Thursday, December 13, 2007
More detailed information about Pluggable Authentication Module can be found in below link
change the default password length
The default password length is usually 8 characters. In order to improve security longer passwords can be enforced. Pluggable Authentication Module (PAM) is used for login authentication. We will make changes to the pam_cracklib module to control how the user authenticates.
Important: Make sure to make a backup of your /lib/security directory and your /etc/pam.d/system-auth before making any changes. Making changes to PAM can cause a system to become inaccessible.
Create backup then list contents of the tar file:
# tar -cvf backup.tar /etc/pam.d/system-auth /lib/security/*
# tar -tf backup.tar
Open file /etc/pam.d/system-auth file with an editor such as vi. Inside the /etc/pam.d/system-auth file you will find line:
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type=
Replace the line with:
password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=10
Notes:
- Make the changes carefully. If a change is made and the system becomes inaccessible, go into rescue mode and replace the files with the backup files previously created.
- Once the proper changes have been made to the system-auth file and everything is working as desired, a backup of the new system-auth should be made. If the authconfig command is used, it will overwrite the system-auth file.
- If a single digit number is used in the password, an extra character must be used in the password.
blocking network access for a single user
iptables -I OUTPUT -o
service iptables save
How To Back Up MySQL Databases Without Interrupting MySQL
Normally, when you want to create a MySQL backup, you either have to stop MySQL or issue a read lock on your MySQL tables in order to get a correct backup; if you don't do it this way, you can end up with an inconsistent backup. To get consistent backups without interrupting MySQL, I use a little trick: I replicate my MySQL database to a second MySQL server, and on the second MySQL server I use a cron job that creates regular backups of the replicated database.
Preliminary Note
To follow this tutorial, you need a second MySQL server (the slave), and you have to set up MySQL replication from your first MySQL server (the system from where you want to take backups, the master) to the slave, e.g. as described in this tutorial: http://www.howtoforge.com/mysql_database_replication. Setting up MySQL replication is beyond the scope of this document.
The whole setup that I describe here has to be done on the slave MySQL server!
I have tested this on a Debian system; this should work on other distributions as well, but it's possible that some paths differ (in the script /usr/local/sbin/mysqlbackup.sh).
Doing Automated Backups Of The Replicated Databases On The Slave
After you have set up a working MySQL replication from the master to the slave, I assume that you want to do automatic backups of the slave database to the directory /home/sqlbackup. First, we must create that directory:
mkdir /home/sqlbackup
Next we create the shell script /usr/local/sbin/mysqlbackup.sh that stops the slave, makes an SQL dump of the whole MySQL database in /home/sqlbackup (the file name of the SQL dump will look like this: backup-20070423-18.sql; this is a dump taken on April 23, 2007, at 18.00h), restarts the slave afterwards (the slave will then catch up on everything that has happened on the master in the meantime so that no data is lost), and deletes all SQL dumps in /home/sqlbackup that are older than two days:
vi /usr/local/sbin/mysqlbackup.sh
#!/bin/sh
datum=`/bin/date +%Y%m%d-%H`
/usr/bin/mysqladmin --user=root --password=yourrootsqlpassword stop-slave
/usr/bin/mysqldump --user=root --password=yourrootsqlpassword --lock-all-tables \
--all-databases > /home/sqlbackup/backup-${datum}.sql
/usr/bin/mysqladmin --user=root --password=yourrootsqlpassword start-slave
for file in "$( /usr/bin/find /home/sqlbackup -type f -mtime +2 )"
do
/bin/rm -f $file
done
exit 0
(Please make sure that you replace yourrootsqlpassword with the password of the root MySQL user on the slave!)
Now we must make the script executable:
chmod 755 /usr/local/sbin/mysqlbackup.sh
Of course, we don't want to run the /usr/local/sbin/mysqlbackup.sh manually; instead, we create a cron job that runs the script automatically every three hours:
crontab -e
0 */3 * * * /usr/local/sbin/mysqlbackup.sh &> /dev/null
Of course, you are free to modify the cron job to run as often as you need it.
That's it, using this method you can now back up your MySQL database without interrupting the MySQL service on the master server.
The Google Story.....
Just completed reading " The google story" by David Wise. Quite an eyeopener on how Serjey and Larry managed to make their dreams into a $80 billion giant. The journey from the Stanford lab to the gates building to the garage to googleplex is worth a read however, some portion of the book might have been better with a more detailed take. Take the case where Overture sues Google for infringement of its propriety ad selling mechanism. Felt somehow lost as I had no idea who was Overture and why on earth did they not capitalize on their patented solution or the case where the founders had no interest in hiring a CEO but were being forced by Kleiner Perkins and Sequoia Capital. Somewhere the seriousness and implications of Larry's and Brin's decision on Googles future was not really discussed to extent that would have made a serious reader satisfied. Anyway's heres my 10 point gyan to anyone interested in knowing a bit about Google and its founders.
1)Google is a mis-spelt word. The original word is Googol which means 1 followed by 100 zeroes.
2)Larry Page's brother Carl page also sold his internet company during the dot com era for an eye popping $500 million.
3)Google's ad model was originally developed by a company named Overture ( Now a Yahoo company)
4)From their original hostel at Stanford, Larry Page and Sergey Brin were shifted to a newly constructed building named William Gates building.
5)Though a tech company Google followed the practices of media companies during its IPO. To protect itself from unwanted takeover threats the company issued class A and B types of shares. Valued similarly the two classes of shares differed only in their voting rights. The company also developed an auction based system of allotting its stake to prevent unwanted volatility just after listing.
6)Google had lost the Amazon Europe ad deal to Yahoo. Larry and Serjey were traveling on their private jet when they got this news. With much persuation the founders arranged a secret meeting with Amazon's CEO. Google raised its bid to such a level that Yahoo was eventually forced to back out of the deal saying that it did not make business sense for the latter.
7)Google's inhouse chef Charlie Ayers is one of the few chefs in the world who became a millionaire by selling personal Google shares given to him.
8)Its very rare to find Kleiner Perkins and sequoia capital investing in the same venture. Larry and Sergie played a sleek game pitting the two VC'c against each other resulting in the two firms investing $12.5 million each.
9)Google has a policy where employees are allowed to spend 20% of their time persuing their interests. Googlenews, Gmail and a host of other applications are a result of employee ideas which originated during this 20% time.
10)Google has one of the largest hardware infrastructure and computing power in the world. This can be gauged from the fact that the company crawl the entire web and saves it in its computers. When a user searches for something, the google computers searches through the saved pages and throws out relevant results within seconds.
Monday, September 10, 2007
cpanel Useful scripts
Hostname A Entry Missing! /scripts/fixndc then restart bind and apache
Install Cron on New Server /scripts/installrpm anacron vixie-cron ; /etc/rc.d/init.d/crond start
Bandwidth issues /scripts/cleanbw
/scripts/fixwebalizer (To fix problem in webalizer that stop updating stats)
/scripts/fixcommonproblems
/scripts/fixeverything
Fixing Mail List MailMan /usr/local/cpanel/bin/convertmailman2
Reinstall MailMan /scripts/reinstallmailman
Fix Permissions on accounts: /scripts/fixhome
Edit mySQL conf file: pico /etc/my.cnf
Edit php.ini: pico /usr/local/lib/php.ini
Edit Apache Conf: pico /etc/httpd/conf/httpd.conf
Checking Real Time Top Processes Login to SSH and run: top
Run cpanel backup /scripts/cpbackup
To try and fix domain controller: /scripts/fixndc
Quotas /scripts/initquotas - takes a while to run
/scripts/resetquotas
/scripts/fixquotas - takes a while to run
/scripts/adddns Add a Dns Entry
/scripts/addfpmail Install Frontpage Mail Exts
/scripts/addservlets Add JavaServlets to an account (jsp plugin required)
/scripts/adduser Add a User
/scripts/admin Run WHM Lite
/scripts/apachelimits Add Rlimits (cpu and mem limits) to apache.
/scripts/dnstransfer Resync with a master DNS Server
/scripts/editquota Edit A User’s Quota
/scripts/finddev Search For Trojans in /dev
/scripts/findtrojans Locate Trojan Horses
Suggest Usage
/scripts/findtrojans > /var/log/trojans
/scripts/fixtrojans /var/log/trojans
/scripts/fixcartwithsuexec Make Interchange work with suexec
/scripts/fixinterchange Fix Most Problems with Interchange
/scripts/fixtrojans Run on a trojans horse file created by findtrojans to remove them
/scripts/fixwebalizer Run this if a user’s stats stop working
/scripts/fixvaliases Fix a broken valias file
/scripts/hdparamify Turn on DMA and 32bit IDE hard drive access (once per boot)
/scripts/initquotas Re-scan quotas. Usually fixes Disk space display problems
/scripts/initsuexec Turn on SUEXEC (probably a bad idea)
/scripts/installzendopt Fetch + Install Zend Optimizer
/scripts/ipusage Display Ipusage Report
/scripts/killacct Terminate an Account
/scripts/killbadrpms Delete “Security Problem Infested RPMS”
/scripts/mailperm Fix Various Mail Permission Problems
/scripts/mailtroubleshoot Attempt to Troubleshoot a Mail Problem
/scripts/mysqlpasswd Change a Mysql Password
/scripts/quicksecure Kill Potential Security Problem Services
/scripts/rebuildippool Rebuild Ip Address Pool
/scripts/remdefssl Delete Nasty SSL entry in apache default httpd.conf
/scripts/restartsrv Restart a Service (valid services: httpd,proftpd,exim,sshd,cppop,bind,mysql)
/scripts/rpmup Syncup Security Updates from RedHat/Mandrake
/scripts/runlogsnow Force a webalizer/analog update.
/scripts/secureit Remove non-important suid binaries
/scripts/setupfp4 Install Frontpage 4+ on an account.
/scripts/simpleps Return a Simple process list. Useful for finding where cgi scripts are running from.
/scripts/suspendacct Suspend an account
/scripts/sysup Syncup Cpanel RPM Updates
/scripts/unblockip Unblock an IP
/scripts/unsuspendacct UnSuspend an account
/scripts/upcp Update Cpanel
/scripts/updatenow Update /scripts
/scripts/wwwacct Create a New Account
/scripts/runweblogs account username for awstats to run manually
Sometimes such behavior of apache/httpd (taking more and more memory until it dies or crashes the server) can be caused by corrupted MySQL database. Try to do the following:
1) Kill the mysql server
/etc/rc.d/init.d/mysql stop
2) Repair all SQL databases:
myisamchk -r /var/lib/mysql/*/*.MYI
3) Start mysql again:
/etc/rc.d/init.d/mysql start
Thursday, May 31, 2007
Why Dell Is Really Saying No to Linux
By now, many of you may be wondering why Dell is passing up such a great niche market by not offering Linux as an alternative OS option to Windows. We have talked about how this would only prove to benefit a company like Dell, but we have also acknowledged the fact that it will likely never happen.
Then I came across this piece from ArsTechnica. They rightfully point out that Dell is not equipped to handle Linux support for the desktop. And they continue their proper understanding in stating that Dell can barely handle supporting Windows issues. Then it occurred to me: why must Dell "support" Linux at all? Check this out...
This Excuse Smells of Swiss Cheese. The belief that Dell can't sell Linux based on support concerns is absurd. It’s not because problems won’t arise, but they could easily outsource this kind support to...Linux vendors themselves.
Obviously, the simple answer is to offer known-to-work hardware in Dell Linux boxes, but make it clear that on the support front, the users are on their own. Instead, Dell appears afraid of this. Why? Because they might be giving their customers over to someone competent that can actually answer the questions being asked without being put on hold 15 times? Come on, give me a break. Let's make this as easy as pie for Dell, shall we?
The "You are on Your Own" Disclaimer. Dell could force buyers, who are interested in buying the Linux alternative, to digitally sign an agreement stating that they understand that the hardware is known to work and that a list of Linux support agencies will be provided with the order. Boom, Dell just conquered the support issue.
So enough of the hot air. The reason why we will not see Dell selling desktop Linux boxes is simple - Microsoft's OEM department would come unhinged. Why? Because HP would soon follow suit. And if HP and Dell are both selling desktop Linux boxes as an alternative to Vista, the market would shift a great deal. Curiosity would prevail.
Like Linux, Vista presents a set of challenges to the PC user. And unless they dump the PC completely and just go with a Mac, most users are no worse off with Linux than with Vista. Outside of power users who need specialty apps, most people would honestly not care, so long as everything works out of the box.
The Time is Now, But Will it Even Matter? My reason to see Dell become more open to offering Linux is rather simple. If they offer it, HP will follow them, and before long, new PC buyers will be exposed to Linux offerings.
Linux is most certainly not for everyone. I get this. However, if Dell is willing to take a slight risk to look at the fact that Vista is not ready yet, they might then realize that Linux offers a viable alternative to banging-your-head-against-the-wall with Vista compatibility.
Understand this, though. Once Vista gets its issues worked out, this small window of opportunity with Dell and HP will indeed close. The time is now, so hopefully we will see enough profit margins hurting to where Dell is really ready to take a chance in offering yet, another OS option to provide along side Vista. Only time will tell, I suppose.
