists all users currently in the system.
last: list login/logout history
lastb: list all the bad / failed login attempts
lastlog: show the last time somebody logged into the system
who: lists all users currently in the system.
last: list login/logout history
lastb: list all the bad / failed login attempts
lastlog: show the last time somebody logged into the system
Harden Fedora box
1, patch your system
[root@testvm testvm.localdomain.Log]# yum update
2, Disable root ssh login
Make /etc/ssh/sshd_config contain the line:
PermitRootLogin no
and restart your SSH daemon:
# /etc/init.d/sshd restart
3, Prevent trivial root console break-in (Linux only)
Add the following line to the file /etc/inittab right after the line referencing /etc/rc.d/rc.sysinit
ss:S:respawn:/sbin/sulogin
4 Enable password aging on Linux systems
By editing /etc/login.defs, you can specify a few parameters to set the default settings for password aging:
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
[root@testvm testvm.localdomain.Log]# yum update
2, Disable root ssh login
Make /etc/ssh/sshd_config contain the line:
PermitRootLogin no
and restart your SSH daemon:
# /etc/init.d/sshd restart
3, Prevent trivial root console break-in (Linux only)
Add the following line to the file /etc/inittab right after the line referencing /etc/rc.d/rc.sysinit
ss:S:respawn:/sbin/sulogin
4 Enable password aging on Linux systems
By editing /etc/login.defs, you can specify a few parameters to set the default settings for password aging:
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
How to check if hacker try to hack your site - Ubuntu?
1, Check the log
less /var/log/auth.log
Here is part of this file
Jan 21 02:57:52 SS sshd[7749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:57:54 SS sshd[7749]: Failed password for root from 222.73.68.164 port 47502 ssh2
Jan 21 02:57:57 SS sshd[7751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:57:58 SS sshd[7751]: Failed password for root from 222.73.68.164 port 47809 ssh2
Jan 21 02:58:00 SS sshd[7753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:02 SS sshd[7753]: Failed password for root from 222.73.68.164 port 48078 ssh2
Jan 21 02:58:05 SS sshd[7755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:07 SS sshd[7755]: Failed password for root from 222.73.68.164 port 48385 ssh2
Jan 21 02:58:09 SS sshd[7757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:11 SS sshd[7757]: Failed password for root from 222.73.68.164 port 48674 ssh2
Jan 21 02:58:13 SS sshd[7759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:15 SS sshd[7759]: Failed password for root from 222.73.68.164 port 48969 ssh2
Jan 21 02:58:17 SS sshd[7761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:19 SS sshd[7761]: Failed password for root from 222.73.68.164 port 49265 ssh2
Jan 21 02:58:21 SS sshd[7763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:23 SS sshd[7763]: Failed password for root from 222.73.68.164 port 49572 ssh2
Jan 21 02:58:30 SS sshd[7765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:32 SS sshd[7765]: Failed password for root from 222.73.68.164 port 49857 ssh2
Jan 21 02:58:34 SS sshd[7767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:36 SS sshd[7767]: Failed password for root from 222.73.68.164 port 50415 ssh2
You can see this guy 222.73.68.164 try to logon to my server using ssh.
I am not going to blame this guy, because he mostly is a victim.
2, file system integrity check
Using linux command find to find which files have been changed in the past 24 hours
find /var/www/ -mmin -1440 | more
3, send this log to you
You may want to receive this log by email.
First, save find result to a file
find /var/www/ -mmin -1440 > file_changed
Second, email this log file to you
"/usr/sbin/sendmail -v 'xxxxxxxx@gmail.com' < file_changed"
less /var/log/auth.log
Here is part of this file
Jan 21 02:57:52 SS sshd[7749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:57:54 SS sshd[7749]: Failed password for root from 222.73.68.164 port 47502 ssh2
Jan 21 02:57:57 SS sshd[7751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:57:58 SS sshd[7751]: Failed password for root from 222.73.68.164 port 47809 ssh2
Jan 21 02:58:00 SS sshd[7753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:02 SS sshd[7753]: Failed password for root from 222.73.68.164 port 48078 ssh2
Jan 21 02:58:05 SS sshd[7755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:07 SS sshd[7755]: Failed password for root from 222.73.68.164 port 48385 ssh2
Jan 21 02:58:09 SS sshd[7757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:11 SS sshd[7757]: Failed password for root from 222.73.68.164 port 48674 ssh2
Jan 21 02:58:13 SS sshd[7759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:15 SS sshd[7759]: Failed password for root from 222.73.68.164 port 48969 ssh2
Jan 21 02:58:17 SS sshd[7761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:19 SS sshd[7761]: Failed password for root from 222.73.68.164 port 49265 ssh2
Jan 21 02:58:21 SS sshd[7763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:23 SS sshd[7763]: Failed password for root from 222.73.68.164 port 49572 ssh2
Jan 21 02:58:30 SS sshd[7765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:32 SS sshd[7765]: Failed password for root from 222.73.68.164 port 49857 ssh2
Jan 21 02:58:34 SS sshd[7767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.68.164 user=root
Jan 21 02:58:36 SS sshd[7767]: Failed password for root from 222.73.68.164 port 50415 ssh2
You can see this guy 222.73.68.164 try to logon to my server using ssh.
I am not going to blame this guy, because he mostly is a victim.
2, file system integrity check
Using linux command find to find which files have been changed in the past 24 hours
find /var/www/ -mmin -1440 | more
3, send this log to you
You may want to receive this log by email.
First, save find result to a file
find /var/www/ -mmin -1440 > file_changed
Second, email this log file to you
"/usr/sbin/sendmail -v 'xxxxxxxx@gmail.com' < file_changed"
Cent OS Sendmail issue
Issue:Connection refused by [127.0.0.1]
less /var/log/maillog
ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=35380, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by
lass=0, nrcpts=1, msgid=<201001202215.o0kmf2gf024136@localhost.localdomain>, relay=root@localhost
(0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30705, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Test:
/usr/sbin/sendmail -v 'xxxxxxx@gmail.com' < anytextfile.txt
Solution:
modify under /etc/mail/sendmail.mc and check.
comment out the line below by prepending it with 'dnl", like so:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
restart the services with 'service sendmail restart' and check.
less /var/log/maillog
ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=35380, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by
lass=0, nrcpts=1, msgid=<201001202215.o0kmf2gf024136@localhost.localdomain>, relay=root@localhost
(0/0), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=30705, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Test:
/usr/sbin/sendmail -v 'xxxxxxx@gmail.com' < anytextfile.txt
Solution:
modify under /etc/mail/sendmail.mc and check.
comment out the line below by prepending it with 'dnl", like so:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
restart the services with 'service sendmail restart' and check.
Subscribe to:
Posts (Atom)