Step 1. Install Apache2 , if not already installed. (apache2,SVN,Linux)
Step 2. Install libapache2-svn, subversion ,subversion-tools(apache2,SVN,Linux)
If you are using debian try "apt-get install libapache2-svn subversion subversion-tools" or in Redhat/Fedora
try "yum install install libapache2-svn subversion subversion-tools".(apache2,SVN,Linux)
Step 3. Create SVN Repo Directory(apache2,SVN,Linux)
as root user(apache2,SVN,Linux)
mkdir /src (apache2,SVN,Linux)
chown -R ApacheUser /src (apache2,SVN,Linux)
svnadmin create /src/trunk (apache2,SVN,Linux)
Step 3. Now create apache config , put this config (apache2,SVN,Linux)
Under Location directive: (apache2,SVN,Linux)
DAV svn (apache2,SVN,Linux)
SVNPath /src/trunk (apache2,SVN,Linux)
AuthType Basic (apache2,SVN,Linux)
AuthName "SVN Authentication" (apache2,SVN,Linux)
AuthUserFile /etc/apache2/.svn.passwd (apache2,SVN,Linux)
Require valid-user (apache2,SVN,Linux)
Restart apache (apache2,SVN,Linux)
Step 4. Create SVN user (apache2,SVN,Linux)
htpasswd -c -m /etc/apache2/.svn.passwd user
You can add more user later
Step 5. Test you installation (apache2,SVN,Linux)
Open in your browser
http://yourservername/src/trunk
Step 6. If all set then import your files to this SVN Repo (apache2,SVN,Linux)
svn --username user import
Tuesday, December 9, 2008
Quick Setup SVN with Apache2 on Linux
Apache rewrite with cookie value set
Using Apache redirect rule, you can redirect a specific request to another url setting cookie value. (Apache rewrite with cookie)
This will redirect any specific request and sets client cookie with defined values. (Apache rewrite with cookie)
For Example:
RewriteRule ^/abc/ff/(.+) http://www.somedomain.com/abc.php?code=$1 (Apache rewrite with cookie) [CO=DemoCookie:$1:.somedomain.com:100:/]
This will redirect
http://www.somedomain.com/abc/ff/123
to
http://www.somedomain.com/abc.php?code=123
and set cookie at client browser with name DemoCookie , value 123, domain somedomain.com and time set 100. (Apache rewrite with cookie)
This will redirect any specific request and sets client cookie with defined values. (Apache rewrite with cookie)
For Example:
RewriteRule ^/abc/ff/(.+) http://www.somedomain.com/abc.php?code=$1 (Apache rewrite with cookie) [CO=DemoCookie:$1:.somedomain.com:100:/]
This will redirect
http://www.somedomain.com/abc/ff/123
to
http://www.somedomain.com/abc.php?code=123
and set cookie at client browser with name DemoCookie , value 123, domain somedomain.com and time set 100. (Apache rewrite with cookie)
Wednesday, December 3, 2008
New features in MySql 5.1
There are several new features added to MySql 5.1 .
Some important items are given below :
1. Table partitioning and sub-portioning as well .
2. FAST execution for ALTER TABLE .
3. Task Scheduler - CREATE EVENT Statement to add task , a good use for DB maintenance activities
Some important items are given below :
1. Table partitioning and sub-portioning as well .
2. FAST execution for ALTER TABLE .
3. Task Scheduler - CREATE EVENT Statement to add task , a good use for DB maintenance activities
Apache Modsecurity with GeoIP blocking country specific traffic
Modsecurity + GeoIP
ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.
It provides protection from a range of attacks against web applications and allows for HTTP
traffic monitoring, logging and real-time analysis.
Requirements:[
To install modsecurity with geop support we need following packages [
1.ModSecurity v2.5 or greater ( Download from http://www.modsecurity.org/)[
2.mod_geoip2 ( Download from http://www.maxmind.com/)[
3.GeoIP-1.4 or greater ( Download from http://www.maxmind.com/) [
Additionaly we need apxs to compile apache modules.
Apache unique_id_module and libxml2 must be installed in the system.
Download GeoLiteCity.dat database file from http://www.maxmind.com/ and place it in
/usr/share/
After installing all these packages, include four files under tour apache configuration directory and include them under main config file (httpd.conf)
1. mod-security.load
LoadFile /usr/local/lib/libxml2.X[[BR]]
LoadModule security2_module /usr/local/lib/apache2/mod_security2.so[[BR]][[BR]]
2. mod_sec.conf[
SecRuleEngine On[
Include //*.conf
3. mod_geoip.load[
LoadModule geoip_module //mod_geoip.so
4. mod_geoip.conf
GeoIPEnable On
GeoIPDBFile /usr//share/GeoLiteCity.dat
Now for modsecurity configuration files visit http://www.gotroot.com/ [[BR]]
A complete set of configuration files can be downloaded from http://downloads.prometheus-group.com/delayed/rules/modsec-2.5-free-latest.tar.gz
Extract all files and move them to // depending on application security
level and available system resource. Including all rule files may slowdown the apache server
Create a file name geo_ip_rules.conf under //
and put for example
SecGeoLookupDb /usr/share/GeoLiteCity.dat
SecRule REMOTE_ADDR "@geoLookup" "chain,drop,msg:'COUNTRY IP address'
SecRule GEO:COUNTRY_CODE "@streq" "t:none"
This configuration will block all ipaddress from mentioned country.
As per requirement we can change this country code.
After all these installation and configuration we need to restart the apache server to take effect.
We can monitor the apache error.log for mod geoip ip address blocking.
ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.
It provides protection from a range of attacks against web applications and allows for HTTP
traffic monitoring, logging and real-time analysis.
Requirements:[
To install modsecurity with geop support we need following packages [
1.ModSecurity v2.5 or greater ( Download from http://www.modsecurity.org/)[
2.mod_geoip2 ( Download from http://www.maxmind.com/)[
3.GeoIP-1.4 or greater ( Download from http://www.maxmind.com/) [
Additionaly we need apxs to compile apache modules.
Apache unique_id_module and libxml2 must be installed in the system.
Download GeoLiteCity.dat database file from http://www.maxmind.com/ and place it in
/usr/share/
After installing all these packages, include four files under tour apache configuration directory and include them under main config file (httpd.conf)
1. mod-security.load
LoadFile /usr/local/lib/libxml2.X[[BR]]
LoadModule security2_module /usr/local/lib/apache2/mod_security2.so[[BR]][[BR]]
2. mod_sec.conf[
SecRuleEngine On[
Include /
3. mod_geoip.load[
LoadModule geoip_module /
4. mod_geoip.conf
GeoIPEnable On
GeoIPDBFile /usr//share/GeoLiteCity.dat
Now for modsecurity configuration files visit http://www.gotroot.com/ [[BR]]
A complete set of configuration files can be downloaded from http://downloads.prometheus-group.com/delayed/rules/modsec-2.5-free-latest.tar.gz
Extract all files and move them to /
level and available system resource. Including all rule files may slowdown the apache server
Create a file name geo_ip_rules.conf under /
and put for example
SecGeoLookupDb /usr/share/GeoLiteCity.dat
SecRule REMOTE_ADDR "@geoLookup" "chain,drop,msg:'COUNTRY IP address'
SecRule GEO:COUNTRY_CODE "@streq
This configuration will block all ipaddress from mentioned country.
As per requirement we can change this country code.
After all these installation and configuration we need to restart the apache server to take effect.
We can monitor the apache error.log for mod geoip ip address blocking.
Apache DOS Attack
Prevent DOS attacks, specially for your Apache web server is not very easy !! or really easy
Mod-Evasive is the most common solution to this problem , but it seems for user feedback that it does not work properly or very difficult to configure as per your server need.
Another very helpful solution is (D)Dos-Deflate script which is really effective .
A lot of people are using it to prevent their sites from DOS attacks .
http://deflate.medialayer.com/
Mod-Evasive is the most common solution to this problem , but it seems for user feedback that it does not work properly or very difficult to configure as per your server need.
Another very helpful solution is (D)Dos-Deflate script which is really effective .
A lot of people are using it to prevent their sites from DOS attacks .
http://deflate.medialayer.com/
Quick InnoDB Tuning Guide
InnoDB performance depends on a list of things including your hard drive speed and raid controller performance .
In brief there are some major tuning directives , which can improve InnoDB performance.
1. innodb_log_flush_at_trx_commit - If you set it to 0 , InnoDB does not flush each commit to Disk rather it would flush after ter one second , If you are running non financial site and can afford to loss 1-2 seconds data loss incase of failure , this trick will work good
2. innodb_flush_method -- the default method work well for innodb
3. Check if the version of mysql is tested against your operating system.
Also you need to set
innodb_buffer_pool_size
innodb_additional_mem_pool_size
innodb_thread_concurrency
innodb_log_file_size
innodb_log_buffer_size
innodb_flush_log_at_trx_commit
innodb_file_per_table
options as per your database server hardware environment and need to tune it perfectly for optimize innodb performance.
Please don't tests these options on your production environment , unless you are 100% sure about your changes and after effects
In brief there are some major tuning directives , which can improve InnoDB performance.
1. innodb_log_flush_at_trx_commit - If you set it to 0 , InnoDB does not flush each commit to Disk rather it would flush after ter one second , If you are running non financial site and can afford to loss 1-2 seconds data loss incase of failure , this trick will work good
2. innodb_flush_method -- the default method work well for innodb
3. Check if the version of mysql is tested against your operating system.
Also you need to set
innodb_buffer_pool_size
innodb_additional_mem_pool_size
innodb_thread_concurrency
innodb_log_file_size
innodb_log_buffer_size
innodb_flush_log_at_trx_commit
innodb_file_per_table
options as per your database server hardware environment and need to tune it perfectly for optimize innodb performance.
Please don't tests these options on your production environment , unless you are 100% sure about your changes and after effects
Quick Setup -- NRPE for NAGIOS in debian
You can use a simple script for this .
Please change this script as per your environment .
This script is for debian users only , Others can use it after some modification.
(Setup NRPE NAGIOS)
########################################
# NRPE INSTALLATION (Setup NRPE NAGIOS ) (Setup NRPE NAGIOS)
########################################
useradd nagios
groupadd nagios
apt-get -y install xinetd make openssl libssl-dev g++ gcc
wget http://osdn.dl.sourceforge.net/sourcefo ... 4.6.tar.gz
tar xzf nagios-plugins-1.4.6.tar.gz
cd nagios-plugins-1.4.6
./configure
make
make install
chown -R nagios.nagios /usr/local/nagios/
cd ..
wget http://osdn.dl.sourceforge.net/sourcefo ... 2.8.tar.gz
tar xzf nrpe-2.8.tar.gz
cd nrpe-2.8
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd
`sed -i 's/127.0.0.1//g' /etc/xinetd.d/nrpe`
cd ..
########################
## edit your nrpe.cfg file if required (Setup NRPE NAGIOS)
########################
chown -R nagios.nagios /usr/local/nagios/
echo "nrpe 5666/tcp #nrpe" >> /etc/services
/etc/init.d/xinetd restart
(Setup NRPE NAGIOS)
Please change this script as per your environment .
This script is for debian users only , Others can use it after some modification.
(Setup NRPE NAGIOS)
########################################
# NRPE INSTALLATION (Setup NRPE NAGIOS ) (Setup NRPE NAGIOS)
########################################
useradd nagios
groupadd nagios
apt-get -y install xinetd make openssl libssl-dev g++ gcc
wget http://osdn.dl.sourceforge.net/sourcefo ... 4.6.tar.gz
tar xzf nagios-plugins-1.4.6.tar.gz
cd nagios-plugins-1.4.6
./configure
make
make install
chown -R nagios.nagios /usr/local/nagios/
cd ..
wget http://osdn.dl.sourceforge.net/sourcefo ... 2.8.tar.gz
tar xzf nrpe-2.8.tar.gz
cd nrpe-2.8
./configure
make all
make install-plugin
make install-daemon
make install-daemon-config
make install-xinetd
`sed -i 's/127.0.0.1/
cd ..
########################
## edit your nrpe.cfg file if required
chown -R nagios.nagios /usr/local/nagios/
echo "nrpe 5666/tcp #nrpe" >> /etc/services
/etc/init.d/xinetd restart
A very quick howto about Linux LVM
First identify the disk part where you want to setup LVM
Secondly you need to install LVM package in your system.
Assuming here
1. /dev/sda10 - disk partition
2. Disk space is 200G
3. mount point is /home
Now follow the commands
pvcreate /dev/sda10
pvscan
vgscan
Create a volume group
vgcreate -s 16M vol_grp_1 /dev/sda10
vgdisplay
lvcreate -l 200G -n lv_1 vol_grp_1
lvdisplay
mke2fs -j /dev/vol_grp_1/lv_1
mount /dev/vol_grp_1/lv_1 /home
add to /etc/fstab
/dev/vol_grp_1/lv_1 /home ext3 defaults 0 2
Secondly you need to install LVM package in your system.
Assuming here
1. /dev/sda10 - disk partition
2. Disk space is 200G
3. mount point is /home
Now follow the commands
pvcreate /dev/sda10
pvscan
vgscan
Create a volume group
vgcreate -s 16M vol_grp_1 /dev/sda10
vgdisplay
lvcreate -l 200G -n lv_1 vol_grp_1
lvdisplay
mke2fs -j /dev/vol_grp_1/lv_1
mount /dev/vol_grp_1/lv_1 /home
add to /etc/fstab
/dev/vol_grp_1/lv_1 /home ext3 defaults 0 2
Quick Setup APF firewall
in your server command prompt
** You need to have iptables installed in your server **
wget http://www.r-fx.ca/downloads/apf-current.tar.gz
tar zxf apf-current.tar.gz
cd apf-x
./install.sh
edit /etc/apf/conf.apf
IFACE_IN="xxx"
IFACE_OUT="xxx" -- replace xxx with internet exposed interface
IFACE_TRUSTED="yyy" -- -- replace xxx with internal network where firewall not applicable ( if available ) .
change
# Common inbound (ingress) TCP ports
IG_TCP_CPORTS="22,80,4443" --- mention the ports that you want to keep open in external interface .
A lot of other directives are there to manipulate your config .
Only basic configs are mentioned here .
then start apf " apf -s" andf test your firewall
If all set just set DEVEL_MODE="0" in conf.apf then
stop apf " apf -f"
and start "apf -s"
** You need to have iptables installed in your server **
wget http://www.r-fx.ca/downloads/apf-current.tar.gz
tar zxf apf-current.tar.gz
cd apf-x
./install.sh
edit /etc/apf/conf.apf
IFACE_IN="xxx"
IFACE_OUT="xxx" -- replace xxx with internet exposed interface
IFACE_TRUSTED="yyy" -- -- replace xxx with internal network where firewall not applicable ( if available ) .
change
# Common inbound (ingress) TCP ports
IG_TCP_CPORTS="22,80,4443" --- mention the ports that you want to keep open in external interface .
A lot of other directives are there to manipulate your config .
Only basic configs are mentioned here .
then start apf " apf -s" andf test your firewall
If all set just set DEVEL_MODE="0" in conf.apf then
stop apf " apf -f"
and start "apf -s"
Subscribe to:
Posts (Atom)