August 16, 2012

How To Delete/Remove Blocked IP From DenyHosts

1. First you need to stop Denyhosts service, by following command.
[root@geopc ~]# /etc/init.d/denyhosts stop
2. Next open file /etc/hosts.deny with below command.
[root@geopc ~]# vi /etc/hosts.deny
3. Delete blocked IP address, then save and close above file.
4. Now go to directory called /usr/share/denyhosts/data or /var/lib/denyhosts/
[root@geopc ~]# cd /usr/share/denyhosts/data
5. Next you need to delete blocked IP from all below following files with help of vi editor.
[root@geopc ~]# vi hosts
[root@geopc ~]# vi hosts-restricted
[root@geopc ~]# vi hosts-root
[root@geopc ~]# vi hosts-valid
[root@geopc ~]# vi users-hosts
6. Once you removed your blocked IP from all above files, then start Denyhosts service.
[root@geopc data]# /etc/init.d/denyhosts start

July 26, 2012

Connecting to a MySQL server from a different server

Connecting to a MySQL server from a different domain

 

Step # 1: Login Using SSH (if server is outside your data center)

First, login over ssh to remote MySQL database server:

Step # 2: Edit my.cnf File

Once connected you need to edit the MySQL server configuration file my.cnf using a text editor such as vi.
  • If you are using Debian Linux file is located at /etc/mysql/my.cnf location
  • If you are using Red Hat Linux/Fedora/Centos Linux file is located at /etc/my.cnf location
  • If you are using FreeBSD you need to create a file /var/db/mysql/my.cnf
Edit /etc/my.cnf, run:
# vi /etc/my.cnf

Step # 3: Once file opened, locate line that read as follows

[mysqld] 
Make sure line skip-networking is commented (or remove line) and add following line
bind-address=YOUR-SERVER-IP
For example, if your MySQL server IP is 65.55.55.2 then entire block should be look like as follows:
[mysqld]
user            = mysql
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
port            = 3306
basedir         = /usr
datadir         = /var/lib/mysql
tmpdir          = /tmp
language        = /usr/share/mysql/English
bind-address    = 65.55.55.2
# skip-networking
....
..
....
Where,
  • bind-address : IP address to bind to.
  • skip-networking : Don’t listen for TCP/IP connections at all. All interaction with mysqld must be made via Unix sockets. This option is highly recommended for systems where only local requests are allowed. Since you need to allow remote connection this line should be removed from my.cnf or put it in comment state.

Step# 4 Save and Close the file

If you are using Debian / Ubuntu Linux, type the following command to restart the mysql server:
# /etc/init.d/mysql restart
If you are using RHEL / CentOS / Fedora / Scientific Linux, type the following command to restart the mysql server:
# /etc/init.d/mysqld restart
If you are using FreeBSD, type the following command to restart the mysql server:
# /usr/local/etc/rc.d/mysql-server stop
# /usr/local/etc/rc.d/mysql-server start

OR
# /usr/local/etc/rc.d/mysql-server restart

Step # 5 Grant access to remote IP address

Connect to mysql server:
$ mysql -u root -p mysql

Grant access to a new database

If you want to add a new database called foo for user bar and remote IP 202.54.10.20 then you need to type the following commands at mysql> prompt:mysql> CREATE DATABASE foo;
mysql> GRANT ALL ON foo.* TO bar@'202.51.10.20' IDENTIFIED BY 'PASSWORD';

How Do I Grant Access To An Existing Database?

Let us assume that you are always making connection from remote IP called 202.54.10.20 for database called webdb for user webadmin, To grant access to this IP address type the following command At mysql> prompt for existing database, enter:
mysql> update db set Host='202.54.10.20' where Db='webdb';
mysql> update user set Host='202.54.10.20' where user='webadmin';

Step # 6: Logout of MySQL

Type exit command to logout mysql:mysql> exit

Step # 7: Open port 3306

You need to open TCP port 3306 using iptables or BSD pf firewall.

A sample iptables rule to open Linux iptables firewall

/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT
OR only allow remote connection from your web server located at 10.5.1.3:
/sbin/iptables -A INPUT -i eth0 -s 10.5.1.3 -p tcp --destination-port 3306 -j ACCEPT
OR only allow remote connection from your lan subnet 192.168.1.0/24:
/sbin/iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --destination-port 3306 -j ACCEPT
Finally save all rules (RHEL / CentOS specific command):
# service iptables save

A sample FreeBSD / OpenBSD pf rule ( /etc/pf.conf)

pass in on $ext_if proto tcp from any to any port 3306
OR allow only access from your web server located at 10.5.1.3:
pass in on $ext_if proto tcp from 10.5.1.3 to any port 3306  flags S/SA synproxy state

Step # 8: Test it

From your remote system or your desktop type the following command:
$ mysql -u webadmin –h 65.55.55.2 –p
Where,
  • -u webadmin: webadmin is MySQL username
  • -h IP or hostname: 65.55.55.2 is MySQL server IP address or hostname (FQDN)
  • -p : Prompt for password
You can also use the telnet or nc command to connect to port 3306 for testing purpose:
$ echo X | telnet -e X 65.55.55.2 3306
OR
$ nc -z -w1 65.55.55.2 3306
Sample outputs:
Connection to 65.55.55.2 3306 port [tcp/mysql] succeeded!

 

 

 

April 18, 2012

Access Your MySQL Server Remotely Over SSH

Access Your MySQL Server Remotely Over SSH

So you’ve got MySQL on your web server, but it’s only opened to local ports by default for security reasons. If you want to access your database from a client tool like the MySQL Query Browser, normally you’d have to open up access from your local IP address… but that’s not nearly as secure.

So instead, we’ll just use port-forwarding through an SSH tunnel, so your MySQL client thinks it’s connecting to your localhost machine, but it’s really connecting to the other server through the tunnel.

You will need the following software:

Putty:
You can download putty from the url: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Run the downloaded putty.exe file. You will get a window like this and enter the Hostname or IP Address.

For eg:
Hostname or IP Address: 10.5.7.51

Now click open

You will get a session and for saving that session right click on windows and take Change Settings as shown below:

Below Saved Sessions enter any name for eg: mysql-ssh and click on save.

Now again take putty and click on whichever connection name you wish to use for the secure tunnel.

Click "Load"
Go to Connection > SSH > Tunnels

Enter MySQL connection information

The "Source port" is the local port your MySQL Administrator will connect to instead of the remote (server) port it normally would. This can be any port and we can use .
The "Desitination" is the address and port of your actual MySQL Server. But since your SSH connection will be considered "local" to your MySQL Server, you should use either "127.0.0.1" or "localhost" depending on what works best. Then specify your mysql port so that Destination will be as follows:

127.0.0.1:3306

Make sure the information in "Source port" and "Destination" are correct, that the "Local" radio button is selected and click "Add".

You should now see the new tunnel information displayed as shown.

Go back to the main Putty screen and save the connection.

Now you can open ssh session by entering the user name and password.

Once you’ve got the ssh tunnel going, you can open up any mysql client and enter in the details for your remote server.

Since your connection will now be through the secure tunnel created by Putty, your "Server Host" will now be local so use "127.0.0.1".

The "Port" should be set to the same port you set for Source port earlier.

Once the connection settings are correct, click "OK" and you should then be able to succesfully connect to your MySQL server except now, through a secure tunnel!

April 5, 2012

SSH Key Generation and its Fingerprint Verification

SSH Key Generation and its Fingerprint.

Generate a new SSH key.

To generate a new SSH key, enter the code below. We want the default settings so when asked to enter a file in which to save the key, just press enter.

$ ssh-keygen -t rsa -C "your_email@youremail.com"

Creates a new ssh key using the provided email
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/your_user_directory/.ssh/id_rsa):

Now you need to enter a passphrase.

To view the fingerprint of the ssh host key

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key

Apache Tomcat Installation and SSL Configuration

You can see/download latest versions of tomcat from the url: http://tomcat.apache.org/whichversion.html

To download and install Apache Tomcat version 7.0.26

cd /opt
wget http://apache.petsads.us/tomcat/tomcat-7/v7.0.26/bin/apache-tomcat-7.0.26.tar.gz
tar -xvf apache-tomcat-7.0.26.tar.gz /opt

Now set variables in server.

vi /root/.bashrc

Copy and paste below lines:

> export CATALINA_HOME=/opt/apache-tomcat-7.0.26

> export TOMCAT_HOME=$CATALINA_HOME

> export PATH=$CATALINA_HOME/bin:$PATH

Logout and Login to server.

**Configure SSL for tomcat**

Use below command to create the keystore and while creating use hostname for "first and last name"

keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/keystore

Edit server.xml file and uncommented/edited these lines:



Note: change password as while you are creating the keystore

Restart tomcat

catalina.sh stop
catalina.sh start

Some useful commands to Manage/Monitor Servers

These commands are mainly for rpm based linux servers like CentOS etc.. May be some commands works in ubuntu servers etc...

Command to find out total established connections, closing connection, TIME_WAIT and much more.

netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

Sample Output:

1 established
1 Foreign
5 LISTEN
16 TIME_WAIT
19 ESTABLISHED

Dig out more information about a specific ip address

netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n

2 LISTEN
4 FIN_WAIT1
4 ESTABLISHED
7 TIME_WAIT

To print list of all unique IP address connected to server, enter:

netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq

To print total of all unique IP address, enter:


netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq | wc -l

Find Out If Box is Under DoS Attack or Not


If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:

netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

Command to list the connections to port 80:


netstat -alntp | grep :80

To check the number of connections to port 80:

netstat -alntp | grep :80 | wc -l

Command To Find Out Top 10 CPU Consuming Process


ps -auxf | sort -nr -k 3 | head -10

Command To Find Out The Top 10 Memory Consuming Process

ps -auxf | sort -nr -k 4 | head -10
An useful command to list connections to a particular port with its proccess id.

For eg: Port 8080

lsof -w -n -i tcp:8080

Command to remove a running process.
For eg: a proccess with PID 8457

kill -9 8457

Linux Screen Command

Steps


- Create a screen using the command

screen -S geopc


- Close the shell without logout


- Open a new shell and type

screen -ls

Sample Output:

There are screens on:
16921.joemon (Dead ???)
3981.name (Attached)
5002.geopc (Attached)
Remove dead screens with 'screen -wipe'.
3 Sockets in /tmp/screens/S-root.


- You can login to that screen using the command screen -r 'screen name'

screen -r 5002.geopc

To attach a scree that is already attached with the following command:

screen -x -R


You can add your commands as comments!... :)

Setting up Apache Tomcat to work with Apache Server

We are using **mod_jk** Tomcat-Apache plug-in that handles the communication between Tomcat and Apache.

Install the GNU compilers gcc and g++, make utility to maintain groups of programs and httpd-devel package with the following command in rpm based linux.

yum install gcc* gcc-c++ make automake httpd-devel

Installation and configuration


Ensure Apache HTTP Server is not running

/etc/init.d/httpd stop

Download and extract Tomcat Connector to the following under /root

cd /root/
wget http://mirrors.kahuki.com/apache//tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.32-src.tar.gz
tar -xvf tomcat-connectors-1.2.32-src.tar.gz
cd /root/tomcat-connectors-1.2.32-src/native/

Build and install with the following command

./configure --with-apxs=/usr/sbin/apxs; make; make install

Change permission of loaded module mod_jk.so

chmod 755 /usr/lib64/httpd/modules/mod_jk.so

Create mod_jk.conf file in apache httpd server.

vi /etc/httpd/conf.d/mod_jk.conf

Copy and paste below lines.


LoadModule jk_module "/usr/lib64/httpd/modules/mod_jk.so"


JkWorkersFile "/opt/apache-tomcat-6.0.20/conf/jk/workers.properties"
JkLogFile "/opt/apache-tomcat-6.0.20/logs/mod_jk.log"

JkLogLevel emerg

Open workers.properties file in apache tomcat.

vi /opt/tomcat/conf/jk/workers.properties

Add ajp13 to workers.list so that the following line becomes:

worker.list=jk-status, ajp13


In mod_jk.conf and ssl.conf use mod_jk's JkMount directive to assign specific URLs to Tomcat. For example the following directives will send all requests beginning with /idp to the "ajp13" worker.

Open mod_jk.conf in apache server.

vi /etc/httpd/conf.d/mod_jk.conf

Copy and paste below lines at the end of file.

JkMount /idp ajp13
JkMount /idp/* ajp13

Now open ssl.conf file to setup redirection for secure connection

vi /etc/httpd/conf.d/ssl.conf

Configure mod_ssl by adding the following lines near the end, just before the closing .

JkMount /idp ajp13
JkMount /idp/* ajp13

Restart tomcat and apache

catalina.sh stop
catalina.sh start
/etc/init.d/httpd restart

Thats all!...

The main advantage of this is you need to open only port of apache in firewall.

Apache Maven Installation and Configuration

Apache Maven Installation and Configuration

You can see/download latest versions of tomcat from the url: http://maven.apache.org/download.html

To download and install Apache Maven-2.2.1

cd /opt
wget http://apache.mirrors.redwire.net//maven/binaries/apache-maven-2.2.1-bin.tar.gz
tar -xvf apache-maven-2.2.1-bin.tar.gz

Now set variables in server.

vi /root/.bashrc

Copy and paste below lines:

> export MVN_HOME=/opt/apache-maven-2.2.1

> export PATH=$MVN_HOME/bin:$PATH

Logout and Login to server.

Installation of JAVA

Java

You can down load Java from the url: http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u31-download-1501634.html

or for a linux with 62 bit OS

wget http://download.oracle.com/otn-pub/java/jdk/6u31-b04/jdk-6u31-linux-x64.bin

Now install java as follows:

mkdir cd /usr/java/
mv jdk-6u31-linux-x64.bin /usr/java/
cd /usr/java
chmod +x jdk-6u31-linux-x64.bin
./jdk-6u31-linux-x64.bin

Now set java variables in server.

vi /root/.bashrc

Copy and paste below lines:

> export JAVA_HOME=/usr/java/jdk1.6.0_29
> export PATH=$JAVA_HOME/bin:$PATH

Logout and Login again.

html to pdf conversion in Linux

To convert html page or an url to pdf, we can use wkhtmltopdf on a linux machine.

Downloaded the relevant static binary v0.10.0 from here: http://code.google.com/p/wkhtmltopdf/downloads/list

via ssh on my shared host typed the following:

wget {relavant url to binary from link above}
tar -xvf {filename of above wget'd file}
For eg: for a 64 bit OS

wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.9.9-static-amd64.tar.bz2
tar -jxvf wkhtmltopdf-0.9.9-static-amd64.tar.bz2
cp -rv wkhtmltopdf-amd64 /usr/local/bin/

Now you can convert pages as follows:

wkhtmltopdf-amd64 http://www.google.com google.pdf

March 6, 2012

Managing .git file size

Managing .git file size

While using the main problem we will be facing is large size of .git folder inside your repository. Follow below commands from your repository for the best way to cut down the size with out effecting the commit history:

# git reflog expire --expire=0 –all
# git repack –ad
# git prune
# git gc


Reflog is a mechanism to record when the tip of branches are updated. This command is to manage the information recorded in it. The subcommand "expire" is used to prune older reflog entries. Entries older than expire time, or entries older than expire-unreachable time and not reachable from the current tip, are removed from the reflog.

Repack is used to combine all objects that do not currently reside in a "pack", into a pack. It can also be used to re-organize existing packs into a single, more efficient pack.A pack is a collection of objects, individually compressed, with delta compression applied, stored in a single file, with an associated index file.Packs are used to reduce the load on mirror systems, backup engines, disk storage, etc.

Prune - Prune all unreachable objects from the object database.

GC Cleanup unnecessary files and optimize the local repository.

February 22, 2012

Downgrading PHP Versions in Linux

Downgrading PHP Versions in Centos/Redhat using Yum.

First you need to install allow downgrade option for Yum using the command:
# yum install yum-allowdowngrade

Configure yum.conf to include the following line “showdupesfromrepos=1” and the location of file is /etc/yum.conf
# vi /etc/yum.conf
Add the below line to this file.
showdupesfromrepos=1

Remove the current php package using the command:
# yum remove php*

Now List avaliable php packages using the command:
# yum list php

Now install the required version of php and required modules as follows (as an eg for php version 5.3.10):

# yum --allow-downgrade install php-5.3*
# yum --allow-downgrade install php-mbstring-5.3.10 php-mysql-5.3.10
# yum --allow-downgrade install php-gd-5.3.10
# yum --allow-downgrade install php-cli-5.3.10
# yum --allow-downgrade install php-mcrypt-5.3.10 php-standard-5.3.10 php-wddx-5.3.10 php-reader-5.3.10


I refered this link: http://almamunbd.blogspot.com/2010/01/downgrading-php-53-to-php-52-using-yum.html