apache2+fcgi+redmine

### apache2+fcgi+redmine ###

refer earlier post for redmine installation

apt-get install libapache2-mod-fcgid

### install fast-cgi (for ruby) ###

wget http://www.fastcgi.com/dist/fcgi-2.4.0.tar.gz
tar -xzvf fcgi-2.4.0.tar.gz
cd fcgi-2.4.0.
./configure
make
make install
gem install fcgi

### apache-configuration ###
in /etc/apache2/conf.d create a file redmine with content

Alias /redmine /var/www/redmine/public ##optional

SetEnV RAILS_ENV production
AllowOverride all
Options +ExecCGI FollowSymLinks
AddHandler fcgid-script .fcgi
#AddHandler cgi-script .cgi
Order allow,deny
Allow from all


In /var/www/redmine/public/.htaccess
a. make suitable changes for fcgi
b. enable rewritebase (if needed)
c. restart apache /etc/init.d/apache2 restart

chown -R www-data:www-data /var/www/redmine

now point your browser to your.server.com/redmine Hope thats it

Nagios with oreon ???? --on fly

apt-get install apache2
apt-get install build-essential
apt-get install libgd2-xpm-dev
apt-get install php5-common php5 libapache2-mod-php5
apt-get install upgrade distro
apt-get install nagios2 :(



is it nagios-php, phpnagios or lilac..? http://www.lilacplatform.com/trac/wiki

http://www.ubuntugeek.com/nagios-configuration-tools-web-frontends-or-gui.html

Lilac ..?

apt-get install mysql-server
apt-get install php-pear
apt-get install curl
apt-get install php5-mysql
chown -R www-data:www-data /var/www/directory
apt-get install php5-curl
/etc/init.d/apache2 restart
apt-get install nmap

http://localhost/directory/install.php

Failed to import database schema. Make sure the mysql binary is in the search path for the web user.
...?

.. to be continued nale nodona

Oracle migration tips

[15:53:36] ۩۞۩๑日満主๑۩۞۩: To implement the solution, please execute the following steps:

1. Check which Unix user owns the ORACLE_HOME:

% echo $ORACLE_HOME
/u01/app/oracle/product/9.2.0

% ls -ld $ORACLE_HOME
drwxr-xr-x 58 oramigts dba 1024 Jan 2 2004 9.2.0

The ORACLE_HOME is owned by Unix user "oramigts" and Unix group "dba"

2. Check the $ORACLE_HOME/rdbms/lib/config.s file

[If your platform has config.c: Due to the way different compilers under different architectures generate assembler code, it's not possible to give a universal rule.]

It shows OSDBA group as "g680" (whereas the output from step 1 shows the Unix group "dba")

3. Modifiy the config.s so that it references the correct group. Change the line:

.ascii "g680\0"

to

.ascii "dba\0"

4. Rename the config.o file:

mv config.o config.o.bak

5. Regenerate the config.o file and the 'oracle' binary

make -f ins_rdbms.mk config.o ioracle

6. Check the file config.o is created at $ORACLE_HOME/rdbms/lib

ls -al $ORACLE_HOME/rdbms/lib/config.o

7. Verify that you can now connect to the database as SYSDBA using SQL*Plus

8. Try to upgrade the database again using DBUA

logical volume creation

lvdisplay
lvcreate -n /var/www/sw -size 500g my
lvcreate -n var-www-sw --size 500g my
mkfs.ext3 /dev/my/var-www-sw
mkdir /var/www/sw
mount /dev/my/var/www/sw /var/www/sw

check /etc/fstab
add entry as follows if not exists
/dev/mapper/my-var-www-sw /var/www/sw ext3 defaults 0 2

server migration -Tips and notes

April 15th 7:04
ssh into the computer
apt-get install apache2
apt-get install mysql-server-5.0
apt-get install php5
apt-get install php5-mysql
--

April 16th 2:58

apt-get update
apt-get upgrade
wget http://downloads.sourceforge.net/project/typo3/TYPO3%20Source%20and%20Dummy/TYPO3%204.3.3/typo3_src-4.3.3.tar.gz?use_mirror=space

wget http://downloads.sourceforge.net/project/typo3/TYPO3%20Source%20and%20Dummy/TYPO3%204.3.3/typo3_src%2Bdummy-4.3.3.zip?use_mirror=nchc

apt-get install zip
apt-get install imagemagick
unzip typo3+dummy....zip

April 27th

mv typo3_dumm.. yourname
cd prion/typo3conf

admin/adminpass

chown -R www-data:www-data typo3temp/
chown -R www-data:www-data typo3conf
chown -R www-data:www-data uploads
chown -R www-data:www-data fileadmin
chown -R www-data:www-data typo3/ext/

### for suhosin patch for php5
apt-get install php5-suhosin
/etc/init.d/apache2 restart

apt-get install php5-gd

vim /etc/php5/apache2/php.ini
vim /etc/php5/conf.d/suhosin.ini
/etc/init.d/apache2 restart


# not needed below
apt-get install dpkg-dev build-essential
cd /usr/src
apt-get source php5
wget http://www.hardened-php.net/hardened-php-signature-key.asc
gpg --import < hardened-php-signature-key.asc
wget http://www.hardened-php.net/suhosin/_media/suhosin-patch-5.2.0-0.9.6.2.patch.gz
gunzip suhosin-patch-5.2.0-0.9.6.2.patch.gz
cd php5-5.2.0
patch -p 1 -i ../suhosin-patch-5.2.0-0.9.6.2.patch
dpkg-buildpackage
### Till here


May 10th

Generating SSL
http://www.akadia.com/services/ssh_test_certificate.html

openssl genrsa -des3 -out server.key 1024
************

openssl req -new -key server.key -out server.csr


cp server.key server.key.org
cp server.key server.key.orig

openssl rsa -in server.key.org -out server.key

mkdir /etc/apache2/ssl
cp server.crt /etc/apache2/ssl/
cp server.key /etc/apache2/ssl/

a2enmod rewrite
a2enmod ssl

add the following lines in virtual host entry

RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://your.domain.com$1 [L,R]
RewriteLog "/var/log/apache2/rewrite.log"
RewriteLogLevel 2

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

rsync from *nx machine to windows machine

This document describes how to setup a ssh+rsync on windows such that a *nx machine can backup/copy files using rsync


Install cygwin you need opnessh and rsync components
once it is installed
add CYGWIN=ntsec tty as system variable
add path of cygwin in PATH varialble (usally it is c:\cygwin\bin)
Open a cygwin terminal and type
ssh-host-config
(manually answer Yes to all questions except)
If the script says "This script plans to use cyg_server, Do you want to use a different name? Answer no.
now type
cyglsa-config
Restart
You can add the system users by typing
mkgroup -l >> ../etc/group
mkpasswd -l >> ../etc/passwd

You can add keys (consider your security environment)

Now you are ready to use rsync from your *nx backup server to the windows machine.

References:
http://pigtail.net/LRP/printsrv/cygwin-sshd.html
http://sysblogd.wordpress.com/2008/01/07/ubuntu-connect-to-your-windows-machine-securely-using-vnc-and-ssh-with-little-installation/
http://blog.myownserver.info/2010/04/how-to-install-cwrsync-for-windows-vista7-tutorial/

Notes: To allow port 22 in windows firewall the following commands are useful.

netsh advfirewall firewall add rule name=”Opensshd” dir=in action=allow protocol=TCP localport=22

netsh firewall add portopening tcp 22 "opensshd"

sieve filtering Howto

STEP 1 Write a script as follows:

## test script to work on folders
require "fileinto";
if header :contains ["Received"] ["gmail.com"] {discard;} This line is to block gmail
if header :contains ["Received"] ["FALSE"] [".domain.A","Domain.B","Domain.C","Domain.D"] {discard;} ### this is supposedly block all the mails apart from our domain.A/B/C/D
save this as a file block_gmail

STEP 2

Login to seive shell and put the script

sieveshell --auth=manager --user=manager localhost
put scriptname
quit


STEP 3
cyradm -u manager localhost
mboxconfig shared/test_seive seive block_gmail

(for all shared folder)
mboxconfig shared/* seive block_gmail

info shared.somefolder

sources:
http://wiki.kolab.org/index.php/Filtering_Emails_on_the_Server
http://www.cmu.edu/computing/doc/email/sieve/developing.html
http://www.cs.cmu.edu/~help/mail_news/corvid/sieve_intro.html
http://wiki.bath.ac.uk/display/bucstech/Sieve+scripts


Currently stuck at :(
localhost> mboxcfg shared/test_seive seive block_gmail
mboxconfig: Permission denied

rm to mp3 conversion using lame

Converting rm to mp3 in ubuntu.. from the link http://ubuntu-virginia.ubuntuforums.org/showthread.php?t=1110872

#!/bin/sh
inputfile=$1
inputfilename=`basename $1 rm`
ext='mp3'
outputfilename=$inputfilename$ext

echo 'CONVERTING TO WAV FORMAT'
mplayer $inputfile -ao pcm

echo 'CONVERTING WAV FORMAT TO MP3'
lame -h -b 256 audiodump.wav $outputfilename

rm -f audiodump.wav

echo 'DONE...!'

you can use ffmpeg too

ffmpeg -i pancharangi.rm -b 128k pancharangi.mp3

openvpn how to

1. apt-get install openvpn

The default directory for easy-rsa certificates is "/usr/share/doc/openvpn/examples/easy-rsa/2.0/". So we change theworking directory:

#cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/

2. Now we will create the certificate for CA

#. ./vars

#./clean-all

#./build-ca

3. Then we will create the certificate for server

#./build-key-server server

4. Then we will create the certificate for client

#./build-key client

5. We will build diffie hellman

#./build-dh

6. Now if you wonder about the place of keys which you already created just change your directory to /keys

#cd /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/

#ls -al

ca.key ca.crt server.key server.csr server.crt client.key client.crt client.csr

7. Now we have the keys and certificates. So we will send them to our clients who want to connect OPENVPN Server. Just be sure that:

ca.key-> only,must be in CA Server

client.crt-> only,must be in Client

client.key-> only,must be in Client

server.crt-> only,must be in OPENVPN Server

server.key-> only,must be in OPENVPN Server

ca.crt-> must be in CA Server and all of the clients.

8. After you transfered the files above safely, you must modify your main configuration file on OPENVPN Server, which is "server.conf".

#cd /usr/share/doc/openvpn/examples/sample-config-files/

#vim server.conf

port 1194
proto udp
dev tun
ca /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
cert /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/server.crt
key /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/server.key
dh /usr/share/doc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.1.1"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3

9. After you typed the configuration above inside your "server.conf" file, copy it to "/etc/openvpn" directory

#cp server.conf /etc/openvpn/

10. Restart your server.

http://cihan.me/how-to-setup-openvpn-server-on-debian-lenny/

Multigateway routing in debian

Multigateway routing in debian

Enable forwarding by echoing to ip_forward

echo "1" >> /proc/sys/net/ipv4/ip_forward

create the table entries in rt_table by typing following

echo "10 chitti" >> /etc/iproute2/rt_table
echo "20 bhitti" >> /etc/iproute2/rt_table


You can add the routing table by following snippet


ip r show | grep -Ev ^default | while read ROUTE; \
do; \
ip r a $ROUTE table chitti;\
ip r a $ROUTE table bhitti;\
done;

Now set the default gateways for each table

ip r a default via chittigw table chitti
ip r a default via bhittigw table bhitti


Need to mark the packets coming from the proper source networks

iptables -t mangle -A PREROUTING -s ip.of.chitti.network/netmask -d 0.0.0.0/0 -j MARK --set-MARK 10
iptables -t mangle -A PREROUTING -s ip.of.bhitti.network/netmask -d 0.0.0.0/0 -j MARK --set-MARK 20

NAT them with whatever interface

iptables -t nat -A POSTROUTING -s ip.of.chitti.network/netmask -d 0.0.0.0/0 -j SNAT --to ip.of.chittii.interface
iptables -t nat -A POSTROUTING -s ip.of.bhitti.network/netmask -d 0.0.0.0/0 -j SNAT --to ip.of.bhittii.interface

Add the fwmark from the table in route

ip rule add from fwmark 10 table chitti
ip rule add from fwmark 20 table bhitti

Bingo..

Multiple gateways should be working now.

PS : If you have setup the WANs on a single interface with aliases the case is much easier..

Reference : http://linux-ip.net/html/adv-multi-internet.html

Sample TC config for BW control using HTB

tc qdisc add dev eth0 root handle 1: htb default 12
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 512kbit ceil 1024kbit
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 256kbit ceil 512kbit


tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 10.20.10.80 flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip dst 10.20.10.85 flowid 1:20

### egress

tc qdisc add dev eth1 root handle 1: htb default 12
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 512kbit ceil 1024kbit
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 256kbit ceil 512kbit

tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip src 10.20.10.80 flowid 1:10
tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip src 10.20.10.85 flowid 1:20

disk copy with dd

dd if=/dev/sda of=/dev/sdb &

Adding hours in M$ excel

Some time you need to convert AM to PM in excel.
Then the following formula can come handy

If cell e5 contains time as 4:00 AM  Then

=e5+Time(12,0,0)  will return  16:00 hrs

similary you can do add and subtract operations on the time format in cell

A text modifier script

The task was to
1. get the first letter of the second column and complete third column of a text file
2. convert everything to lower case
3. Combine them to form a single word

So I did the following

cat file1 | awk '{print $2}' | cut -c1 | tr '[A-Z]' '[a-z]' > first
cat file1 | awk '{print $3}' | tr '[A-Z]' '[a-z]' > second
paste first second | awk '{print $1$2} > merged

nested if example in excel

=IF(OR(A1="missing",B1="missing"),IF(OR(G1<>"",H1<>""),"TP","TRUE"),"FALSE")

Backdating VMWare guest system

with vmware workstation, the guest Machine always takes the time from host.

In cases where you want to backdate the guest, and host should have the correct time and date settings,

one can try the following settings in .VMX file.

tools.syncTime = 0
time.synchronize.continue = 0
time.synchronize.restore = 0
time.synchronize.resume.disk = 0
time.synchronize.shrink = 0
time.synchronize.tools.startup = 0

and if the guest is rebooted then also the backdated settings will remain.

VMWare guest OS :- memory access violation error

Vmware guest gives an error while booting when the RAM allocated for guest is more and shared between guest and host.

Also while increasing the RAM VMware workstation gives a warning that the ram will be shared and performance may vary.

If you ignore this and still boot the guest machine,  once booted it will throw an error as access right violation and powersdown the virtual machine.

To avoid this, I added the following two lines into .VMX file.

MemTrimRate=0
sched.mem.pshare.enable = "FALSE"

Now the guest is booted and working fine.

Batch migration using imap sync

The following script reads the variables id and pass, which are in passtest.txt file in single line with a whitespace to separate,

and
sync the mailboxes from google app mail server to a zimbra mail server

while IFS=" " read id pass;
do
imapsync --syncinternaldates --useheader 'Message-Id' \
--host1 imap.googlemail.com --user1 $id@zimbraserver.in \
--password1 $pass --ssl1 \
--host2 mail.zimbraserver.in \
--port2 993 --user2 $id@zimbraserver.in \
--password2 $pass --ssl2 \
--authmech1 LOGIN --authmech2 LOGIN
done < passtest.txt

Batch migration using imap sync

The following script reads the variables id and pass, which are in passtest.txt file in single line with a whitespace to separate,

and
sync the mailboxes from google app mail server to a zimbra mail server

while IFS=" " read id pass;
do
imapsync --syncinternaldates --useheader 'Message-Id' \
--host1 imap.googlemail.com --user1 $id@zimbraserver.in \
--password1 $pass --ssl1 \
--host2 mail.zimbraserver.in \
--port2 993 --user2 $id@zimbraserver.in \
--password2 $pass --ssl2 \
--authmech1 LOGIN --authmech2 LOGIN
done < passtest.txt

Increasing the swap size of the machine

Increasing the swap size of the machine

dd if=/dev/zero of=/.swapfile bs=1M count=1024
mkswap -v1 /.swapfile
swapon /.swapfile

Disable Oracle's password expiry

ALTER PROFILE DEFAULT LIMIT
  FAILED_LOGIN_ATTEMPTS UNLIMITED
  PASSWORD_LIFE_TIME UNLIMITED;

To turn off the auditing.
 

NOAUDIT ALL;
DELETE FROM SYS.AUD$;

cert7 file generation

cert7 file generation

It is tricky sometime as the latest nss tools will generate cert8.db
If you need cert7 only because of some reason like ldap auth, or solaris lesser than 10 auth then you might be in need of generating cert7.db files only.

Here is a how you can do it with windows.

Download NSS with version  3.2.2 from ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases
you can go to command prompt and set path as

set path=%PATH%;C:\path\to\nssfolder\lib
also you might need nspr 4.6 for missing dll and library files.

You can download it from http://ftp.mozilla.org/pub/mozilla.org/nspr/releases/

also from the same command prompt set the path to the lib directory of nspr

set path=%PATH%;c:\path\to\nsprfolder\lib

Now you can execute

certutil -A -n "certificateName" -t "C,C,C" -a -i certFile -d path




Where certificate Name is optional
certfile is the .pem certificate file and
path is the path where you want your cert7.db files to be stored.


Read more to understand what each of these functions do  here.

Six skills for CIOs

CIOs are cerebellum of  corporate world.  Techtarget survey reveals that the following are the most required skills for CEO in the below order.

The numbers in the bracket depicts the percentage of the people who voted for the skill.

No. 1: IT security and compliance expertise take top billing for CIOs(47.4%)

No. 2: IT project management expertise deemed a necessity for CIOs (31%)

No. 3: Partner management and IT vendor management crucial to success( (27%)

No. 4: Enterprise data management skills increasingly vital for CIOs (23.1%)

No. 5: Corporate financial skills a must for CIOs(19.1%)

No. 6: Legal expertise a sought-after skill in CIOs(11.9%)

Any comments ..?

Batch Script for editing something in a file in DOS

The below Batch script will find something inside a file and replace it with something of your wish 

@echo off
setlocal enabledelayedexpansion

if not exist "%1" (echo this file does not exist...)&goto :eof

set  /p findthis=Enter here what you want to find:
set  /p replacewith=Enter here what you want to replace:
for /f "delims= tokens=* eol=^ " %%a in (%1) do (
   set write=%%a
   if %%a==!findthis! set write=!replacewith!
   echo !write!
   echo !write!>>%~n1.replaced%~x1
)

donot add a space after the varialbe in the last line.. this will add a space after the line in your output.  I took three hours to find and fix this bug.