Issue:
possible SYN flooding on port 80.
internal dummy connection
1, original rules
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
Canon PIXMA iX6520 Inkjet Business Printer 4895B002 (Google Affiliate Ad)
COMMIT
1, iptables rules
# Generated by iptables-save v1.4.7 on Wed Dec 26 16:40:57 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [68044:6930314]
:syn_flood - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A syn_flood -m limit --limit 1/sec --limit-burst 3 -j RETURN
-A syn_flood -j DROP
COMMIT
Wednesday, December 26, 2012
Tuesday, December 25, 2012
install cuckoo 5.0
1, install magic
Magic (Optional): for identifying files’ formats (otherwise use “file” command line utility)
2, install bottle
sudo easy_install -U bottle
bottle.py --version
Bottle 0.11.4
3, install mongoDB
sudo easy_install pymongo
Magic (Optional): for identifying files’ formats (otherwise use “file” command line utility)
2, install bottle
sudo easy_install -U bottle
bottle.py --version
Bottle 0.11.4
3, install mongoDB
sudo easy_install pymongo
Tuesday, December 11, 2012
ssh: Could not resolve hostname note2: Name or service not known
need to add node2.home
127.0.0.1 note1 localhost localhost.localdomain
::1 note1 localhost localhost.localdomain
192.168.1.239 node1.home node1
192.168.1.238 node2.home note2
127.0.0.1 note1 localhost localhost.localdomain
::1 note1 localhost localhost.localdomain
192.168.1.239 node1.home node1
192.168.1.238 node2.home note2
hadoop tutorial
single node
http://www.michael-noll.com/tutorials/running-hadoop-on-ubuntu-linux-single-node-cluster/
http://www.michael-noll.com/tutorials/running-hadoop-on-ubuntu-linux-single-node-cluster/
Multi-Node Cluster
http://www.michael-noll.com/tutorials/running-hadoop-on-ubuntu-linux-multi-node-cluster/Wednesday, December 5, 2012
ruby dbi error : uninitialized constant Mysql::Driver
need to install dbd-mysql
[cg@centos63 webbot]$ sudo gem install dbd-mysql
[cg@centos63 webbot]$ sudo gem install dbd-mysql
2.1 Make the file under certain folder not accessable directly
.htaccess
We
can modify the .htaccess file to achieve this.
RewriteEngine
On
Options
–Indexes
RewriteRule
^(.+)$ /access_file.php [L,R]
Make sure access_file.php is not in the same folder;
otherwise it will generate a redirect loop
Tuesday, December 4, 2012
libxml2 is missing - install nokogiri - centos
[cg@centos63 webbot]$ sudo yum install libxml2-devel libxslt-devel
[cg@centos63 webbot]$ sudo /usr/local/bin/gem install nokogiri
Building native extensions. This could take a while...
Successfully installed nokogiri-1.5.5
1 gem installed
Installing ri documentation for nokogiri-1.5.5...
Installing RDoc documentation for nokogiri-1.5.5...
[cg@centos63 webbot]$ sudo /usr/local/bin/gem install nokogiri
Building native extensions. This could take a while...
Successfully installed nokogiri-1.5.5
1 gem installed
Installing ri documentation for nokogiri-1.5.5...
Installing RDoc documentation for nokogiri-1.5.5...
ruby - create a resource / table
[cg@centos63 virusdepot]$ rails generate scaffold Viursdb id:integer docid:integer severity:string vname:string vtype:string discovered:string vlink:string vendor:string summary:text details:text
[cg@centos63 virusdepot]$ rake db:migrate
== CreateViursdbs: migrating =================================================
-- create_table(:viursdbs)
-> 0.1339s
== CreateViursdbs: migrated (0.1342s) ========================================
mysql> desc viursdbs;
+------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------+--------------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| docid | int(11) | YES | | NULL | |
| severity | varchar(255) | YES | | NULL | |
| vname | varchar(255) | YES | | NULL | |
| vtype | varchar(255) | YES | | NULL | |
| discovered | varchar(255) | YES | | NULL | |
| vlink | varchar(255) | YES | | NULL | |
| vendor | varchar(255) | YES | | NULL | |
| summary | text | YES | | NULL | |
| details | text | YES | | NULL | |
| created_at | datetime | NO | | NULL | |
| updated_at | datetime | NO | | NULL | |
+------------+--------------+------+-----+---------+----------------+
12 rows in set (0.00 sec)
[cg@centos63 virusdepot]$ rake db:migrate
== CreateViursdbs: migrating =================================================
-- create_table(:viursdbs)
-> 0.1339s
== CreateViursdbs: migrated (0.1342s) ========================================
mysql> desc viursdbs;
+------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------+--------------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| docid | int(11) | YES | | NULL | |
| severity | varchar(255) | YES | | NULL | |
| vname | varchar(255) | YES | | NULL | |
| vtype | varchar(255) | YES | | NULL | |
| discovered | varchar(255) | YES | | NULL | |
| vlink | varchar(255) | YES | | NULL | |
| vendor | varchar(255) | YES | | NULL | |
| summary | text | YES | | NULL | |
| details | text | YES | | NULL | |
| created_at | datetime | NO | | NULL | |
| updated_at | datetime | NO | | NULL | |
+------------+--------------+------+-----+---------+----------------+
12 rows in set (0.00 sec)
Monday, December 3, 2012
how to send mail to a Gmail address using Postfix in localhost
http://souptonuts.sourceforge.net/postfix_tutorial.html
Monitoring a process using monit
[root@FSWWW cg]# vim /usr/local/etc/monitrc
check process StaticScan_files.rb with pidfile /opt/FS_QPID/StaticScan/StaticScan_files.rb.pid
start program = "/opt/FS_QPID/StaticScan/StaticScan_files_control.rb start" with timeout 60 seconds
stop program = "/opt/FS_QPID/StaticScan/StaticScan_files_control.rb stop"
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
check process query_files.rb with pidfile /opt/FS_QPID/PDF/querystatus/query_files.rb.pid
start program = "/opt/FS_QPID/PDF/querystatus/query_files_control.rb start" with timeout 60 seconds
stop program = "/opt/FS_QPID/PDF/querystatus/query_files_control.rb stop"
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
check process upload_files.rb with pidfile /opt/FS_QPID/PDF/uploadfile/upload_files.rb.pid
start program = "/opt/FS_QPID/PDF/uploadfile/upload_files_control.rb start" with timeout 60 seconds
stop program = "/opt/FS_QPID/PDF/uploadfile/upload_files_control.rb stop"
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
check process StaticScan_files.rb with pidfile /opt/FS_QPID/StaticScan/StaticScan_files.rb.pid
start program = "/opt/FS_QPID/StaticScan/StaticScan_files_control.rb start" with timeout 60 seconds
stop program = "/opt/FS_QPID/StaticScan/StaticScan_files_control.rb stop"
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
check process query_files.rb with pidfile /opt/FS_QPID/PDF/querystatus/query_files.rb.pid
start program = "/opt/FS_QPID/PDF/querystatus/query_files_control.rb start" with timeout 60 seconds
stop program = "/opt/FS_QPID/PDF/querystatus/query_files_control.rb stop"
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
check process upload_files.rb with pidfile /opt/FS_QPID/PDF/uploadfile/upload_files.rb.pid
start program = "/opt/FS_QPID/PDF/uploadfile/upload_files_control.rb start" with timeout 60 seconds
stop program = "/opt/FS_QPID/PDF/uploadfile/upload_files_control.rb stop"
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if totalmem > 200.0 MB for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
rake aborted!
[cg@centos63 virusdepot]$ rake db:create
rake aborted!
Could not find a JavaScript runtime. See https://github.com/sstephenson/execjs for a list of available runtimes.
/home/cg/virusdepot/config/application.rb:7:in `<top (required)>'
/home/cg/virusdepot/Rakefile:5:in `<top (required)>'
(See full trace by running task with --trace)
==============================
solution:
rake aborted!
Could not find a JavaScript runtime. See https://github.com/sstephenson/execjs for a list of available runtimes.
/home/cg/virusdepot/config/application.rb:7:in `<top (required)>'
/home/cg/virusdepot/Rakefile:5:in `<top (required)>'
(See full trace by running task with --trace)
==============================
solution:
In your gemfile add:
gem 'execjs'
gem 'therubyracer', :platforms => :ruby
Subscribe to:
Posts (Atom)