How do you kick a benign user off your system?

Info.Tech, Linux System Administration Comments Off on How do you kick a benign user off your system?

There’s probably an easier way, but I do this:

See who’s logged into your machine — use who -u:

root@alphaone:~# who -u
root     pts/1        2016-12-08 11:02   .          7953 (192.168.0.99)
camilord pts/2        2016-12-08 10:59   .          7625 (192.168.0.7)

Laugh at their impending disconnection (this step is optional, but encouraged)

root@alphaone:~# echo "HAHHAHAHAHAHA... BYE!" | write root pts/1
write: write: you have write permission turned off.

Kill the corresponding process:

root@alphaone:~# kill -9 7953

 

Reference: http://unix.stackexchange.com/questions/615/how-do-you-kick-a-benign-user-off-your-system

Bash: File Server Hourly Backup Script

Administration, Info.Tech, Linux System Administration Comments Off on Bash: File Server Hourly Backup Script

Been creating bash backup scripts but every time I create for the new server, I forgot the commands and research again. This time, I’m gonna save it in my blog so that I will search it in one place. Hehehe…

#!/bin/bash

cd /backup/

DATE=$(date "+%Y%m%d%H%M%S")
BACKUPNAME="jdrive_$DATE"

mkdir $BACKUPNAME

# find -mtime -1 | xargs cp -t --parents "$BACKUPNAME/"

find /jdrive/ -mmin -60 -exec cp --parents '{}' "$BACKUPNAME/" \;

tar -zcvf "ibackup/$BACKUPNAME.tar.gz" "$BACKUPNAME/"

rm -rf "$BACKUPNAME/"

# file and delete all files smaller than the specified filesize
find /backup/ibackup/ -name "*.gz" -size -500 -delete

# file and delete all files that are older than 45 days
find /backup/ibackup/ -mtime +45 -type f -exec rm -rf {} \;

Here you go… My home-brewed incremental backup script. We usually use duplicity but it failed us twice. So, we are using now both my home-brewed script and duplicity. Oh! by the way,  I used this script for our file server only.

MySQL + Percona XtraDB Cluster 5.6

Administration, Info.Tech, Linux System Administration, SQL: Structured Query Language Comments Off on MySQL + Percona XtraDB Cluster 5.6

I have been experimenting on MySQL + Percona XtraDB Cluster (version 5.6). In my case, I used VMWare/VirtualBox. I created two images and label as DB1 and DB2 using Ubuntu 14.04.2 32bit (Trusty Tahr). My goal is to replicate the database from DB1 to DB2. If DB1 will be down, then DB2 will take over DB1. While fixing DB1, DB2 will serve then if DB1 is back online, DB1 will be the “Joiner” to the “Donor” (DB2). …and vice versa.

Installation

First thing you need is to prepare the installation of Percona XtraDB Cluster. (must be root or right high privileges on performing this installation)

root@db1:~# apt-key adv --keyserver keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A

One thing you need to ensure is you have all Ubuntu official repositories plus Percona APT repository. So what I did is replace /etc/apt/source.list with:

# deb cdrom:[Ubuntu-Server 14.04.2 LTS _Trusty Tahr_ - Release i386 (20150218.1)]/ trusty main restricted

###### Ubuntu Main Repos
deb http://us.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse

## Ubuntu Security Updates
deb http://security.ubuntu.com/ubuntu trusty-security main
deb-src http://security.ubuntu.com/ubuntu trusty-security main
deb http://security.ubuntu.com/ubuntu trusty-security universe
deb-src http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse
deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
deb http://archive.canonical.com/ubuntu trusty partner
deb-src http://archive.canonical.com/ubuntu trusty partner

## Uncomment the following two lines to add software from Ubuntu's
## 'extras' repository.
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
deb http://extras.ubuntu.com/ubuntu trusty main
deb-src http://extras.ubuntu.com/ubuntu trusty main

###### Ubuntu Update Repos
deb http://us.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse

# Percona XtraDB Cluster
deb http://repo.percona.com/apt trusty main
deb-src http://repo.percona.com/apt trusty main

After updating the APT source list, execute:

root@db1:~# apt-get update

After that, you can install Percona XtraDB Cluster server and client packages:

root@db1:~# apt-get install percona-server-server-5.6 percona-server-client-5.6

This is where I got stuck when trying to connect the nodes. Remove apparmor!!! You can check first if apparmor is running:

root@db1:~# apparmor_status

If its running, remove it before causing problems to Percona.

root@db1:~# apt-get remove apparmor

Important Notes: Do the same installation in the 2nd node or DB2.

Then to run the primary node (donor), DB1 in our case:

root@db1:~# service mysql bootstrap-pxc
 * Bootstrapping Percona XtraDB Cluster database server mysqld                       [ OK ]
root@db1:~#

Then run the 2nd node or joiner (DB2):

root@db2:~# service mysql start
mysql start/running, process 1550
root@db2:~#

~ or ~

root@db2:~# service mysql restart
mysql stop/waiting
mysql start/running, process 1550
root@db2:~#

Note: Always start first the primary node (DB1) then the next node (DB2)

Testing

Check if primary node (DB1) is working…

root@db1:~# mysql -u root -p -e "show status where Variable_name like '%wsrep_cluster%' OR Variable_name like '%wsrep_ready%';"
Enter password:
+--------------------------+--------------------------------------+
| Variable_name            | Value                                |
+--------------------------+--------------------------------------+
| wsrep_cluster_conf_id    | 5                                    |
| wsrep_cluster_size       | 1                                    |
| wsrep_cluster_state_uuid | 1fa1e1fc-cf8e-11e4-9664-3ea415c4a429 |
| wsrep_cluster_status     | Primary                              |
| wsrep_ready              | ON                                   |
+--------------------------+--------------------------------------+

root@db1:~# mysql -u root -p -e "show binary logs;"
Enter password:
+------------------+-----------+
| Log_name         | File_size |
+------------------+-----------+
| mysql-bin.000001 |       120 |
+------------------+-----------+

Next, check the 2nd node (DB2)…

root@db2:/etc/mysql# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.6.22-72.0-56-log Percona XtraDB Cluster (GPL), Release rel72.0, Revision 978, WSREP version 25.8, wsrep_25.8.r4150

Copyright (coffee) 2009-2014 Percona LLC and/or its affiliates
Copyright (coffee) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

More TEST: I created a PHP script for DB1 and DB2 to test the replication.

DB1 PHP Script (test_percona.php):

<?php

$connect = mysql_connect('localhost','root','secret');

mysql_select_db('test', $connect);

// insert if table not exists...
@mysql_query("create table if not exists data_test(
 id bigint(20) unsigned not null auto_increment primary key,
 data varchar(128),
 created datetime
);");

// inject data infinitely
while (true) {
        $data = sha1(time().rand(100,99999));
        echo $data." -> ".date("j M Y g:i.s a - l\n");
        @mysql_query("INSERT INTO data_test (data,created) VALUES ('".$data."', NOW())");
}

?>

DB2 PHP Script (monitor_percona.php):

<?php

$connect = mysql_connect('localhost','root','secret');

mysql_select_db('test', $connect);

$last_id = 0;

while (true) {
        $result = mysql_query("SELECT * FROM data_test WHERE id > ".$last_id." ORDER BY id ASC");
        $max = mysql_num_rows($result);
        if ($max > 0) {
                for ($i = 0; $i < $max; $i++) {
                        echo mysql_result($result,$i,"data")." -> ".date("j M Y g:i.s a - l", strtotime(mysql_result($result,$i,"created")))."\n";
                        $last_id = mysql_result($result,$i,"id");
                }
        }
}

?>

Then you can run the script on both nodes. To run in DB1 node, do:

root@db1:~# php test_percona.php

Then for the 2nd node:

root@db2:~# php monitor_percona.php

After that, you must see same output both nodes.

percona_xc_test_result2

percona_xc_test_result

 Encountered Issues (tail -f /var/log/mysql/error.log):

2015-03-21 20:19:11 6613 [Warning] WSREP: Gap in state sequence. Need state transfer.
2015-03-21 20:19:11 6613 [Note] WSREP: Running: 'wsrep_sst_xtrabackup-v2 --role 'joiner' --address '192.168.9.103' --auth 'sstuser:secret' --datadir '/var/lib/mysql/' --defaults-file '/etc/mysql/my.cnf' --parent '6613'  '' '
2015-03-21 20:19:11 6613 [ERROR] execlp() failed: Permission denied
2015-03-21 20:19:11 6613 [ERROR] WSREP: Failed to read 'ready <addr>' from: wsrep_sst_xtrabackup-v2 --role 'joiner' --address '192.168.9.103' --auth 'sstuser:secret' --datadir '/var/lib/mysql/' --defaults-file '/etc/mysql/my.cnf' --parent '6613'  '' Read: '(null)'
2015-03-21 20:19:11 6613 [ERROR] WSREP: Process completed with error: wsrep_sst_xtrabackup-v2 --role 'joiner' --address '192.168.9.103' --auth 'sstuser:secret' --datadir '/var/lib/mysql/' --defaults-file '/etc/mysql/my.cnf' --parent '6613'  '' : 1 (Operation not permitted)
2015-03-21 20:19:11 6613 [ERROR] WSREP: Failed to prepare for 'xtrabackup-v2' SST. Unrecoverable.
2015-03-21 20:19:11 6613 [ERROR] Aborting

To solve the issue is to remove the apparmor

Reference: 

  • http://www.percona.com/doc/percona-server/5.6/installation/apt_repo.html
  • http://www.percona.com/doc/percona-xtradb-cluster/5.5/howtos/ubuntu_howto.html
  • http://www.percona.com/doc/percona-xtrabackup/2.1/innobackupex/pit_recovery_ibk.html

My Server’s 100 days

Administration, Info.Tech, Linux System Administration Comments Off on My Server’s 100 days
[root@server ~]# uptime
 20:43:38 up 100 days, 19:11,  2 users,  load average: 0.00, 0.01, 0.05

MySQL Constraints: Import

Info.Tech, Linux System Administration, SQL: Structured Query Language, Web Development Comments Off on MySQL Constraints: Import

I stumbled down again of database constraints when importing SQL dump file.

ERROR 1217 (23000) at line 128: Cannot delete or update a parent row: a foreign key constraint fails

The solution is add the following line in the beginning of the SQL dump file:

SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0

That should work.

Prendstah.com got A+ grade from ssllabs.com

Administration, Info.Tech, PHP, Web Development Comments Off on Prendstah.com got A+ grade from ssllabs.com

I was curious how Sid Bachtiar got the high grade of his SSL Report. It challenge me and give me interest how to do it. So I did. Oh Yeah! Got the A+ SSL Report grade.

prendstah_Aplus_on_ssllabs

SSL Test: https://www.ssllabs.com/ssltest/analyze.html?d=prendstah.com

 

skype_a-ssl

CentOS 7: Enable Apache UserDIR

Administration, Info.Tech, Linux System Administration Comments Off on CentOS 7: Enable Apache UserDIR

I was used the old ways for enabling Apache UserDir but this time in CentOS 7, its different. So I’m kinda outdated. Even on restarting services are different. So here it is… 🙂

First enable usedir.conf of apache.

nano /etc/httpd/conf.d/userdir.conf

Change from:

<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    UserDir disabled
 
    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disabled" line above, and uncomment
    # the following line instead:
    #
    UserDir public_html
 
</IfModule>
 
<Directory /home/*/public_html>
        Options Indexes Includes FollowSymLinks
         Require all granted
</Directory>

To:

<IfModule mod_userdir.c>
    #
    # UserDir is disabled by default since it can confirm the presence
    # of a username on the system (depending on home directory
    # permissions).
    #
    #UserDir disabled
 
    #
    # To enable requests to /~user/ to serve the user's public_html
    # directory, remove the "UserDir disabled" line above, and uncomment
    # the following line instead:
    #
    UserDir public_html
 
</IfModule>
 
<Directory /home/*/public_html>
        Options Indexes Includes FollowSymLinks
         Require all granted
</Directory>

Then restart apache…

systemctl restart httpd.service

Then create user’s public_html and its permissions (in my case, my user is prendstah):

mkdir /home/prendstah/public_html
chmod 711 /home/prendstah
chown prendstah:prendstah /home/prendstah/public_html
chmod 755 /home/prendstah/public_html

Then here’s the other new things, especially you are using SELinux

setsebool -P httpd_enable_homedirs true
chcon -R -t httpd_sys_content_t /home/prendstah/public_html

That’s it.. That should give you a user directory a public access.

Cisco 1841 configuration for Vodafone NZ UFB

Administration, Cisco: Network Administration, Info.Tech Comments Off on Cisco 1841 configuration for Vodafone NZ UFB

I believed I am not the only one needs this information. It took me ages to crack this configuration. I’ve been calling Vodafone technical support and all I can get is “I will forward you to blah blah blah…” and then no one will answer. I waited for nothing. I also sent an email to Vodafone and replied after 2 weeks which I already resolved the issue. I joined the Vodafone community and still not that helpful but I got a clue from Dylan (thanks mate!). So below is my working Cisco 1841 configuration for VodafoneNZ UFB (UltraFast Broadband or Fibre Connection with a speed of 100mbps download and 50mbps upload.)

Building configuration...

Current configuration : 1742 bytes
!
version 12.x
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname camilord.net
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$xxxxxxxxxxxxxxxxxxxxx0
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.49
ip dhcp excluded-address 192.168.0.200 192.168.0.254
!
ip dhcp pool INTERNAL
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
!
!
no vlan accounting
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address dhcp
 ip nat outside
 no snmp trap link-status
!
interface FastEthernet0/1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface ATM0/0/0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface Serial0/1/0
 no ip address
 shutdown
 no fair-queue
 clock rate 2000000
!
interface Serial0/1/1
 no ip address
 shutdown
 clock rate 2000000
!
ip default-gateway [YOUR_ISP_GATEWAY]
ip route 0.0.0.0 0.0.0.0 [YOUR_ISP_GATEWAY]
!
!
ip http server
no ip http secure-server
ip nat inside source list 100 interface FastEthernet0/0.10 overload
ip nat inside source static [HOME_SERVER_IP] interface FastEthernet0/0.10
!
access-list 100 remark Traffic allowed to NAT
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 deny   ip any any
!
!
!
control-plane
!
!
banner motd ^CCAMILO3RD NETWORK: Restricted Area! Authorised Access only!^C
!
line con 0
 password xxxxxxxxxx
 login
line aux 0
line vty 0 4
 password xxxxxxxxxx
 login
!
end



Note:
[YOUR_ISP_GATEWAY] is an IP address, this value should be replaced, please refer to your current modem configuration.
[HOME_SERVER_IP] is my home server, forwarding all incoming request traffic to my home server. In my case, I got public/static IP address to forward all the traffic.

If you need access to your Vodafone default modem-router (in my case its HG659), use:

Username: Admin
Password: VF-NZhg659

or visit http://www.neatstuff.co.nz/HG659.html

Hope this will help you.

If you find this article helpful and have extra penny, click the donate button below:




Linux: Serial Port Communication

Cisco: Network Administration, Computer Hardware, Experimentals, Info.Tech, Linux System Administration Comments Off on Linux: Serial Port Communication

Since HyperTerminal was removed in Windows 7, I decided to look up on Linux tools for serial port communication and found minicom command. Here’s how to install & use it (in my case I used Linux Mint):

# apt-get install minicom

Then after installation, cast a command:

# minicom -s

            +-----[configuration]------+
            | Filenames and paths      |
            | File transfer protocols  |
            | Serial port setup        |
            | Modem and dialing        |
            | Screen and keyboard      |
            | Save setup as dfl        |
            | Save setup as..          |
            | Exit                     |
            | Exit from Minicom        |
            +--------------------------+

Then you have to setup the serial port,

    +-----------------------------------------------------------------------+
    | A -    Serial Device      : /dev/ttyUSB0                              |
    | B - Lockfile Location     : /var/lock                                 |
    | C -   Callin Program      :                                           |
    | D -  Callout Program      :                                           |
    | E -    Bps/Par/Bits       : 9600 8N1                                  |
    | F - Hardware Flow Control : Yes                                       |
    | G - Software Flow Control : No                                        |
    |                                                                       |
    |    Change which setting?                                              |
    +-----------------------------------------------------------------------+

So in my case, I used USB to Serial connector, so I set Serial Device to ttyUSB0

After that, go to Exit and you’ll be connected to the device you want to connect like Cisco routers/switch.

HyperTerminal

Administration, Cisco: Network Administration, Info.Tech Comments Off on HyperTerminal

I believed a lot of you out there is looking for HyperTerminal on Windows 7, 8 and other latest Windows version. My usage for this HyperTerminal software is configuring Cisco Network equipments. Feel free to download this HyperTerminal from Windows XP. ^_^

hypertrm2

Make sure you configure the application’s compatibility first…

hypertrm1

Download HyperTerminal (531)

WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in