Computer and Internet

Include dbase on PHP 5.3 Centos 5.7

2011-12-10T11:42:00.002+07:00

I want to enable dbase on PHP 5.3. And i found website that have information about it.

Environment :
OS : CentOS 5.7 Final
Web Server : httpd-2.2.3-53
PHP : php53-5.3.3-1.el5_6.1
Programming Language : gcc

Download package from php.net

[root@compare] # wget http://pecl.php.net/get/dbase-5.0.1.tgz

Extract package

[root@compare] # tar -zxvf dbase-5.0.1.tgz

Prepare the build environment for a PHP extension and compile

[root@compare] # cd dbase-5.0.1

[root@compare] # phpize

[root@compare] #./configure

[root@compare] # make

[root@compare] # make install

copy dbase.so to http modules

[root@compare] # cp /root/php/dbase-5.0.1/modules/dbase.so /usr/lib64/httpd/modules/

Message error if dbase.so not compatible or not installed correctly

[Wed Oct 26 20:15:28 2011] [error] [client 192.168.1.254] PHP Fatal error: Call to undefined function dbase_open() in /var/www/html/compare/impdbf.php on line 19

That's all

Source : http://www.myee.web.id/index.php/howto.html

SCP How To

2011-07-13T11:55:00.002+07:00

There are many software that can be use to transfer file. Many people use File Transfer Protocol to transfer file between computers. If you use Operating System Linux, you can use scp.
scp is used for copying file from local to remote host securely. It uses ssh for data transfer and provides the same authentication and same level of security as ssh.
If you want to copy a file from a remote host to the local host:
scp user@remotehost.com:filename /path/local/directory

If you want to copy a file from the local host to a remote host:
scp /path/local/directory user@remotehost.com:filename

If you want to copy a directory from local host to a remote host
scp -r /path/local/directory user@remotehost.com:/path/remote/directory

If you want to copy a directory from remote host to a local host
scp -r user@remotehost.com:/path/remote/directory /path/local/directory

If you want to copy a file from remote host 1 to remote host 2 (copy file between remote host)
scp user@remotehost1.com:/path/remote/host1/filename
user@remotehost2.com:/path/remote/host2/

If you want to use blowfish cipher to encrypt the data being sent:
scp -c blowfish /path/local/directory user@remotehost.com:filename

If you want to compress the file before send:
scp -c blowfish -C /path/local/directory user@remotehost.com:filename

Yahoo Messenger Port

2011-03-26T12:41:00.000+07:00

Ports Yahoo! Messenger uses!

Yahoo! Messenger services uses a variety of ports. These are list of ports

Chat & Messenger TCP Port 5050: Client Access only
Insider/Room Lists TCP Port 80: Client Access only
File Transfer TCP Port 80: Server Access.

Your ISP may block this port, as its used for web hosting.
You can change port in Messenger, Preferences, File Transfer.
Voice Chat UDP 5000-5010
TCP 5000-5001: Client Access
If UDP Fails, TCP will be used instead, see below.
WebCam TCP Port 5100: Client Access
Super Webcam TCP Port 5100: Server Access
P2P Instant Messages TCP Port 5101: Server Access
PMs between Buddys may not use the Yahoo! Server, but this is not a requirement.

Create User in MYSQL

2011-03-15T15:04:00.001+07:00

User management is an important aspect of managing a MySQL Server. This section covers the most common user management features encountered while managing a server.

Creating a New User Account

To create a new user account, first log in as root. Next, use the following command to create the user.

GRANT ALL PRIVILEGES ON *.* TO 'username'@'localhost' IDENTIFIED BY 'some_password';
flush privileges;

This command would give the new user all privileges on all databases and tables. The user could only log in from the host specified by localhost. For the changes to take effect, you must call the flush privileges; command to make the server reread the user table.

The previous command is not something you would generally do. A more reasonable command line might look like this.

GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON db.* TO 'username'@'localhost' IDENTIFIED BY 'password';
flush privileges;

This example explicitly identifies the privileges being granted. This is preferable as privileges are limited to only the user and database where access is required. The privileges are only applied to the database 'db' and not all the databases on the sever.

Change a User's Password

If you need to change a users password and nothing else, use the following set of commands.

mysql -u root -p
use mysql;
update user set password=password('new_password') where user='username';
flush privileges;

The password function encrypts the password in the database. Remember to execute flush privileges; so that your changes take effect.

source:http://www.abbeyworkshop.com/howto/lamp/index.html

Backup Mysql Database

2011-03-03T14:37:00.003+07:00

This tip would be useful for those who are either making backup of their remote mysql database or moving their web hosting to their provider.

Here’s how to export mysql DB to SQL file using command-line utility :
mysqldump –user=username –password=1234 –databases your_database –opt –quote-names –complete-insert > example.sql

or you can use this command :

$ mysql -u username -p dbname > database.sql

If the MySQL programs are not in your path, you will need to manually specify the location of the mysqldump program:

$ /usr/local/mysql/bin/mysqldump -u username -p --opt dbname > database.sql

Download the database.sql and keep it in a safe place (CDR, Zip disk, etc).

If you need to restore your database, you can do so like this:

$ mysql -u username -p databasename < database.sql

Optimize Wordpress

2011-02-23T13:09:00.002+07:00

Optimize your website is important steps after you made it. If you build your website using wordpress, i found three steps to optimize it.

First Step – Optimize

1) Upgrade to latest WordPress release

2) Delete all the unused or unwanted plugins (this is the first reason why you need 10-12 seconds to load your homepage).

3) Clean up your css code using a css compressor like styleneat, cleancss or csstidyonline.

4) Reduce the PHP and database queries.

For example, on your header, use absolute URLs (http://www.yourdomain.com/wp-content/themes/example/style.css instead of < ?php bloginfo(‘stylesheet_url’); ? >).

Second Step – Install some plugins

After that you can install 6 ‘magic’ plugins:

5) WP Super-Cache (to cache all the dynamic requests as static html files).

6) WP Tuner (to analyze your database and to find slow queries or plugins).

7) WP Smush.it (to reduce image file sizes using Smush.it)

8) WP-DBManager (again, to optimize and repair the database)

9) Disable Revisions and Autosave (every time you change a post you create new row in the database, you don’t need this feature).

10) Clean Options (to find orphaned options in the wp_options table)

Third Step – Finish up

11) Use Amazon S3 to serve static files (useful to save bandwidth and cpu). If you need help follow this guide.

12) Be sure to have the favicon.ico file. Otherwise WordPress will generate an ‘invisible’ 404 error (and a large amount of server load)

13) Disable Hotlinking of image. Two tutorials from jaypeeonline.net:

* HowTo: Prevent Bandwidth Theft or Hotlinking
* HowTo: Allow Google Reader Access To Hotlink-Protected Images

14) Keep RSS ‘content thieves’ away (tutorial here). And maybe use feedburner without any extra plugin to redirect your users.

15) Create a robots.txt file and a sitemap

16) Use Pingdom, Firebug and Dust-Me Selectors to find and fix errors.

Source: http://blogof.francescomugnai.com/2009/07/16-pratical-tips-to-speed-up-wordpress-on-media-temples-grid-service/

How To Install VB6 on Windows 7

2011-02-15T18:40:00.001+07:00

After surfing around the net, I've found very little information regarding installation of VB6 on Windows 7. Most of the information out there is for Vista, and most of it is queries for assistance.

You may be wondering why someone would want to utilize VB6 on a shiny new operating system like Windows 7. Or even Vista for that matter.

There are about a bazillion legacy applications out there that have to be supported, and people like me who speak VB6 need to have the tools installed on our workstations in order to implement and test updates and such for these legacy applications.

It also helps out when I need to squirt out a quick tool for use in my daily work.

So without further delay, here is the process that I have used on my Windows 7 machines to install Visual Basic 6.

1. Turn off UAC.

2. Insert Visual Studio 6 CD.

3. Exit from the Autorun setup.

4. Browse to the root folder of the VS6 CD.

5. Right-click SETUP.EXE, select Run As Administrator.

6. On this and other Program Compatibility Assistant warnings, click Run Program.

7. Click Next.

8. Click "I accept agreement", then Next.

9. Enter name and company information, click Next.

10. Select Custom Setup, click Next.

11. Click Continue, then Ok.

12. Setup will "think to itself" for about 2 minutes. Processing can be verified by starting Task Manager, and checking the CPU usage of ACMSETUP.EXE.

13. On the options list, select the following:
* Microsoft Visual Basic 6.0
* ActiveX
* Data Access
* Graphics

All other options should be unchecked. Click Continue, setup will continue.

14. Finally, a successful completion dialog will appear, at which click Ok. At this point, Visual Basic 6 is installed.

15. If you do not have the MSDN CD, clear the checkbox on the next dialog, and click next. You'll be warned of the lack of MSDN, but just click Yes to accept.

16. Click Next to skip the installation of Installshield. This is a really old version you don't want anyway.

17. Click Next again to skip the installation of BackOffice, VSS, and SNA Server. Not needed!

18. On the next dialog, clear the checkbox for "Register Now", and click Finish.

The wizard will exit, and you're done. You can find VB6 under Start, All Programs, Microsoft Visual Studio 6.

I've not tested this on Vista, but it should work for you there as well. Give it a try, and let me know how it works!

Enjoy!

UPDATE

You might notice after successfully installing VB6 on Windows 7 that working in the IDE is a bit, well, sluggish. For example, resizing objects on a form is a real pain.

After installing VB6, you'll want to change the compatibility settings for the IDE executable.

1. Using Windows Explorer, browse the location where you installed VB6. By default, the path is C:\Program Files\Microsoft Visual Studio\VB98\

2. Right click the VB6.exe program file, and select properties from the context menu.

3. Click on the Compatibility tab.

4. Place a check in each of these checkboxes:
* Run this program in compatibility mode for Windows XP (Service Pack 3)/li>
* Disable Visual Themes/li>
* Disable Desktop Composition

* Disable display scaling on high DPI settings

After changing these settings, fire up the IDE, and things should be back to normal, and the IDE is no longer sluggish.

source : http://www.fortypoundhead.com/

How To Disable UAC in Windows 7

2011-02-03T18:39:00.000+07:00

We can disable UAC in Windows 7 using these steps:

1. Run Registry Editor (RegEdit) by typing regedit at command prompt or at startmenu->run

2. Locate following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

3. Locate the following REG_DWORD value:
EnableLUA

4. Set the value of EnableLUA to 0.

Now Exit from Registry Editor and Restart the computer.

Tips Recover MySQL root Password

2011-01-07T09:32:00.004+07:00

One day i forgot myql root user password. Then i found simple steps to change it without reinstall mysql server.

1. Open console and stop mysql service

#/etc/init.d/mysqld stop

2. Then i run this service without password

#mysqld_safe --skip-grant-tables

you can run it as a background if you would not use another console (shell)

#mysqld_safe --skip-grant-tables &

3. Then i open another console and connect to mysql

#mysql -u root

output

mysql>

4. Next, i setup new password for root user

mysql> use mysql; mysql> update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root'; mysql> flush privileges; mysql> quit

5. Last step is stop mysql service

#/etc/init.d/mysqld stop

6. Finish, and start mysqld and test new password

#/etc/init.d/mysqld start #mysql -u root -p

Install DHCP Server

2011-01-03T14:33:00.003+07:00

Last week i need to install dhcp on my server. My server use Linux Ubuntu 8.04 as an operating system. These are the steps :

1. Install DHCP3 Server
sudo apt-get install dhcp3-server

2. Edit Configuration of DHCP
sudo nano /etc/dhcp3/dhcpd.conf

This is the configuration of /etc/dhcpd.conf

# Sample /etc/dhcpd.conf
# (add your comments here)
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.1, 192.168.1.2;
option domain-name "mydomain.example";

subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
range 192.168.1.150 192.168.1.200;
}

Save this configuration using Ctrl+O and Exit using Ctrl+X. This configuration will result in the DHCP server giving a client an IP address from the range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will lease an IP address for 600 seconds if the client doesn't ask for a specific time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The server will also "advise" the client that it should use 255.255.255.0 as its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers.

3. Restart DHCP
sudo /etc/init.d/dhcp3-server restart

4. Finish

25 Best SSH Tricks and Commands Part 2

2010-12-19T16:37:00.001+07:00

Another ssh tricks you shoud know are :

11) Port Knocking!

knock 3000 4000 5000 && ssh -p user@host && knock 5000 4000 3000

Knock on ports to open a port to a service (ssh for example) and knock again to close the port. You have to install knockd.

See example config file below.
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn

12) Remove a line in a text file. Useful to fix

ssh-keygen -R

In this case it’s better do to use the dedicated tool

11) Port Knocking!

knock 3000 4000 5000 && ssh -p user@host && knock 5000 4000 3000

Knock on ports to open a port to a service (ssh for example) and knock again to close the port. You have to install knockd.
See example config file below.
[options]
logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp –dport 22 -j ACCEPT
tcpflags = syn
12) Remove a line in a text file. Useful to fix

ssh-keygen -R

In this case it’s better do to use the dedicated tool
13) Run complex remote shell cmds over ssh, without escaping quotes

ssh host -l user $(
Much simpler method. More portable version: ssh host -l user “`cat cmd.txt`”

14) Copy a MySQL Database to a new Server via SSH with one command

mysqldump –add-drop-table –extended-insert –force –log-error=error.log -uUSER -pPASS OLD_DB_NAME | ssh -C user@newhost “mysql -uUSER -pPASS NEW_DB_NAME”

Dumps a MySQL database over a compressed SSH tunnel and uses it as input to mysql – i think that is the fastest and best way to migrate a DB to a new server!
15) Remove a line in a text file. Useful to fix “ssh host key change” warnings

sed -i 8d ~/.ssh/known_hosts

16) Copy your ssh public key to a server from a machine that doesn’t have ssh-copy-id

cat ~/.ssh/id_rsa.pub | ssh user@machine “mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys”

If you use Mac OS X or some other *nix variant that doesn’t come with ssh-copy-id, this one-liner will allow you to add your public key to a remote machine so you can subsequently ssh to that machine without a password.

17) Live ssh network throughput test

yes | pv | ssh $host “cat > /dev/null”

connects to host via ssh and displays the live transfer speed, directing all transferred data to /dev/null
needs pv installed
Debian: ‘apt-get install pv’
Fedora: ‘yum install pv’ (may need the ‘extras’ repository enabled)

18) How to establish a remote Gnu screen session that you can re-connect to

ssh -t user@some.domain.com /usr/bin/screen -xRR

Long before tabbed terminals existed, people have been using Gnu screen to open many shells in a single text terminal. Combined with ssh, it gives you the ability to have many open shells with a single remote connection using the above options. If you detach with “Ctrl-a d” or if the ssh session is accidentally terminated, all processes running in your remote shells remain undisturbed, ready for you to reconnect. Other useful screen commands are “Ctrl-a c” (open new shell) and “Ctrl-a a” (alternate between shells). Read this quick reference for more screen commands: http://aperiodic.net/screen/quick_reference

19) Resume scp of a big file

rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file

It can resume a failed secure copy ( usefull when you transfer big files like db dumps through vpn ) using rsync.
It requires rsync installed in both hosts.
rsync –partial –progress –rsh=ssh $file_source $user@$host:$destination_file local -> remote
or
rsync –partial –progress –rsh=ssh $user@$host:$remote_file $destination_file remote -> local

20) Analyze traffic remotely over ssh w/ wireshark

ssh root@server.com ‘tshark -f “port !22″ -w -’ | wireshark -k -i -

This captures traffic on a remote machine with tshark, sends the raw pcap data over the ssh link, and displays it in wireshark. Hitting ctrl+C will stop the capture and unfortunately close your wireshark window. This can be worked-around by passing -c # to tshark to only capture a certain # of packets, or redirecting the data through a named pipe rather than piping directly from ssh to wireshark. I recommend filtering as much as you can in the tshark command to conserve bandwidth. tshark can be replaced with tcpdump thusly:
ssh root@example.com tcpdump -w – ‘port !22′ | wireshark -k -i -

21) Have an ssh session open forever

autossh -M50000 -t server.example.com ‘screen -raAd mysession’

Open a ssh session opened forever, great on laptops losing Internet connectivity when switching WIFI spots.

22) Harder, Faster, Stronger SSH clients

ssh -4 -C -c blowfish-cbc

We force IPv4, compress the stream, specify the cypher stream to be Blowfish. I suppose you could use aes256-ctr as well for cypher spec. I’m of course leaving out things like master control sessions and such as that may not be available on your shell although that would speed things up as well.

23) Throttle bandwidth with cstream

tar -cj /backup | cstream -t 777k | ssh host ‘tar -xj -C /backup’

this bzips a folder and transfers it over the network to “host” at 777k bit/s.
cstream can do a lot more, have a look http://www.cons.org/cracauer/cstream.html#usage
for example:
echo w00t, i’m 733+ | cstream -b1 -t2
24) Transfer SSH public key to another machine in one step

ssh-keygen; ssh-copy-id user@host; ssh user@host

This command sequence allows simple setup of (gasp!) password-less SSH logins. Be careful, as if you already have an SSH keypair in your ~/.ssh directory on the local machine, there is a possibility ssh-keygen may overwrite them. ssh-copy-id copies the public key to the remote host and appends it to the remote account’s ~/.ssh/authorized_keys file. When trying ssh, if you used no passphrase for your key, the remote shell appears soon after invoking ssh user@host.

25) Copy stdin to your X11 buffer

ssh user@host cat /path/to/some/file | xclip

Have you ever had to scp a file to your work machine in order to copy its contents to a mail? xclip can help you with that. It copies its stdin to the X11 buffer, so all you have to do is middle-click to paste the content of that looong file :)

Ref :
http://blog.urfix.com/25-ssh-commands-tricks/

25 Best SSH Tricks and Commands Part 1

2010-12-17T16:35:00.003+07:00

OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

SSH is an awesome powerful tool, there are unlimited possibility when it comes to SSH, heres the top Voted SSH commands

1) Copy ssh keys to user@host to enable password-less ssh logins.

ssh-copy-id user@host

To generate the keys use the command ssh-keygen
2) Start a tunnel from some machine’s port 80 to your local post 2001

ssh -N -L2001:localhost:80 somemachine

Now you can acces the website by going to http://localhost:2001/

3) Output your microphone to a remote computer’s speaker

dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp

This will output the sound from your microphone port to the ssh target computer’s speaker port. The sound quality is very bad, so you will hear a lot of hissing.
4) Compare a remote file with a local file

ssh user@host cat /path/to/remotefile | diff /path/to/localfile -

Useful for checking if there are differences between local and remote files.

5) Mount folder/filesystem through SSH

sshfs name@server:/path/to/folder /path/to/mount/point

Install SSHFS from http://fuse.sourceforge.net/sshfs.html
Will allow you to mount a folder security over a network.
6) SSH connection through host in the middle

ssh -t reachable_host ssh unreachable_host

Unreachable_host is unavailable from local network, but it’s available from reachable_host’s network. This command creates a connection to unreachable_host through “hidden” connection to reachable_host.
7) Copy from host1 to host2, through your host

ssh root@host1 “cd /somedir/tocopy/ && tar -cf – .” | ssh root@host2 “cd /samedir/tocopyto/ && tar -xf -”

Good if only you have access to host1 and host2, but they have no access to your host (so ncat won’t work) and they have no direct access to each other.

8) Run any GUI program remotely

ssh -fX @

The SSH server configuration requires:

X11Forwarding yes # this is default in Debian

And it’s convenient too:

Compression delayed

9) Create a persistent connection to a machine

ssh -MNf @

Create a persistent SSH connection to the host in the background. Combine this with settings in your ~/.ssh/config:
Host host
ControlPath ~/.ssh/master-%r@%h:%p
ControlMaster no
All the SSH connections to the machine will then go through the persisten SSH socket. This is very useful if you are using SSH to synchronize files (using rsync/sftp/cvs/svn) on a regular basis because it won’t create a new socket each time to open an ssh connection.

10) Attach screen over ssh

ssh -t remote_host screen -r

Directly attach a remote screen session (saves a useless parent bash process)

Ref :
http://blog.urfix.com/25-ssh-commands-tricks/

Detect And Block Port Scan Attacks In Real Time

2010-12-16T10:23:00.003+07:00

A port scanner (such as nmap) is a piece of software designed to search a network host for open ports. Cracker can use nmap to scan your network before starting attack. You can always see scan patterns by visiting /var/log/messages. But, I recommend the automated tool called psad - the port scan attack detector under Linux which is a collection of lightweight system daemons that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic.

psad makes use of Netfilter log messages to detect, alert, and (optionally) block port scans and other suspect traffic. For tcp scans psad analyzes tcp flags to determine the scan type (syn, fin, xmas, etc.) and corresponding command line options that could be supplied to nmap to generate such a scan. In addition, psad makes use of many tcp, udp, and icmp signatures contained within the Snort intrusion detection system.

Install psad under Debian / Ubuntu Linux

Type the following command to install psad, enter:
$ sudo apt-get update
$ sudo apt-get install psad
Configure psad

Open /etc/syslog.conf file, enter:
# vi /etc/syslog.conf
Append following code

kern.info |/var/lib/psad/psadfifo

Alternatively, you can type the following command to update syslog.conf:
echo -e ’kern.info\t|/var/lib/psad/psadfifo’ >> /etc/syslog.conf
psad Syslog needs to be configured to write all kern.info messages to a named pipe /var/lib/psad/psadfifo. Close and save the file. Restart syslog:
# /etc/init.d/sysklogd restart
# /etc/init.d/klogd
The default psad file is located at /etc/psad/psad.conf:
# vi /etc/psad/psad.conf
You need to setup correct email ID to get port scan detections messages and other settings as follows:

EMAIL_ADDRESSES vivek@nixcraft.in;

Set machine hostname (FQDN):

HOSTNAME server.nixcraft.in;

If you have only one interface on box (such as colo web server or mail server), sent HOME_NET to none:

HOME_NET NOT_USED; ### only one interface on box

You may also need to adjust danger levels as per your setup. You can also define a set of ports to ignore, for example to have psad ignore udp ports 53 and 5000, use:

IGNORE_PORTS udp/53, udp/5000;

You can also enable real time iptables blocking, by setting following two variables:

ENABLE_AUTO_IDS Y;
IPTABLES_BLOCK_METHOD Y;

psad has many more options, please read man pages for further information. Save and close the file. Restart psad:
# /etc/init.d/psad restart
Update iptables rules

psad need following two rules with logging enabled:

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG

Here is my sample Debian Linux desktop firewall script with logging enabled at the end:

#!/bin/bash
IPT="/sbin/iptables"

echo "Starting IPv4 Wall..."
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
modprobe ip_conntrack

BADIPS=$(egrep -v -E "^#|^$" /root/scripts/blocked.fw)
PUB_IF="eth0"

#unlimited
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT

# DROP all incomming traffic
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

# block all bad ips
for ip in $BADIPS
do
$IPT -A INPUT -s $ip -j DROP
$IPT -A OUTPUT -d $ip -j DROP
done

# sync
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Drop Syn"

$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -j DROP

# Fragments
$IPT -A INPUT -i ${PUB_IF} -f -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fragments Packets"
$IPT -A INPUT -i ${PUB_IF} -f -j DROP

# block bad stuff
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL ALL -j DROP

$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "NULL Packets"
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -j DROP # NULL packets

$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "XMAS Packets"
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS

$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fin Packets Scan"
$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans

$IPT -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

# Allow full outgoing connection but no incomming stuff
$IPT -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# allow ssh only
$IPT -A INPUT -p tcp --destination-port 22 -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 22 -j ACCEPT

# allow incoming ICMP ping pong stuff
$IPT -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# No smb/windows sharing packets - too much logging
$IPT -A INPUT -p tcp -i eth0 --dport 137:139 -j REJECT
$IPT -A INPUT -p udp -i eth0 --dport 137:139 -j REJECT

# Log everything else
# *** Required for psad ****
$IPT -A INPUT -j LOG
$IPT -A FORWARD -j LOG
$IPT -A INPUT -j DROP

# Start ipv6 firewall
# echo "Starting IPv6 Wall..."
/root/scripts/start6.fw

exit 0

How do I view port scan report?

Simply type the following command:
# psad -S

Sample output (some of the sensitive / personally identified parts have been removed):

[+] psadwatchd (pid: 2540) %CPU: 0.0 %MEM: 0.0
Running since: Sun Jul 27 07:14:56 2008

[+] kmsgsd (pid: 2528) %CPU: 0.0 %MEM: 0.0
Running since: Sun Jul 27 07:14:55 2008

[+] psad (pid: 2524) %CPU: 0.0 %MEM: 0.8
Running since: Sun Jul 27 07:14:55 2008
Command line arguments: -c /etc/psad/psad.conf
Alert email address(es): radhika.xyz@xxxxxxxx.co.in

src: dst: chain: intf: tcp: udp: icmp: dl: alerts: os_guess:
117.32.xxx.149 xx.22.zz.121 INPUT eth0 1 0 0 2 2 -
118.167.xxx.219 xx.22.zz.121 INPUT eth0 1 0 0 2 2 -
118.167.xxx.250 xx.22.zz.121 INPUT eth0 1 0 0 2 2 -
118.167.xxx.5 xx.22.zz.121 INPUT eth0 1 0 0 2 2 -
122.167.xx.11 xx.22.zz.121 INPUT eth0 4642 0 0 4 50 -
122.167.xx.80 xx.22.zz.121 INPUT eth0 0 11 0 1 2 -
123.134.xx.34 xx.22.zz.121 INPUT eth0 20 0 0 2 9 -
125.161.xx.3 xx.22.zz.121 INPUT eth0 0 9 0 1 4 -
125.67.xx.7 xx.22.zz.121 INPUT eth0 1 0 0 2 2 -
190.159.xxx.220 xx.22.zz.121 INPUT eth0 0 9 0 1 3 -
193.140.xxx.210 xx.22.zz.121 INPUT eth0 0 10 0 1 2 -
202.xx.23x.196 xx.22.zz.121 INPUT eth0 0 13 0 1 10 -
202.xx.2x8.197 xx.22.zz.121 INPUT eth0 0 20 0 2 17 -
202.97.xxx.198 xx.22.zz.121 INPUT eth0 0 17 0 2 12 -
202.97.xxx.199 xx.22.zz.121 INPUT eth0 0 18 0 2 15 -
202.97.xxx.200 xx.22.zz.121 INPUT eth0 0 17 0 2 14 -
202.97.xxx.201 xx.22.zz.121 INPUT eth0 0 15 0 2 12 -
202.97.xxx.202 xx.22.zz.121 INPUT eth0 0 21 0 2 16 -
203.xxx.128.65 xx.22.zz.121 INPUT eth0 12 0 0 2 6 Windows XP/2000
211.90.xx.14 xx.22.zz.121 INPUT eth0 1 0 0 2 2 -
213.163.xxx.9 xx.22.zz.121 INPUT eth0 0 0 1 2 2 -
221.130.xxx.124 xx.22.zz.121 INPUT eth0 0 35 0 2 31 -
221.206.xxx.10 xx.22.zz.121 INPUT eth0 0 33 0 2 21 -
221.206.xxx.53 xx.22.zz.121 INPUT eth0 0 33 0 2 27 -
221.206.xxx.54 xx.22.zz.121 INPUT eth0 0 39 0 2 26 -
221.206.xxx.57 xx.22.zz.121 INPUT eth0 0 33 0 2 19 -
60.222.xxx.146 xx.22.zz.121 INPUT eth0 0 40 0 2 33 -
60.222.xxx.153 xx.22.zz.121 INPUT eth0 0 14 0 1 11 -
60.222.xxx.154 xx.22.zz.121 INPUT eth0 0 18 0 2 15 -

Netfilter prefix counters:
"SPAM DROP Block": 161519
"Drop Syn Attacks": 136

Total scan sources: 95
Total scan destinations: 1

Total packet counters:
tcp: 5868
udp: 164012
icmp: 2

How do I remove automatically blocked ips?

Simply type the following command to remove any auto-generated firewall block
# psad -F
How do I view detailed log for each IP address?

Go to /var/log/psad/ip.address/ directory. For example, view log for IP address 11.22.22.33, enter:
# cd /var/log/psad/11.22.22.33
# ls -l

Sample output:

-rw------- 1 root root 2623 2008-07-30 13:02 xx.22.zz.121_email_alert
-rw------- 1 root root 32 2008-07-30 13:02 xx.22.zz.121_packet_ctr
-rw------- 1 root root 0 2008-07-29 00:27 xx.22.zz.121_signatures
-rw------- 1 root root 11 2008-07-30 13:02 xx.22.zz.121_start_time
-rw------- 1 root root 2 2008-07-30 13:02 danger_level
-rw------- 1 root root 2 2008-07-30 13:02 email_count
-rw------- 1 root root 1798 2008-07-29 00:27 whois

Use cat / more or less command to view rest of the information.

Ref:
http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/

Find Working Directory Of Some Process In Linux

2010-12-15T17:16:00.001+07:00

Find Working Directory Of Some Process In Linux

If i found that any particular process is causing load while monitoring your Linux server, i would kill the process to get rid of it. Now, i found it is always better to identify the root cause of problem. Find out from which directory this process is running.

Then i know that it is very easy to identify the working directory of the process, first of all find out the ID of the process for which you wish to determine the working directory. Run the following comamnd :

ps -ef | grep Process-Name

where replace Process-Name with the name of the process, just like if you want to find out the process ID for firefox then run the command as:

ps -ef | gep firefox

Once you have determined the process ID, run the following command to find out its working directory.

pwdx processID

That’s it, Enjoy!

Install Adobe Air On Ubuntu

2010-09-15T11:41:00.002+07:00

Adobe AIR is application for web developer to develop or run RIA (Rich Internet Application) like desktop application. The Adobe® AIR® 2 runtime enables developers to use HTML, JavaScript, Adobe Flash® software, and ActionScript® to build web applications that run as standalone client applications without the constraints of a browser.
Adobe AIR can be use on Windows and Linux. Now, i will guide you install Adobe AIR on Ubuntu.

1. Download the source from http://airdownload.adobe.com/air/lin/download/1.5/AdobeAIRInstaller.bin
2. Change the file mode to execute : $sudo chmod +x AdobeAIRIntaller.bin
3. Then execute the file : $sudo ./AdobeAIRInstaller.bin
4. Choose Agree from Agreement Form
5. Finish
Now, you can run your .AIR file on Linux Ubuntu.

Run Your Own Web Server Using Linux & Apache

2010-07-23T15:07:00.003+07:00

Run Your Own Web Server Using Linux & Apache

Learn about everything you'll need to build and maintain your Linux servers, and to deploy Web applications to them.

Whether you're planning on running Linux at home, or on a leased Web Server, this book will walk you step-by-step through all of the common administration tasks, from managing traffic reporting to log-file rotation.

This guide even includes step-by-step instructions on installing Linux (Fedora 4), Apache 2.0, PHP 5 and MySQL 4.1 on a home or office development server, so you can test all of your applications before rolling them out.

This ebook from Sitepoint.

PDF A Complete Beginner's Manual for Ubuntu 10.04 (Lucid Lynx)

2010-07-06T16:03:00.002+07:00

"A Complete Beginner's Manual for Ubuntu 10.04 (Lucid Lynx)"

Getting Started with Ubuntu 10.04 (Lucid Lynx) is a comprehensive beginners guide for the Ubuntu operating system; it features comprehensive guides, How Tos and information on anything you need to know after first installing Ubuntu.

Designed to be as user-friendly and easy to follow as possible, it should provide the first point of reference to any Ubuntu newcomer with lots of information. The manual has step by step instructions and includes lots of screenshots to show you how to do tasks. It also includes a Troubleshooting section to help you solve common Ubuntu problems quickly. Download this 160+ page manual today.

Download Free Ebook A Complete Beginner's Manual for Ubuntu 10.04 (Lucid Lynx)

Free Ebook Linux for Newbie

2010-07-03T16:00:00.001+07:00

Learn the basics of the Linux operating systems. Get to know what it is all about, and familiarize yourself with the practical side. Basically, if you're a complete Linux newbie and looking for a quick and easy guide to get you started this is it.

You've probably heard about Linux, the free, open-source operating system that's been pushing up against Microsoft. It's way cheaper, faster, safer, and has a far bigger active community than Windows, so why aren't you on it? Don't worry, Makeuseof.com understands. Like many things, venturing off into a completely unknown world can seem rather scary, and also be pretty difficult in the beginning. It's while adapting to the unknown, that one needs a guiding, and caring hand. This guide will tell you all you need to know in 20 illustrated pages, helping you to take your first steps. Let your curiosity take you hostage and start discovering Linux today, with this manual as your guide! Don't let Makeuseof.com keep you any longer, and download the Newbie's Initiation to Linux. With this free guide you will also receive daily updates on new cool websites and programs in your email for free courtesy of MakeUseOf.

Download

Download Free Ebook Linux Advanced Administration (pdf)

2010-07-01T15:22:00.002+07:00

The GNU/Linux systems have reached an important level of maturity, allowing to integrate them in almost any kind of work environment, from a desktop PC to the sever facilities of a big company.

In this ebook "The GNU/Linux Operating System", the main contents are related with system administration. You will learn how to install and configure several computer services, and how to optimize and synchronize the resources using GNU/Linux.

The topics covered in this 500+ page eBook include Linux network, server and data administration, Linux kernel, security, clustering, configuration, tuning, optimization, migration and coexistence with non-Linux systems. A must read for any serious Linux system admin.

Download

Install ffmpeg On Ubuntu

2010-05-01T16:33:00.002+07:00

I have write about Howto Install FFMPEG on Centos. Now, what if I want to install FFMPEG on Ubuntu 8.04? I thought i can do the same steps. But, after try for while, i've got trouble. So, i search for some guide how to install it on Ubuntu 8.04. After search for many sites, i got the guide in Ubuntu Forum. The tutorial is very good and it works for me. And they also list tutorial for another version till Lucid.

Each step is very clear to follow. So, if you want to install ffmpeg on Ubuntu you can use their steps.

Wget: Mirroring Website

2010-04-27T07:00:00.005+07:00

WGET is Ultimate Downloader. While you can use it simply to retrieve a single file from a server, it is much more powerful than that and offers many more features.One of its features is mirroring website.

Mirroring simply means downloading the entire contents of a Web site and uploading it somewhere else. So, we can make local copy of a website using wget.

The basic command to mirror website is

$ wget -m http://www.example.com

This command will allow you to download website but it can't make a complete local copy of a website. This command only download the page but the links still point to the real URLs including the images and stylesheets.

We have to add another option to make links not point to real URLs. Add option -k after -m

$ wget -m -k http://www.example.com

Now, the links will point to next page in our local copy website.

To delay your download, you can add option -w and how much time that you want to delay it. Because if we delay the mirroring, it can reduce the load of bandwidth of the site.

$ wget -m -k -w 25 http://www.example.com

From command above, -w 25 means we delay it for 25 seconds between requests. We can replace the number depend on our need. We can add suffix for the number like m for minutes, h for ours and d for days.

Now if you want to download your favorite website you can use wget to do that. This wget can be use on Linux, *Nix and Ms Windows

ref : http://fosswire.com

Vi Editor : Search and Replace

2010-04-20T13:01:00.005+07:00

Vi as a text editor can search and replace like another text editor. Here’s vi editor’s syntax to add a “#” in front of every line. It is useful when coding and reusing an old script or editing file configuration:

:1,$ s/^/#/g

To “undo” this command (i.e. the inverse):

:1,$ s/^#//g

Useful variant. If you just want the lines below your cursor to have a “#”:

:.,$ s/^/#/g

Another Example (replace)

Replace first match on current line
:s/OLD/NEW

Replace all matches on current line
:s/OLD/NEW/g

Replace matches between lines 10 and 20
:10,20s/OLD/NEW/g

Replace matches from line 10 to the end of file
:10,$s/OLD/NEW/g

Replace matches from cursor to end of file
:.,$s/OLD/NEW/g

Add the word “NEW” in front of every line
:1,$s/^/NEW/g

Source : http://technotes.twosmallcoins.com/?p=18

WGET Ultimate Free Downloader

2010-04-15T16:45:00.004+07:00

GNU WGET derived from World Wide Web and get, is a free software package for retrieving files or downloader. It can using many protocols like HTTP, FTP, and HTTPS. GNU Wget or Wget is a non-interactive commandline tool.

Written in a highly portable style of C with minimal dependencies on third-party libraries, Wget requires little more than a C compiler and a BSD-like interface to TCP/IP networking. Designed as a Unix program invoked from the Unix shell, the program has been ported to numerous Unix-like environments and systems, including Microsoft Windows via Cygwin, and Mac OS X.

Wget can resume aborted downloads. It also can use filename wild cards and recursively mirror directories. For you connected behind proxy, you still can use wget, because it support HTTP Proxies. And also it supports HTTP cookies and persistent HTTP connections. And there are many other features from Wget.

Basic usage this Wget is

$ wget http://www.example.com/files.to.download

Now, it has been used as the basis for graphical programs such as GWget and KGet

Nessus Vulnerability Scanner

2010-04-13T08:30:00.003+07:00

Tenable Network Security released Nessus 4.0.2. This version fix all bug from the last released. New version of nessus support newest operating system from Apple, Windows and Linux.

Nessus can be used to audit:
* credentialed and un-credentialed port scanning
* network based vulnerability scanning
* credentialed based patch audits for Windows and most UNIX platforms
* credentialed configuration auditing of most Windows and UNIX platforms
* robust and comprehensive credentialed security testing of 3rd party applications
* custom and embedded web application vulnerability testing
* SQL database configuration auditing
* software enumeration on Unix and Windows
* testing anti-virus installs for out-of date signatures and configuration errors

New updates from Nessus 4.0.2
* Support for Windows 7 – Changes in the TCP/IP stack required updates for the NessusClient and Nessus server to run on this platform.
* Support for Mac OS X “Snow Leopard” – Apple also introduced changes on the latest version of its operating system and Nessus has been updated to include full support for the NessusClient and Nessus server.
* Fixed IPv6 scanning – Nessus scanners running on any Linux platform received updates and bug fixes for IPv6 scanning. A previous blog post covered the details of scanning IPv6 networks with Nessus.
* nessus-fetch updates and improvements – Updates were implemented for the proxy authentication component in nessus-fetch. Also, a new feature was added that allows the end-user to specify a domain when a proxy requires NTLM authentication.

Karmic Koala

2010-03-10T08:27:00.003+07:00

Mascot Ubuntu 9.10