tag:blogger.com,1999:blog-44042974550709802932024-03-20T17:29:49.451+08:00Gab Knowledge Basethis blog was created for my own personal notes.
If any of the post is useful for you, i happy to hear that
but if there is any mistake make on my notes, please correct meUnknownnoreply@blogger.comBlogger87125tag:blogger.com,1999:blog-4404297455070980293.post-22596711376421543802021-09-07T16:37:00.000+08:002021-09-07T16:37:02.937+08:00microservicehttps://aws.amazon.com/getting-started/container-microservices-tutorial/module-four/<br />
<br />
https://aws.amazon.com/blogs/aws/amazon-ecs-service-discovery/<br />
<br />
using docker<br />
<br />
then at aws<br />
1 cluster with all micro inside, with individual auto-scale<br />
then 1 app load balancer, assign traffic according to path<br />
<br />
Playing with Docker in AWS<br />
<br />
For using docker, i created simple EC2 server and install docker stuff<br />
# yum update<br />
# yum install docker -y<br />
# usermod -a -G docker ec2-user<br />
# service docker start<br />
# docker info<br />
<br />
Above command will install docker, add ec2-user into docker group, start the docker service and list out docker information.<br />
<br />
----------------------------------------------------<br />
Managing the container<br />
<br />
here is the basic command for docker<br />
<br />
!!! build<br />
# docker build -t gab-test<br />
<br />
!!! run<br />
# docker run gab-test<br />
<br />
!!! run and link server port 80 to container port 80<br />
# docker run -p 80:80 gab-test<br />
<br />
!!! if didnt specify port, it will use random port from server<br />
# docker run -ti -p 45678 -p 45679 --name gab-test centos:latest bash<br />
<br />
then you will need to use docker command to find out which dynamic port it use<br />
# docker port gab-test<br />
<br />
this is useful if the container has set which listen port it use but do not want conflict the server port if running in multiple container, as it random get port from the server.<br />
but then you will need some service discovery to find out the port and join to group to work together as cluster / pool<br />
<br />
!!! exposing UDP ports<br />
# docker run -p <server_port>:<container_port>/udp<br />
<br />
port forward is from inside to outside<br />
<br />
<br />
!!! delete container<br />
# docker rm gab-test<br />
<br />
you can run the container and auto delete the container upon exit<br />
# docker run --rm gab-test<br />
<br />
!!! ssh into container<br />
# docker exec -it gab-test /bin/bash<br />
or<br />
# docker -it gab-test bash<br />
<br />
you can run it and put it at the backgroud<br />
# docker -it -d gab-test bash<br />
then you can connect back to it by<br />
# docker attach <container_name><br />
<br />
--------------------------------------------<br />
Managing the images<br />
<br />
!!! save as image and name it "img" with "latest" tag<br />
# docker commit gab-test img:latest<br />
<br />
!!! list images<br />
# docker images<br />
<br />
!!! list images with filter<br />
# docker images --filter reference=gab-test<br />
<br />
!!! list current running container<br />
# docker ps<br />
<br />
Container will stop when the main process is stop<br />
example: docker run -ti centos:latest bash<br />
bash has become the main process<br />
so when you exit from bash, it will stop the container<br />
<br />
use below command to list all container<br />
# docker ps -a<br />
<br />
!!! clean up unused docker images and container<br />
# docker system prune<br />
<br />
!!! delete all things<br />
# docker system prune -a<br />
<br />
<br />
All Container start from images file<br />
since i do not have own images file, i be using public images from docker repo<br />
# docker pull centos<br />
<br />
list out images to confirm it was success<br />
# docker images<br />
<br />
--------------------------------------------------<br />
Managing network & port<br />
<br />
<br />
then now we create our first container<br />
below command will create container name "gab-test" + map port 80 from container to server + using the images repo name "centos" with tag "latest"<br />
# docker create --name gab-test -p 80:80 centos:latest<br />
<br />
find out the port used for certain container<br />
# docker port gab-test<br />
<br />
!!! you can link 2 containers together so it can direct connect to it<br />
first create 1st container<br />
# docker run -ti --name server<br />
create 2nd container and link back to 1st container<br />
# docker run -ti --link server --name client<br />
<br />
by using link, you can nc to server IP and pass data<br />
at server container<br />
# nc -lp 1234<br />
at client container<br />
# nc server 1234<br />
<br />
but link will break after i get stop and started.<br />
this is because server IP get change<br />
and client host file didnt get update with the new IP<br />
<br />
!!! create legacy linking<br />
you can create private network for docker<br />
# docker network create <network_name><br />
then you can run container inside the network<br />
# docker run -it --net=<network_name> --name gab-test centos:latest<br />
<br />
----------------------------------------<br />
images<br />
<br />
list down all the images<br />
#docker images<br />
<br />
the size of the images is actually shared. so the sum of it does not equal to total used space inside the server<br />
<br />
once created images, push to repo<br />
you can use pull to run the images again<br />
<br />
images easy to get build up and consume space<br />
so you can use command to clear the images inside the server<br />
<br />
# docker rmi <image_name>:tag<br />
# docker rmi <image_id><br />
<br />
---------------------------------------<br />
Volume<br />
<br />
there are 2 varieties<br />
- Persistent (data remain even after container stop)<br />
- ephemeral (data lost when there is no container using it<br />
<br />
these volume is not part of the images, so using persistent volume wont change your image<br />
<br />
create shared folder<br />
# mkdir example<br />
<br />
then create container and bind the shared folder into it<br />
# docker run -it -v /opt/example:/shared-folder --name gab-test centos:latest bash<br />
<br />
you can also share data between 2 container directly<br />
at the 1st container<br />
# docker run -ti -v /shared-data --name gab-test centos:latest bash<br />
put some file into the /shared-data<br />
then at the 2nd container, create and link to 1st container<br />
# docker run --ti --volumes-from gab-test centos:latest bash<br />
<br />
this will link the container name gab-test volume<br />
<br />
this shared volume which shared directly between container remain even after the 1st container stop.<br />
this is the example of ephemeral volume, data exist as long there is container using.<br />
but if all container stop using it, it will gone<br />
so you can create 3rd container, and link it back to 2nd shared container<br />
and so on<br />
<br />
------------------------------------------<br />
Images<br />
<br />
there is repo maintain by Docker itself<br />
and from there, you can use command to search for images<br />
# docker search ubuntu<br />
this will list down all ubuntu related images<br />
do notice the "Stars" and "Official"<br />
for reliable images<br />
Stars = same like like / fame<br />
Official = direct from OS distributer<br />
<br />
for more info of that images, suggest to use browser as it will show how to use the images<br />
and what things to take note<br />
<br />
you have to login to docker if you wanna push images back to Docker repo<br />
# docker login<br />
<br />
-----------------------------------------------<br />
Usage of DockerFile<br />
<br />
DockerFile is a small "program" or "list of command" to create an image<br />
below is the command to build with the DockerFile<br />
# docker build -t <image_name> .<br />
Notice the " . " at the end of the command, that is to indicate the location of the dockerfile<br />
if DockerFile is at different location<br />
# docker build -t <image_name> /path/<br />
<br />
The image is store locally in your server, you need to use push command to push to public repo if needed.<br />
<br />
do that note, if you save a big file inside and save as image,<br />
the image size will be very big.<br />
it suggest to delete the file if no longer needed during the build process before save<br />
so the image will be in smaller size<br />
<br />
Statement<br />
FROM = which image to download and start (must be the first command in your DockerFile)<br />
MAINTAINER = Author of this DockerFile (example: MAINTAINER Firstname Lastname <email> )<br />
RUN = run command line, wait it finish & save the result<br />
ADD = add file from server to it. it also can be use to uncompress the file into it<br />
Example: ADD project.tar.gz /data/<br />
ADD script.sh /script.sh<br />
ADD https://example.com/project.rpm /project/<br />
ENV = set environtment variables<br />
Example: ENV parameter=example<br />
EXPOSE = map port into container<br />
VOLUME = define shared volume<br />
WORKDIR = default directory to use whenever it start<br />
USER = which user the container will run as<br />
<br />
reference:<br />
https://docs.docker.com/engine/reference/builder/<br />
<br />
-----------------------------------------<br />
Resource limiting<br />
- can use to schedule CPU time<br />
- can use to limit memory allocation<br />
- inherited limitations and quotas ( by saying this, container cannot cannot escape the limit by starting more process, it only can play around within that quotas )<br />
<br />
Note: although i cant think of any situations where i need to limit my container resource, maybe it useful if you have limited server.? but not sure if i wanna do that if it was Production environtment.<br />
<br />
<br />
-------------------------------------------<br />
Managing service<br />
<br />
use --restart to restart the container if it die<br />
# docker run -p 8080:8080 --restart=always --name gab-test centos:latest<br />
<br />
-------------------------------------------<br />
Save & load Images<br />
<br />
you can save image as zip file for backup purpose or transfer to your customer<br />
# docker save -o my-images.tar.gz gab-test:latest centos:latest<br />
<br />
this will save gab-test images + centos images together in 1 file<br />
after save, even if you delete the images from your local machine,<br />
you always can load back from this zip file<br />
<br />
# docker load -i my-images.tar.gz<br />
this command will load out the 2 images and store locally<br />
<br />
useful to move container between server<br />
<br />
<br />
<br />
-------------------------------------------<br />
<br />
Playing with AWS ECS<br />
<br />
create a new repo with gab-test<br />
click the "View push commands"<br />
and follow the setup to pus the images to gab-test repo<br />
<br />
once you build your images locally<br />
you need to apply tag from your images to the repo before push<br />
docker tag gab-test:latest 922322261069.dkr.ecr.us-east-1.amazonaws.com/gab-test:latest<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-10327478561066177112019-07-15T16:53:00.000+08:002021-09-07T16:32:29.380+08:00Jboss 7 EAP cluster in AWS using RHEL 8<h2>
Environment</h2>
server: Red Hat Enterprise Linux release 8.0 (Ootpa)<br />
Jboss: 7.2.2<br />
Java: jdk-8u211-linux-x64<br />
AWS services used: EC2, S3, EFS<br />
<br />
I download all jboss and java installation file at /home/ec2-user/jboss<br />
<br />
Install Java JDK<br />
# yum localinstall jdk-8u211-linux-x64.rpm -y<br />
<br />
<h3>
Setup Jboss</h3>
I setup everything inside /opt<br />
# cd /opt/<br />
# unzip /home/ec2-user/jboss/jboss-eap-7.2.0.zip<br />
<br />
go to standalone config folder and copy the needed file<br />
# cd /opt/jboss-eap-7.2/standalone/configuration<br />
# cp /opt/jboss-eap-7.2/docs/examples/configs/standalone-ec2-ha.xml .<br />
<br />
go to bin/init.d and edit file so it will use the new config file<br />
# cd /opt/jboss-eap-7.2/bin/init.d<br />
# vim jboss-eap.conf<br />
<br />
below is the config that i change in red color<br />
===========================START===============================<br />
[root@ip-172-31-46-162 init.d]# cat jboss-eap.conf<br />
# General configuration for the init.d scripts,<br />
# not necessarily for JBoss EAP itself.<br />
# default location: /etc/default/jboss-eap<br />
<br />
## Location of JDK<br />
# JAVA_HOME="/usr/lib/jvm/default-java"<br />
JAVA_HOME="/usr/java/default"<br />
## Location of JBoss EAP<br />
# JBOSS_HOME="/opt/jboss-eap"<br />
<span style="color: red;">JBOSS_HOME="/opt/jboss-eap-7.2"</span><br />
<br />
## The username who should own the process.<br />
# JBOSS_USER=jboss-eap<br />
<span style="color: red;">JBOSS_USER=jboss</span><br />
<br />
## The mode JBoss EAP should start, standalone or domain<br />
<span style="color: red;">JBOSS_MODE=standalone</span><br />
<br />
## Configuration for standalone mode<br />
<span style="color: red;">JBOSS_CONFIG=standalone-ec2-ha.xml</span><br />
<br />
## Configuration for domain mode<br />
# JBOSS_DOMAIN_CONFIG=domain.xml<br />
# JBOSS_HOST_CONFIG=host-master.xml<br />
<br />
## The amount of time to wait for startup<br />
# STARTUP_WAIT=60<br />
<br />
## The amount of time to wait for shutdown<br />
# SHUTDOWN_WAIT=60<br />
<br />
## Location to keep the console log<br />
# JBOSS_CONSOLE_LOG="/var/log/jboss-eap/console.log"<br />
<span style="color: red;">JBOSS_CONSOLE_LOG="/opt/jboss-eap-7.2/standalone/log/console.log"</span><br />
<br />
## Additionals args to include in startup<br />
# JBOSS_OPTS="--admin-only -b 127.0.0.1"<br />
===========================END=================================<br />
<br />
edit this file so it will use the config we just edit<br />
# vim jboss-eap-rhel.sh<br />
<br />
find and edit this which in red color<br />
============================START================================<br />
# Load JBoss EAP init.d configuration.<br />
if [ -z "$JBOSS_CONF" ]; then<br />
JBOSS_CONF="<span style="color: red;">/opt/jboss-eap-7.2/bin/init.d/jboss-eap.conf</span>"<br />
fi<br />
<br />
[ -r "$JBOSS_CONF" ] && . "${JBOSS_CONF}"<br />
============================END================================<br />
<br />
now is edit standalone.conf to input the s3 bucket details<br />
# cd /opt/jboss-eap-7.2/bin<br />
# vim standalone.conf<br />
<br />
add below into it<br />
=============================START===============================<br />
ACCESS_KEY_ID=<span style="color: red;">YOUR_ACCESS</span><br />
SECRET_ACCESS_KEY=<span style="color: red;">YOUR_SECRET</span><br />
S3_PING_BUCKET=gab-jboss<br />
NODE_NAME=`hostname`<br />
<br />
INTERNAL_IP_ADDRESS=`ip addr show | grep eth0 -A 2 | head -n 3 | tail -n 1 | awk '{ print $2 }' | sed "s-/24--g" | cut -d'/' -f1`<br />
<div>
=============================END==================================</div>
<div>
<br /></div>
<div>
find end edit this</div>
<div>
=============================START================================</div>
<div>
<br /></div>
if [ "x$JAVA_OPTS" = "x" ]; then<br />
JAVA_OPTS="-Xms1303m -Xmx1303m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true"<br />
JAVA_OPTS="$JAVA_OPTS -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS -Djava.awt.headless=true"<br />
<span style="color: red;">JAVA_OPTS="$JAVA_OPTS -Djboss.jgroups.s3_ping.access_key='$ACCESS_KEY_ID' -Djboss.jgroups.s3_ping.secret_access_key='$SECRET_ACCESS_KEY' -Djboss.jgroups.s3_ping.bucket='$S3_PING_BUCKET' -Djboss.jvmRoute=$NODE_NAME"</span><br />
<span style="color: red;"> JAVA_OPTS="$JAVA_OPTS -Djboss.bind.address=$INTERNAL_IP_ADDRESS -Djboss.bind.address.private=$INTERNAL_IP_ADDRESS"</span><br />
else<br />
echo "JAVA_OPTS already set in environment; overriding default settings with values: $JAVA_OPTS"<br />
fi<br />
<div>
=============================END===================================</div>
<div>
<br /></div>
<div>
<br /></div>
<h3>
Setup S3 bucket</h3>
<div>
go to S3 side and create bucket name gab-jboss</div>
<div>
if you change the bucket name, do remember update your standalone.conf so it point to correct bucket</div>
<div>
<br /></div>
<h3>
Test the cluster</h3>
<div>
go download this war file if you have redhat account</div>
<div>
https://access.redhat.com/solutions/46373</div>
<div>
deploy and see the log if it form the cluster and check S3 bucket if file created there</div>
<div>
PS: it wont form cluster if there is no war file set as distributed</div>
<div>
<br /></div>
<h3>
Auto Scale</h3>
<div>
The configuration above is support auto-scaling. As mean it will join the cluster upon launching.<br />
remove the testing war file and save as AMI. and configure your auto scale base on this AMI</div>
<div>
the node name is configure to follow server hostname which i set in standalone.conf</div>
<div>
<br /></div>
<div>
centralize log file</div>
<div>
for this, i am using EFS storage</div>
<div>
follow AWS guide to create a new one and install NFS in your RHEL server</div>
# yum install -y nfs-utils<br />
<div>
<br /></div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-12286674285339724692018-03-09T16:10:00.003+08:002018-03-09T16:10:49.824+08:00apache mod_rewrite<div>
<br />
<li>The caret, <code class="unix">^</code>, signifies the <strong>start of an URL</strong>, under the current directory. This directory is whatever directory the .htaccess file is in. You’ll start almost all matches with a caret.</li>
<br />
<br />
<br />
<br />
<li>The dollar sign, <code class="unix">$</code>, signifies the <strong>end of the string to be matched</strong>. You should add this in to stop your rules matching the first part of longer URLs.</li>
<li>Query string is read until "?"</li>
<br />
<br />
<div>
example</div>
<div>
<br /></div>
<div>
<div>
RewriteCond %{QUERY_STRING} ^resid=ID</div>
<div>
RewriteRule ^/eid? http://store.datascrip.com/? [R=301,L]</div>
</div>
<b><u><br /></u></b>
<b><u><br /></u></b>
<b><u>Force SSL</u></b><br />
RewriteEngine On</div>
<div>
RewriteCond %{HTTPS} off</div>
<div>
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}</div>
<div>
<br />
<b><u>Redirrect everything to new URL</u></b><br />
RewriteRule /.* http://www.new-domain.com/ [R]<br />
<br />
<b><u>redirrect certain query string match + sub path to new URL</u></b><br />
RewriteCond %{QUERY_STRING} ^resid=ID$<br />
RewriteRule ^/eid? http://new.com/ [R,L]<br />
<br />
this will redirrect testing.com/eid?resid=ID to http://new.com<br />
the symbol $ is to indicate the string end<br />
<br />
<br />
<div>
<div>
RewriteCond %{HTTP_HOST} ^gab.com</div>
</div>
<div>
RewriteRule "^(.*)/p/7074689$" "https://gab.com/p/7075394" [R=301,L]</div>
<br />
this will rewrite request go to gab.com/* and end with that redirrect to different place<br />
<u><b><br /></b></u>
<u><b>Block all access to /test/* except /test/gab/*</b></u><br />
<br />
RewriteCond %{HTTP_HOST} ^abc.com<br />
RewriteCond %{REQUEST_URI} ^/test<br />
RewriteRule "!^/test/gab(.*)" "-" [F]<br />
<br />
# rewrite rule base on akamai country code for maintenance pages<br />
RewriteCond %{HTTP:X-Akamai-Edgescape} code=MY<br />
RewriteCond %{REQUEST_URI} !^/maintenance<br />
RewriteRule ^(.*)$ /maintenance/ES/maintenance.html [R=301,L]<br />
<br />
https://www.cheatography.com/davechild/cheat-sheets/mod-rewrite/</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-2412479008106715842017-10-20T11:50:00.004+08:002017-10-20T11:50:42.942+08:00nagios passive check + custom script at remote hostThis is the 2nd post for the custom script.<br />
Due to my new environment where i had limited access & yet i still wanna pass some server information back to nagios for monitoring and alert + without compromising security issue<br />
<br />
Nagios server || Firewall || production server<br />
<br />
the only port open between this 2 server is SSH port, so i will need to utilize this to send data from my server back to Nagios server<br />
<br />
In this post, will be all my notes on my custom script to check disk space, memory, CPU load and checking some service if it running / stopped.<br />
<br />
<h3>
<u>Setup</u></h3>
I assume nagios server is done setup and running perfectly good.<br />
otherwise, please check below URL for how to setup nagios<br />
<a href="http://gab-tech.blogspot.my/2012/08/setup-nagios.html">http://gab-tech.blogspot.my/2012/08/setup-nagios.html</a><br />
<br />
although the post is kinda old, but the setup should be same.<br />
for this post, i am using Nagios Core 4.2.4<br />
<br />
Now you need to create entry at nagios server<br />
you can edit your current config or create a new config.<br />
for mine, i create a new config for every project group for easy manage<br />
<br />
# vim Hybris.cfg<br />
<br />
define hostgroup{<br />
hostgroup_name HYBRIS-DEV<br />
alias HYBRIS-DEV<br />
members HYBRIS-APP-D01<br />
}<br />
<br />
define host{<br />
use linux-server<br />
host_name HYBRIS-APP-D01<br />
alias HYBRIS-APP-D01<br />
address HYBRIS-APP-D01.gab.com<br />
notification_interval 0<br />
}<br />
<br />
define service{<br />
use local-service<br />
host_name HYBRIS-APP-D01<br />
service_description /home<br />
check_command check_log<br />
notifications_enabled 1<br />
notification_interval 0<br />
passive_checks_enabled 1 }<br />
<u><b><br /></b></u>
<u><b><br /></b></u>
<br />
<h4>
<u>Dummy script</u></h4>
<div>
from the nagios setup, can see the check_command i use is pointint to check_log<br />
there are no plugin call check_log actually, it just a dummy script to satisfy nagios. Because if i didnt set check_command, nagios will give error.<br />
and my custom script is at different server.</div>
<div>
<br /></div>
<div>
open and edit this file</div>
<div>
# vim command.cfg<br />
<br />
put this into it</div>
<div>
<br />
<div>
<blockquote class="tr_bq">
# 'fake command' command definition<br />define command{<br /> command_name check_log<br /> command_line /bin/bash /usr/local/nagios/script/check_passive<br /> }</blockquote>
</div>
</div>
<div>
<br /></div>
<div>
then at nagios folder create script directory<br />
and create check_passive with 770 permission</div>
<div>
put this into it</div>
<div>
<br /></div>
<div>
<div>
<blockquote class="tr_bq">
#!/bin/sh<br />echo "please disable active check and use passive"<br />exit 1</blockquote>
</div>
</div>
<div>
<br />
restart nagios server<br />
# /etc/init.d/nagios restart<br />
<br />
you can issue nagios configtest to check configuration before restart if it got any error<br />
# /etc/init.d/nagios configtest</div>
<div>
<br /></div>
<h3>
<u>Manual push result to Nagios from remote host</u></h3>
From nagios documentation, we can use this command to push result into nagios<br />
<br />
<pre style="background-color: whitesmoke; border-radius: 4px; border: 1px solid rgb(204, 204, 204); box-sizing: border-box; color: #333333; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 13px; line-height: 1.42857; margin-bottom: 10px; overflow: auto; padding: 9.5px; word-break: break-all; word-wrap: break-word;">[<timestamp>] PROCESS_SERVICE_CHECK_RESULT;<host_name>;<svc_description>;<return_code>;<plugin_output></pre>
<br />
Example of mine:<br />
echo "[`date +%s`] PROCESS_SERVICE_CHECK_RESULT;GAB-APP-P01;/home;1;test output" >> nagios.cmd<br />
<br />
host_name = GAB-APP-P01<br />
svc_description = /home<br />
return_code = 1<br />
plugin_output = test<br />
<br />
<br />
then using this coomand, we can manual push the result from our custom script back to nagios.<br />to test if it is working, you can initiate this command to test<br />
<br />
<blockquote class="tr_bq">
ssh -t nagios@nagios_server_IP "<br /> cd /usr/local/nagios/var/rw<br /> echo '[`date +%s`] PROCESS_SERVICE_CHECK_RESULT;GAB-APP-D01;/home;1;test' >> nagios.cmd"</blockquote>
you should be able to see the result in your nagios server<br />
<br />
<br />
<h3>
<u>Setup Remote host script</u></h3>
because I dont want all checking under 1 script, so i separate out to few script<br />
1. check storage script<br />2. check cpu script<br />3. check memory script<br />
4. check service running script<br />
<br />
then to avoid duplicate code of push data back to nagios server, i separate out another script for purely send data back to nagios<br />
<br />
5. push data to nagios server script<br />
<br />
<span style="color: red;">NOTE: For security issue</span><br />
I not going to use root to push data back to nagios, i create a user cal nagios.<br />then i create ssh-keygen for nagios and put to nagios server so everytime it push data back to nagios server, it can skip password authentication part.<br />
<br />
For how to setup SSH-keygen, please refer to this link below for setup ssh-keygen<br />
<a href="http://gab-tech.blogspot.my/2011/03/incremental-backup.html">http://gab-tech.blogspot.my/2011/03/incremental-backup.html</a><br />
<br />
<br />
here is the example script i use at remote host<br />
<span style="color: blue;">PS: at nagios user home dir, i created script directory and store all my script there</span><br />
<span style="color: blue;"><br /></span>
<h4>
5. Push data to nagios server script</h4>
edit the RED color word to suit your server<br />
---------- nagios.sh ----------<br />
#!/bin/bash<br />
<br />
ssh -t nagios@<span style="color: red;">NAGIOS_SERVER_IP</span> "<br />
cd /usr/local/nagios/var/rw<br />
echo '[`date +%s`] PROCESS_SERVICE_CHECK_RESULT;<span style="color: red;">GAB-APP-D01</span>;$1;$2;$3' >> nagios.cmd"<br />
<div>
--------- END ----------</div>
<br />
<h4>
1. Check Storage Script</h4>
In order to avoid keep repeat issue df -h command for each checking,<br />i set cronjob to record down df -h result to a file<br />
<br />
# record every 5 minute to df-result<br />
*/5 * * * * df -h > /home/nagios/script/df-result<br />
<br />
---------- check_storage.sh ----------<br />
#!/bin/bash<br />
<br />
# all script located here<br />
cd /home/nagios/script<br />
<br />
# delay 30 sec before start check so it can confirm wont crash with cronjob record result<br />
sleep 30s<br />
<br />
store1="/"<br />
result1=$(grep -w "/" df-result | awk '{print $4}')<br />
status1=$(bash status.sh $result1)<br />
/bin/bash nagios.sh $store1 $status1 $result1<br />
<br />
store2="/boot"<br />
result2=$(grep -w "/boot" df-result | awk '{print $5}')<br />
status2=$(bash status.sh $result2)<br />
/bin/bash nagios.sh $store2 $status2 $result2<br />
<br />
store3="/home"<br />
result3=$(grep -w "/home" df-result | awk '{print $4}')<br />
status3=$(bash status.sh $result3)<br />
/bin/bash nagios.sh $store3 $status3 $result3<br />
<div>
---------- END ----------</div>
<br />
<h4>
2. check cpu script</h4>
---------- cpu_load.sh ----------<br />
#!/bin/bash<br />
<br />
sar=$(sar 1 1 | tail -n 1 | awk '{print $8}')<br />
<br />
load=`echo "100.00-$sar" | bc`<br />
<br />
if [[ $load == .* ]]<br />
then load=$(echo "0$load")<br />
fi<br />
<br />
if (( $(echo "$load < 80" | bc -l) )); then<br />
status=0<br />
elif (( $(echo "$load > 90" |bc -l) )); then<br />
status=2<br />
elif (( $(echo "$load > 80" | bc -l) )); then<br />
status=1<br />
else<br />
status=3<br />
fi<br />
<br />
load=$(echo $load%)<br />
<br />
cd /home/nagios/script<br />
/bin/bash nagios.sh cpu $status $load<br />
<div>
---------- END ----------</div>
<br />
<div>
<h4>
3. check memory script</h4>
This check memory script is only for redhat/centos 6 and above<br />
---------- memory_V6.sh ----------<br />
#!/bin/bash<br />
<br />
total=$(free -m | grep "Mem:" | awk '{print $2}')<br />
used=$(free -m | grep "buffers/cache" | awk '{print $3}')<br />
<br />
#echo $total<br />
#echo $used<br />
<br />
percentage100=$[$used*100]<br />
percentage=$[percentage100/$total]<br />
<br />
result=$(echo $percentage%)<br />
<br />
#echo $result<br />
cd /home/nagios/script<br />
status=$(bash status.sh $percentage)<br />
/bin/bash nagios.sh memory $status $result<br />
<div>
---------- END ----------</div>
<br />
<h4>
<br />4. check service running script</h4>
---------- hybris_service.sh ----------<br />
#!/bin/bash<br />
<br />
sleep 15s<br />
<br />
cd /var/log/nagios/script<br />
<br />
HYBRUNNING=`ps auxwww | grep hybris | grep "jmxremote" | grep -v grep | wc -l`<br />
<br />
if [ ${HYBRUNNING} -ne 0 ]; then<br />
result=running<br />
status=0<br />
else<br />
result=stop<br />
status=2<br />
fi<br />
<br />
/bin/bash nagios.sh Hybris-service $status $result<br />
<div>
<br /></div>
<div>
---------- END ---------</div>
<br />
<br />
<h3>
<u>CRONJOB</u></h3>
set cronjob to run this script every 5 min<br />
<br />
*/5 * * * * /home/nagios/script/check_storage.sh > /dev/null 2>&1<br />
*/5 * * * * /home/nagios/script/hybris_service.sh > /dev/null 2>&1<br />
*/1 * * * * /home/nagios/script/memory_V6.sh > /dev/null 2>&1<br />
*/1 * * * * /home/nagios/script/cpu_load.sh > /dev/null 2>&1<br />
<div>
<br /></div>
<br />
<br />
<b><u>reference:</u></b><br />
https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/3/en/passivechecks.html<br />
https://somoit.net/nagios/nagios-using-passive-checks-without-agent</div>
Unknownnoreply@blogger.com5tag:blogger.com,1999:blog-4404297455070980293.post-71861927240501180112017-08-03T15:01:00.000+08:002017-08-03T15:01:43.323+08:007 layer model<b class="bold">Layer 1: Physical</b> The Physical layer consists of the
physical media and dumb devices that make up the infrastructure of our
networks. This pertains to the cabling and connections such as Category
5e and RJ-45 connectors. Note that this layer also includes light and
rays, which pertain to media such as fiber optics and microwave
transmission equipment. Attack considerations are aligned with the
physical security of site resources. Although not flashy, physical
security still bears much fruit in penetration (pen) testing and
real-world scenarios.<br />
<br />
<b class="bold">Layer 2: Data Link</b> The Data Link layer works to
ensure that the data it transfers is free of errors. At this layer, data
is contained in frames. Functions such as media access control and link
establishment occur at this layer. This layer encompasses basic
protocols such as 802.3 for Ethernet and 802.11 for Wi-Fi.<br />
<br />
<b class="bold">Layer 3: Network</b> The Network layer determines the
path of data packets based on different factors as defined by the
protocol used. At this layer we see IP addressing for routing of data
packets. This layer also includes routing protocols such as the Routing
Information Protocol (RIP) and the Interior Gateway Routing Protocol
(IGRP). This is the know-where-to-go layer.<br />
<br />
<b class="bold">Layer 4: Transport</b> The Transport layer ensures the
transport or sending of data is successful. This function can include
error-checking operations as well as working to keep data messages in
sequence. At this layer we find the Transmission Control Protocol (TCP)
and the User Datagram Protocol (UDP).<br />
<br />
<b class="bold">Layer 5: Session</b> The Session layer identifies
established system sessions between different network entities. When you
access a system remotely, for example, you are creating a session
between your computer and the remote system. The Session layer monitors
and controls such connections, allowing multiple, separate connections
to different resources. Common use includes NetBIOS and RPC.<br />
<br />
<b class="bold">Layer 6: Presentation</b> The Presentation layer
provides a translation of data that is understandable by the next
receiving layer. Traffic flow is presented in a format that can be
consumed by the receiver and can optionally be encrypted with protocols
such as Secure Sockets Layer (SSL).<br />
<br />
<b class="bold">Layer 7: Application</b> The Application layer functions
as a user platform in which the user and the software processes within
the system can operate and access network resources. Applications and
software suites that we use on a daily basis are under this layer.
Common examples include protocols we interact with on a daily basis,
such as FTP and HTTP.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-51562678630032596912017-07-28T15:21:00.007+08:002021-09-02T14:27:31.222+08:00jboss eap 7 standalone setup DatabaseThis note is for example guide for adding MySql, Oracle and mariadb for jboss eap 7 standalone.<br />
<div>
<br /></div>
<div>
<span style="font-size: large;"><b><u>MySql</u></b></span></div>
<div>
<br /></div>
<div>
1. download Mysql jdbc from this URL<br />
<a href="https://dev.mysql.com/downloads/connector/j/">https://dev.mysql.com/downloads/connector/j/</a><br />
<br />
2. then at jboss directory, create this path</div>
<div>
<div>
<jboss>/modules/com/mysql/main</div>
<div>
<br /></div>
<div>
3. upload the jdbc into the main directory and create module.xml.</div>
<div>
copy and paste below into module.xml<br />
change the word in red color to be same name as your driver name</div>
<div>
<br /></div>
<div>
<?xml version="1.0" encoding="UTF-8"?></div>
<div>
<module xmlns="urn:jboss:module:1.0" name="com.mysql"></div>
<div>
<resources></div>
<div>
<resource-root path="<span style="color: red;">mysql-connector-java-5.1.43-bin.jar</span>"/></div>
<div>
</resources></div>
<div>
<dependencies></div>
<div>
<module name="javax.api"/></div>
<div>
<module name="javax.transaction.api"/></div>
<div>
</dependencies></div>
<div>
</module></div>
</div>
<div>
<br /></div>
<div>
4. change permission of the newly created file and directory to jboss</div>
<div>
<br /></div>
<div>
5. start jboss service</div>
<div>
<br /></div>
<div>
6. go to jboss bin directory and connect to jboss-cli</div>
<div>
# ./jboss-cli.sh -c --controller=<server-IP></div>
<div>
<br /></div>
<div>
7. input this to add Mysql driver</div>
<div>
/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-xa-datasource-class-name=com.mysql.jdbc.jdbc2.optional.MysqlXADataSource)</div>
<div>
<br /></div>
<div>
8. to edit the database connection details, i use its admin pages to add as it much more easy<br />
at Browser, access to your admin pages by <server_ip>:9990<br />
then follow the step below as screenshot<br />
<br />
go to Configuration > Subsystems > Datasources > Non-Xa<br />
and click add<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJQ6Vt8iLARtoo_g_4AQ2HyC5K2JaohCmtCd4D3b3QYOcWtMktjgg1cDyS5P4qYix1V2t2WnwoA1rvobZOODED97mPHozALvk2wcBkSsb15JTU7zLcJ5fcFDvYGHWKDKH2mjAmVnG9-IrB/s1600/jboss-datasource-01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="640" data-original-width="1331" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJQ6Vt8iLARtoo_g_4AQ2HyC5K2JaohCmtCd4D3b3QYOcWtMktjgg1cDyS5P4qYix1V2t2WnwoA1rvobZOODED97mPHozALvk2wcBkSsb15JTU7zLcJ5fcFDvYGHWKDKH2mjAmVnG9-IrB/s640/jboss-datasource-01.jpg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
Choose MySQL and click Next</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiITX0a1gHi1uVf1Wizk4nIWIanmgVYHY9cWy3KdfyN0uIWoozfak6yachBEHCtcO61YZklJsCm4VGnMw12p789OrfqyoSMWOTlBd4ykcZPD0n2Sw39knJJWjwJHi8n5zBa-NFxgUzamWk5/s1600/jboss-datasource-02.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="689" data-original-width="653" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiITX0a1gHi1uVf1Wizk4nIWIanmgVYHY9cWy3KdfyN0uIWoozfak6yachBEHCtcO61YZklJsCm4VGnMw12p789OrfqyoSMWOTlBd4ykcZPD0n2Sw39knJJWjwJHi8n5zBa-NFxgUzamWk5/s400/jboss-datasource-02.jpg" width="378" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
Enter your JNDI name as below</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEic5Nertym2bIMKmHQ914_SD_25iITaQVZsQSuuslcmFPeuP4iOHu0bQOeJfMRm6vkFw13BbujgV1hdeg6PKKb9LcafTmHvL75CipaHfFTYyTv0Q6MWNlPWdVhjBHAOCDL5O0Cy2R4ydsZb/s1600/jboss-datasource-03.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="689" data-original-width="653" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEic5Nertym2bIMKmHQ914_SD_25iITaQVZsQSuuslcmFPeuP4iOHu0bQOeJfMRm6vkFw13BbujgV1hdeg6PKKb9LcafTmHvL75CipaHfFTYyTv0Q6MWNlPWdVhjBHAOCDL5O0Cy2R4ydsZb/s400/jboss-datasource-03.jpg" width="378" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
go to Detected Driver and choose mysql</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiub5Onkq_ZCu2e0MxwxaW7d5ZwZIrkrPLlc7FWJnVYGXO64ZuO0E6lUtSYuatDazc26Sya8vWgFUVw6IHG7dCKwm5WD51IvYf9TQ7Ua-2JWY3QgabHAq_XVNCBRujreHaJusYGb0xsAtpl/s1600/jboss-datasource-04.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="688" data-original-width="653" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiub5Onkq_ZCu2e0MxwxaW7d5ZwZIrkrPLlc7FWJnVYGXO64ZuO0E6lUtSYuatDazc26Sya8vWgFUVw6IHG7dCKwm5WD51IvYf9TQ7Ua-2JWY3QgabHAq_XVNCBRujreHaJusYGb0xsAtpl/s400/jboss-datasource-04.jpg" width="378" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
edit your connection URL according to your DB with the username and password</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSH0WVGb_ArYzU0riTWH8PzMtFJlBan1tdDlqTgDZ4PflqZ9_hsEU2UBplhUjPt2s7UFVV60C1f3am6S-u9xOfrINTvp3KEUorAm7PPdVYHs6RQhl0vDxJrP7W-Igvy8EPwZJXEiPGeDQP/s1600/jboss-datasource-05.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="689" data-original-width="652" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSH0WVGb_ArYzU0riTWH8PzMtFJlBan1tdDlqTgDZ4PflqZ9_hsEU2UBplhUjPt2s7UFVV60C1f3am6S-u9xOfrINTvp3KEUorAm7PPdVYHs6RQhl0vDxJrP7W-Igvy8EPwZJXEiPGeDQP/s400/jboss-datasource-05.jpg" width="377" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
confirm details is correct and click Finish</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGEp0aFl7LTEMTd0C8HqWVFer7tGtgdqA1hkxs6v3TfM0f_XyHkCYamzttQzDHe1iKXMY8vx5MJ5CHYUoFMW_nC6Q_rKNpMxfc_nRJXuYZK_MMLRpY0YH3CqVtV5IX5ddq82mqk_pAzKoX/s1600/jboss-datasource-06.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="691" data-original-width="652" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGEp0aFl7LTEMTd0C8HqWVFer7tGtgdqA1hkxs6v3TfM0f_XyHkCYamzttQzDHe1iKXMY8vx5MJ5CHYUoFMW_nC6Q_rKNpMxfc_nRJXuYZK_MMLRpY0YH3CqVtV5IX5ddq82mqk_pAzKoX/s400/jboss-datasource-06.jpg" width="376" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
Restart your jboss,</div>
then back to admin > configuration again<br />
then click your newly created Mysql and click test connection<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikQNpvrzVtdasfDrLonM0HE1cRDmRf92nKH9A9qhjFT-sSJNwag5GqEc9wXtMyLd0ujK9eE9lNxbhr4Hgwfw2dKUdtSAmkZG2BDdoEVMwSpVy69BI6wYYZ6z1TH7dOGzusnN7Kk4VlXtrx/s1600/jboss-datasource-07.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="355" data-original-width="957" height="147" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikQNpvrzVtdasfDrLonM0HE1cRDmRf92nKH9A9qhjFT-sSJNwag5GqEc9wXtMyLd0ujK9eE9lNxbhr4Hgwfw2dKUdtSAmkZG2BDdoEVMwSpVy69BI6wYYZ6z1TH7dOGzusnN7Kk4VlXtrx/s400/jboss-datasource-07.jpg" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
you are done once test successful </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyqfWJ8hsNwJHPKzF0nsGkDBwYWmueC7ZKOn0ZFHu15wDzQbWhdk7d5L0vBSp8THqd6xhiOEDWG9pZHL7CbGfQURCr-6DNWyxu_SHqt2qOkv4brQSOHJ1lKp7_CJ-G6A0oYw4GVMmPbE32/s1600/jboss-datasource-08.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="302" data-original-width="404" height="239" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyqfWJ8hsNwJHPKzF0nsGkDBwYWmueC7ZKOn0ZFHu15wDzQbWhdk7d5L0vBSp8THqd6xhiOEDWG9pZHL7CbGfQURCr-6DNWyxu_SHqt2qOkv4brQSOHJ1lKp7_CJ-G6A0oYw4GVMmPbE32/s320/jboss-datasource-08.jpg" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b><u><br /></u></b></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-size: large;"><b><u>Oracle</u></b></span></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
1. download your oracle jdbc driver from this URL, choose the one match your DB version</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://www.oracle.com/technetwork/database/features/jdbc/index-091264.html">http://www.oracle.com/technetwork/database/features/jdbc/index-091264.html</a></div>
<br />
2. create path for module/com/oracle/main<br />
<br />
3. upload the driver to main folder and create module.xml<br />
copy and paste below into module.xml<br />
change the word in red color to be same name as your driver name<br />
<br />
<module xmlns="urn:jboss:module:1.1" name="com.oracle"><br />
<resources><br />
<resource-root path="<span style="color: red;">ojdbc6.jar</span>"/><br />
</resources><br />
<dependencies><br />
<module name="javax.api"/><br />
<module name="javax.transaction.api"/><br />
</dependencies><br />
</module><br />
<br />
4. change ownership to jboss for newly create dir and file<br />
# chown -R jboss;jboss module<br />
<br />
5. start jboss and use jboss-cli to add the driver information<br />
# ./jboss-cli.sh -c --controller=<server-IP><br />
<br />
6. copy paste below to setup the driver<br />
/subsystem=datasources/jdbc-driver=oracle:add(driver-name=oracle,driver-module-name=com.oracle,driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource)<br />
<br />
7. to add DB details, go to admin site and add like Mysql example above. ( repeat step 8 for Mysql section)<br />
just need to edit from mysql to oracle<br />
<br />
<br />
<span style="font-size: large;"><b><u>MariaDB</u></b></span><br />
<br />
<div class="separator" style="clear: both;">
1. download your oracle jdbc driver from this URL, choose the one match your DB version</div>
<div class="separator" style="clear: both;">
<a href="https://downloads.mariadb.org/connector-java/">https://downloads.mariadb.org/connector-java/</a></div>
<br />
2. create path for module/com/mariadb/main<br />
<br />
3. upload the driver to main folder and create module.xml<br />
copy and paste below into module.xml<br />
change the word in red color to be same name as your driver name<br />
<br />
<module xmlns="urn:jboss:module:1.1" name="com.mariadb"><br />
<resources><br />
<resource-root path="<span style="color: red;">mariadb-java-client-1.3.3.jar</span>"/><br />
</resources><br />
<dependencies><br />
<module name="javax.api"/><br />
<module name="javax.transaction.api"/><br />
</dependencies><br />
</module><br />
<br />
<br />
4. change ownership to jboss for newly create dir and file<br />
# chown -R jboss:jboss module<br />
<br />
5. start jboss and use jboss-cli to add the driver information<br />
# ./jboss-cli.sh -c --controller=<server-IP><br />
<br />
4. copy and paste to add the driver information<br />
/subsystem=datasources/jdbc-driver=mariadb:add(driver-name=mariadb,driver-module-name=com.mariadb,driver-xa-datasource-class-name=org.mariadb.jdbc.MariaDbDataSource)<br />
<br />
5. to add DB details, go to admin site and add like Mysql example above. (repeat step 8 at Mysql section)<br />
just need to edit from mysql to oracle<br />
<div>
<br /></div>
<br />
<b><u><span style="font-size: large;">MsSql</span></u></b><br />
<br />
<div class="separator" style="clear: both;">
1. download your oracle jdbc driver from this URL, choose the one match your DB version</div>
<div class="separator" style="clear: both;">
<a href="https://docs.microsoft.com/en-us/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server">https://docs.microsoft.com/en-us/sql/connect/jdbc/download-microsoft-jdbc-driver-for-sql-server</a></div>
<br />
2. create path for module/com/microsoft/main<br />
<br />
3. upload the driver to main folder and create module.xml<br />
copy and paste below into module.xml<br />
change the word in red color to be same name as your driver name<br />
<br />
<module xmlns="urn:jboss:module:1.1" name="com.microsoft"><br />
<resources><br />
<resource-root path="<span style="color: red;">.jar</span>"/><br />
</resources><br />
<dependencies><br />
<module name="javax.api"/><br />
<module name="javax.transaction.api"/><br />
<module name="javax.xml.bind.api"/><br />
</dependencies><br />
</module><br />
<br />
<br />
4. change ownership to jboss for newly create dir and file<br />
# chown -R jboss;jboss module<br />
<br />
5. start jboss and use jboss-cli to add the driver information<br />
# ./jboss-cli.sh -c --controller=<server-IP><br />
<br />
4. copy and paste to add the driver information<br />
/subsystem=datasources/jdbc-driver=microsoft:add(driver-name=microsoft,driver-module-name=com.microsoft,driver-xa-datasource-class-name=com.microsoft.sqlserver.jdbc.SQLServerXADataSource)<br />
<div>
<br /></div>
5. to add DB details, go to admin site and add like Mysql example above. (repeat step 8 at Mysql section)<br />
just need to edit from mysql to oracle<br />
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-31843312916041474332017-07-21T08:46:00.001+08:002017-07-24T11:27:24.318+08:00Jboss EAP 7 Standalone cluster - TCPTested environment<br />
OS: Centos 7 / Rhel 7 (SELinux and firewall disabled )<br />
Java: Oracle JDK 1.8<br />
Jboss: Jboss EAP 7.0.0 (2016-05-10)<br />
<br />
Started to try setup Jboss EAP 7 cluster using standalone mode. But fail to setup using their default config which using UDP multicast, so been googling and found working solution at RedHat portal which using TCP for it multicast.<br />
below is the step i had taken to setup my Jboss EAP 7 Standalone cluster for 2 server<br />
<br />
Please make sure you had setup 2 server before you start this as the cluster config needed to input both server IP<br />
<span style="font-size: large;"><b><u><br /></u></b></span>
<span style="font-size: large;"><b><u>Oracle JDK 1.8</u></b></span><br />
<br />
1. download your oracle jdk 1.8 from this URL<br />
<a href="http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html">http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html</a><br />
<br />
download the "<a class="download" href="https://www.blogger.com/null" id="jdk-8u141-oth-JPRXXXjdk-8u141-linux-x64.rpm" name="jdk-8u141-oth-JPRXXXjdk-8u141-linux-x64.rpm">jdk-8u141-linux-x64.rpm"</a><br />
<a class="download" href="https://www.blogger.com/null" name="jdk-8u141-oth-JPRXXXjdk-8u141-linux-x64.rpm"><br /></a>
2. transfer to your server and install it<br />
<span style="color: #3d85c6;"># yum localinstall jdk-8u141-linux-x64.rpm</span><br />
<br />
3. confirm your java with this command<br />
<span style="color: #3d85c6;"># java -version</span><br />
<div style="border: 1px solid black; padding: 10px;">
<blockquote class="tr_bq">
java version "1.8.0_131"<br />
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)</blockquote>
<div>
</div>
<br /></div>
<h2>
<span style="font-size: large;"><b><u><br /></u></b></span></h2>
<h2>
<span style="font-size: large;"><b><u>JBOSS EAP 7 setup</u></b></span></h2>
1. download your jboss from this URL<br />
<a href="https://developers.redhat.com/products/eap/download/">https://developers.redhat.com/products/eap/download/</a><br />
I use version 7.0.0 as currently that's the latest stable version.<br />
<br />
2. transfer to your Centos 7 / RHEL 7 and unpack the package<br />
<span style="color: #3d85c6;"># unzip jboss-eap-7.0.0.zip</span><br />
<br />
3. move the folder to /opt<br />
<span style="color: #3d85c6;"># mv jboss-eap-7.0 /opt/</span><br />
<br />
4. Add a management user, you can skip this if you does not need it. But for me, it useful for me to monitoring and give to developer to deploy code and get log.<br />
<span style="color: #3d85c6;"># cd /opt/jboss-eap-7.0/bin</span><br />
( NOTE: since i only using it for testing and development use, i edit the password config so I do not require me to setup complicated password )<br />
<span style="color: #3d85c6;"># vim add-user.properties</span><br />
<div style="border: 1px solid black; padding: 10px;">
<blockquote class="tr_bq">
password.restriction=WARN<br />
to<br />
password.restriction=RELAX</blockquote>
</div>
<br />
<span style="color: #3d85c6;"># ./add-user.sh</span><br />
<div style="border: 1px solid black; padding: 10px;">
<blockquote class="tr_bq">
What type of user do you wish to add?<br />
a) Management User (mgmt-users.properties)<br />
b) Application User (application-users.properties)<br />
(a): a<br />
Enter the details of the new user to add.<br />
Using realm 'ManagementRealm' as discovered from the existing property files.<br />
Username : jboss-admin<br />
Password :<br />
Re-enter Password :<br />
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]:<br />
About to add user 'jboss-admin' for realm 'ManagementRealm'<br />
Is this correct yes/no? yes<br />
Added user 'jboss-admin' to file '/opt/jboss-eap-7.0/standalone/configuration/mgmt-users.properties'<br />
Added user 'jboss-admin' to file '/opt/jboss-eap-7.0/domain/configuration/mgmt-users.properties'<br />
Added user 'jboss-admin' with groups to file '/opt/jboss-eap-7.0/standalone/configuration/mgmt-groups.properties'<br />
Added user 'jboss-admin' with groups to file '/opt/jboss-eap-7.0/domain/configuration/mgmt-groups.properties'<br />
Is this new user going to be used for one AS process to connect to another AS process?<br />
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.<br />
yes/no? yes<br />
To represent the user add the following to the server-identities definition <secret value="amJvc3MtYWRtaW4=" /></blockquote>
</div>
<div>
<br />
5. go to init.d folder and update jboss config</div>
<div>
<span style="color: #3d85c6;"># cd init.d/</span></div>
<div>
<span style="color: #3d85c6;"># vim jboss-eap.conf</span><br />
<span style="color: #3d85c6;"><br /></span></div>
<div>
<div style="border: 1px solid black; padding: 10px;">
<blockquote class="tr_bq">
## Location of JDK<br />
JAVA_HOME="/usr/java/default" </blockquote>
<blockquote class="tr_bq">
## Location of JBoss EAP<br />
JBOSS_HOME="/opt/jboss-eap-7.0" </blockquote>
<blockquote class="tr_bq">
## The username who should own the process.<br />
JBOSS_USER=jboss </blockquote>
<blockquote class="tr_bq">
## The mode JBoss EAP should start, standalone or domain<br />
JBOSS_MODE=standalone </blockquote>
<blockquote class="tr_bq">
## Configuration for standalone mode<br />
JBOSS_CONFIG=standalone-ha.xml</blockquote>
</div>
</div>
<div>
<br />
6. Edit the startup script to point to this config file</div>
<div>
<span style="color: #3d85c6;"># vim jboss-eap-rhel.sh</span><br />
<span style="color: #3d85c6;"><br /></span></div>
<div>
<div style="border: 1px solid black; padding: 10px;">
<blockquote class="tr_bq">
# Load JBoss EAP init.d configuration.<br />
if [ -z "$JBOSS_CONF" ]; then<br />
JBOSS_CONF="/opt/jboss-eap-7.0/bin/init.d/jboss-eap.conf"<br />
fi</blockquote>
</div>
</div>
<div>
<br />
7. add user jboss since inside the config, we had set to run this as jboss user</div>
<div>
<span style="color: #3d85c6;"># useradd jboss</span></div>
<div>
<br /></div>
<div>
8. change jboss ownership to jboss</div>
<div>
<span style="color: #3d85c6;"># chown -R /opt/jboss-eap-7.0</span></div>
<div>
<br /></div>
<div>
9. try startup the jboss</div>
<div>
<span style="color: #3d85c6;"># ./jboss-eap-rhel.sh start</span></div>
<div>
<br /></div>
<h3>
Cluster setup</h3>
<div>
1. once the jboss is started, left it running as the next step needed it to implement the setting.</div>
<div>
go to bin directory and create new file call tcp-cluster</div>
<div>
<span style="color: #3d85c6;"># cd /opt/jboss-eap-7.0/bin</span></div>
<div>
<span style="color: #3d85c6;"># touch tcp-cluster</span></div>
<div>
<br /></div>
<div>
2. open tcp-cluster file and pass this below into it.<br />
<br /></div>
<div>
<div style="border: 1px solid black; padding: 10px;">
<blockquote class="tr_bq">
batch<br />
# Add the tcpping stack<br />
/subsystem=jgroups/stack=tcpping:add<br />
/subsystem=jgroups/stack=tcpping/transport=TCP:add(socket-binding=jgroups-tcp)<br />
/subsystem=jgroups/stack=tcpping/protocol=TCPPING:add<br />
# Set the properties for the TCPPING protocol<br />
/subsystem=jgroups/stack=tcpping/protocol=TCPPING:write-attribute(name=properties,value={initial_hosts="<span style="color: red;">HOST_A</span>[7600],<span style="color: red;">HOST_B</span>[7600]",port_range=0,timeout=3000})<br />
/subsystem=jgroups/stack=tcpping/protocol=MERGE3:add<br />
/subsystem=jgroups/stack=tcpping/protocol=FD_SOCK:add(socket-binding=jgroups-tcp-fd)<br />
/subsystem=jgroups/stack=tcpping/protocol=FD:add<br />
/subsystem=jgroups/stack=tcpping/protocol=VERIFY_SUSPECT:add<br />
/subsystem=jgroups/stack=tcpping/protocol=pbcast.NAKACK2:add<br />
/subsystem=jgroups/stack=tcpping/protocol=UNICAST3:add<br />
/subsystem=jgroups/stack=tcpping/protocol=pbcast.STABLE:add<br />
/subsystem=jgroups/stack=tcpping/protocol=pbcast.GMS:add<br />
/subsystem=jgroups/stack=tcpping/protocol=MFC:add<br />
/subsystem=jgroups/stack=tcpping/protocol=FRAG2:add<br />
# Set tcpping as the stack for the ee channel<br />
/subsystem=jgroups/channel=ee:write-attribute(name=stack,value=tcpping)<br />
run-batch<br />
reload</blockquote>
</div>
</div>
<div>
<br />
Edit your host to your IP for both of your server (which in Red color font)</div>
<div>
<br /></div>
<div>
3. execute the script by using this command</div>
<div>
<span style="color: #3d85c6;"># ./jboss-cli.sh --connect --file=tcp-cluster</span></div>
<div>
<br /></div>
<div>
4. stop your jboss service</div>
<div>
<span style="color: #3d85c6;"># ./init.d/jboss-eap-rhel.sh stop</span></div>
<div>
<br /></div>
<div>
5. go to edit standalone-ha config and update it to listen to your IP instead of localhost</div>
<div>
<span style="color: #3d85c6;"># cd /opt/jboss-eap-7.0/standalone/configuration/</span></div>
<div>
<span style="color: #3d85c6;"># vim standalone-ha.xml</span><br />
<span style="color: #3d85c6;"><br /></span></div>
<div>
<div style="border: 1px solid black; padding: 10px;">
<blockquote class="tr_bq">
<interfaces><br />
<interface name="management"><br />
<inet-address value="${jboss.bind.address.management:<span style="color: red;">192.168.95.132</span>}"/><br />
</interface><br />
<interface name="public"><br />
<inet-address value="${jboss.bind.address:<span style="color: red;">192.168.95.132</span>}"/><br />
</interface><br />
<interface name="private"><br />
<inet-address value="${jboss.bind.address.private:<span style="color: red;">192.168.95.132</span>}"/><br />
</interface><br />
</interfaces></blockquote>
</div>
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">6. you need to edit java_opt to give your node a name</span><br />
<span style="color: #3d85c6; font-family: inherit;"># cd /opt/jboss-eap-7.0/bin/</span><br />
<span style="color: #3d85c6; font-family: inherit;"># vim standalone.conf</span><br />
<span style="color: #3d85c6; font-family: inherit;"><br /></span>
<br />
<div style="border: 1px solid black; padding: 10px;">
<blockquote class="tr_bq">
<span style="font-family: inherit;">if [ "x$JAVA_OPTS" = "x" ]; then<br /> JAVA_OPTS="-Xms1350m -Xmx1350m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true"<br /> JAVA_OPTS="$JAVA_OPTS -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS -Djava.awt.headless=true <span style="color: red;">-Djboss.node.name=node1</span>"<br />else<br /> echo "JAVA_OPTS already set in environment; overriding default settings with values: $JAVA_OPTS"<br />fi</span></blockquote>
</div>
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">please use different name for your 2nd server</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">7. you can start your jboss and try access it using <server_IP>:8080</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">8. your cluster is done and for your war file, you need to code it to support cluster. at the end of this node, I will write testing section on how to make sure it is cluster and jsession is transfer to each other when it down.</span><br />
<span style="font-family: inherit;"><br /></span>
<br />
<h3>
Startup</h3>
<br />
for the startup, we will use back jboss initd script provided.<br />
It located at /opt/jboss-eap-7.0/bin/init.d/jboss-eap-rhel.sh<br />
<br />
1. go to systemd and create jboss.service<br />
<span style="color: #3d85c6;"># cd /usr/lib/systemd/system</span><br />
<span style="color: #3d85c6;"># vim jboss.service</span><br />
<br />
2. paste this into it and save it<br />
<br />
<div style="border: 1px solid black; padding: 10px;">
[Unit]<br />
Description=Jboss EAP 7<br />
After=syslog.target<br />
After=network.target<br />
<br />
<br />
[Service]<br />
Type=forking<br />
ExecStart=/opt/jboss-eap-7.0/bin/init.d/jboss-eap-rhel.sh start<br />
ExecStop=/opt/jboss-eap-7.0/bin/init.d/jboss-eap-rhel.sh stop<br />
TimeoutStartSec=300<br />
TimeoutStopSec=300<br />
<br />
<br />
[Install]<br />
WantedBy=multi-user.target</div>
<div>
<br /></div>
<br />
3. enable jboss to start during boot<br />
<span style="color: #3d85c6;"># systemctl enable jboss.service</span><br />
<br />
4. start jboss service to verify it is working<br />
<span style="color: #3d85c6;"># systemctl start jboss</span><br />
<br />
<h2>
Apache Web Setup</h2>
I going to use apache with mod_jk for my web + balancer<br />
<br />
1. install apache and needed package<br />
<span style="color: #3d85c6;"># yum install httpd httpd-devel gcc</span><br />
<br />
2. download mod_jk and build it. You can get it from this URL<br />
<a href="http://tomcat.apache.org/download-connectors.cgi">http://tomcat.apache.org/download-connectors.cgi</a><br />
get the <a href="http://www-eu.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.42-src.tar.gz" rel="nofollow" style="font-family: "Open Sans", sans-serif; font-size: 14px;">JK 1.2.42 Source Release tar.gz </a><span style="font-family: "open sans" , sans-serif; font-size: 14px;">(e.g. Unix, Linux, Mac OS)</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">3. unpack it, configure, make</span><br />
<span style="color: #3d85c6; font-family: inherit;"># tar -zxvf tomcat-connectors-1.2.42-src.tar.gz</span><br />
<span style="color: #3d85c6; font-family: inherit;"># tomcat-connectors-1.2.42-src/native/</span><br />
<span style="color: #3d85c6; font-family: inherit;"># find / -iname apxs</span><br />
<span style="color: #3d85c6; font-family: inherit;"># ./configure --with-apxs=/usr/bin/apxs</span><br />
<span style="color: #3d85c6; font-family: inherit;"># make</span><br />
<span style="color: #3d85c6; font-family: inherit;"># make install</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">4. setup web config file</span><br />
<span style="color: #3d85c6; font-family: inherit;"># cd /etc/httpd/conf.d/</span><br />
<span style="color: #3d85c6; font-family: inherit;"># vim workers.properties</span><br />
<span style="color: #3d85c6; font-family: inherit;"><br /></span>
<br />
<div style="border: 1px solid black; padding: 10px;">
<blockquote>
worker.list=worker1,node1,node2,status<br />
#node name you using here need to be same in standalone.conf<br />
worker.jkstatus.type=status </blockquote>
<blockquote>
#node1<br />
worker.node1.port=8009<br />
worker.node1.host=<span style="color: red;">192.168.95.132</span><br />
worker.node1.type=ajp13<br />
worker.node1.lbfactor=1<br />
worker.node1.ping_mode=A<br />
#worker.node1.cachesize=10 </blockquote>
<blockquote>
#node2<br />
worker.node2.port=8009<br />
worker.node2.host=<span style="color: red;">192.168.95.135</span><br />
worker.node2.type=ajp13<br />
worker.node2.lbfactor=1<br />
worker.node2.ping_mode=A<br />
#worker.node2.cachesize=10 </blockquote>
<blockquote>
# Load-balancing behaviour<br />
worker.worker1.type=lb<br />
worker.worker1.balance_workers=node1,node2<br />
worker.worker1.sticky_session=1</blockquote>
<br /></div>
<span style="color: #3d85c6;"><br /></span>
<span style="color: #3d85c6;"># vim mod_jk.conf</span><br />
<span style="color: #3d85c6;"><br /></span>
<br />
<div style="border: 1px solid black; padding: 10px;">
<blockquote class="tr_bq">
LoadModule jk_module modules/mod_jk.so<br />
<IfModule mod_jk.c><br />
JkWorkersFile /etc/httpd/conf.d/workers.properties<br />
JkShmFile /var/log/httpd/mod_jk.shm<br />
JkLogFile /var/log/httpd/mod_jk.log<br />
JkLogLevel info,debug<br />
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "<br />
<br />
JkMount /* worker1<br />
#mount this url, edit as neccessary<br />
</IfModule></blockquote>
</div>
<br />
5. save it and start apache service<br />
<br />
<h2>
Testing</h2>
By right, if you are using Exsi to host your server. You should see cluster member view inside the log during the jboss startup.<br />
for mine, i only using Vmware workstation on my laptop and host 2 server. So there is nothing to be see on the log if do not have any War file with cluster setting deploy.<br />
So do not freak out if your log do not show the cluster member.<br />
<br />
here is the step taken to test my cluster is working<br />
<br />
1. download this war file, which i get it from RedHat solutions<br />
<a href="https://drive.google.com/uc?export=download&id=0B04R1MEwmWozVTRaS1VxNGtJU1E">https://drive.google.com/uc?export=download&id=0B04R1MEwmWozVTRaS1VxNGtJU1E</a><br />
Unzip the file.<br />
Inside it, go to counter/dist, download the counter.war<br />
<br />
2. deploy it to your both of your jboss. You can either use the management console to deploy it or put the war file to the deployment folder<br />
(NOTE: once you deploy the war file to both server, you should be able to see the cluster member info show up in your log )<br />
<br />
3. go to <server-1_IP>/counter in browser<br />
<br />
4. refresh few times, and you should see the counter increasing<br />
<br />
5. now stop server-1 jboss, when it done fully stop, even we are still using server-1 web but the backend should be redirected to server-2 jboss since we had stop server-1 jboss.<br />
<br />
6. Try refresh the pages and you should see the counter is continue increase instead of get reset. this had prove the jsession has been pass to other member of the cluster when it get down.<br />
<br />
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-53665416410962767372017-05-11T11:38:00.001+08:002017-05-11T11:38:52.661+08:00exsi patchpatch exsi package -> https://esxi-patches.v-front.de/ESXi-6.0.0.html<br />
<br />
<br />
[root@bs-lab02:~] esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.<br />
0.0-20160804001-standard<br />
Update Result<br />
Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.<br />
Reboot Required: true<br />
VIBs Installed: VMware_bootbank_esx-base_6.0.0-2.43.4192238, VMware_bootbank_esx-ui_1.4.0-3959074, VMware_bootbank_misc-drivers_6.0.0-2.43.4192238, VMware_bootbank_net-vmxnet3_1.1.3.0-3vmw.600.2.43.4192238, VMware_bootbank_vsan_6.0.0-2.43.4097166, VMware_bootbank_vsanhealth_6.0.0-3000000.3.0.2.43.4064824, VMware_locker_tools-light_6.0.0-2.43.4192238<br />
VIBs Removed: VMware_bootbank_esx-base_6.0.0-2.34.3620759, VMware_bootbank_esx-ui_1.0.0-3617585, VMware_bootbank_misc-drivers_6.0.0-2.34.3620759, VMware_bootbank_net-vmxnet3_1.1.3.0-3vmw.600.2.34.3620759, VMware_bootbank_vsan_6.0.0-2.34.3563498, VMware_bootbank_vsanhealth_6.0.0-3000000.3.0.2.34.3544323<br />
VIBs Skipped: VMWARE_bootbank_mtip32xx-native_3.8.5-1vmw.600.0.0.2494585, VMware_bootbank_ata-pata-amd_0.3.10-3vmw.600.0.0.2494585, VMware_bootbank_ata-pata-atiixp_0.4.6-4vmw.600.0.0.2494585,<br />
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-68594125946108814772017-05-11T11:32:00.001+08:002017-05-11T11:32:56.969+08:00mount CD and use as repo# mount -o loop /dev/sr0 /mnt<br />
<br />
# cp /mnt/media.repo /etc/yum.repos.d/rhel7dvd.repo<br />
# chmod 644 /etc/yum.repos.d/rhel7dvd.repoUnknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-15728434716381343302017-05-11T10:57:00.003+08:002017-05-11T10:57:38.427+08:00sed notessed -ie 's/word1/word2/g' /testing<br />
<br />
find word1 and replace it to word2 inside /testing file<br />
-i option is used to edit in place on the file testing.<div>
-e option indicates the expression/command to run, in this case s/.<br /><br />
Notes:<br />
the / can be replace with anything as long no conflict with inside word<br />
example<br />
<br />
sed -ie 's:word1:word2:g' /testing</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-33268277816669835682017-05-11T09:38:00.001+08:002017-08-03T14:55:46.896+08:00HaProxyEnvironment: Centos 7<br />
Haproxy version: 1.5.18<br />
<b><u>Installation</u></b><br />
you can install by using this command<br />
# yum install haproxy<br />
<br />
<b><u>Configure</u></b><br />
the configuration file is located at /etc/haproxy/haproxy.cfg<br />
open and edit the file<br />
you need to define frontend and backend<br />
<br />
frontend LB<br />
bind 0.0.0.0:80 # bind to all network IP:port<br />
reqadd X-Forwarded-Proto:\ http<br />
default_backend LB # point to backend name LB<br />
<br />
backend LB<br />
mode http<br />
balance roundrobin # Load balancing will work in round-robin process.<br />
option httpchk<br />
option httpclose<br />
option forwardfor<br />
cookie SERVERID insert # Let the load-balancer set up a cookie for the session. <br />
server svrv-trep-app01 172.20.101.115:80 cookie app01 check # server 1<br />
server svrv-trep-app02 172.20.101.116:80 cookie app02 check # server 2<br />
server backup-server 172.20.101.124:80 check backup # if all server fail, traffic will go to this backup server<br />
<div>
<br />
<br /></div>
<div>
<br /></div>
<div>
cookie app0x = this is so when client come back, it know which server to go back to.</div>
<div>
but if it was new client, then it will set SERVERID=app01 into the header</div>
<div>
<br /></div>
<div>
if using application for session persistence<br />
then replace SERVERID with JSESSIONID</div>
<div>
<br /></div>
<div>
the "check" is use to check if the server is alive or not</div>
<div>
<br /></div>
<div>
<b><u>Enable Stats</u></b></div>
<div>
edit </div>
<div>
<br /></div>
<div>
stats enable # enable statistic pages<br />
stats hide-version <br />
stats uri /stats # statistic pages at /stats<br />
stats realm Haproxy\ Statistics <br />
stats auth username:password # Credentials for HAProxy Statistic report page.</div>
<br />
<b><u>Enable log</u></b><br />
1. edit rsyslog file<br />
# vim /etc/rsyslog.conf<br />
find and enable this<br />
<br />
# Provides UDP syslog reception<br />
$ModLoad imudp<br />
$UDPServerRun 514<br />
<br />
This will make the server listen to port 514 to collect log<br />
<br />
<div>
2. since inside haproxy.conf, it already define this</div>
<div>
log 127.0.0.1 local2</div>
<div>
<br /></div>
<div>
then we create a new file call haproxy.conf under /etc/rsyslog.d/</div>
<div>
# vim /etc/rsyslog.d/haproxy.conf</div>
<div>
<br /></div>
<div>
and put this</div>
local2.* /var/log/haproxy.log<br />
<div>
<br /></div>
<div>
3. Then restart the rsyslog service</div>
<div>
# systemctl restart rsyslog<br />
<br />
<b><u>Enable SSL</u></b><br />
<br />
1. edit the haproxy.conf and add the httpd frontend</div>
<div>
<br /></div>
<div>
<div>
frontend LBS</div>
<div>
bind 0.0.0.0:443 ssl crt /etc/haproxy/test.pem # listen to port 443, ssl crt is at /etc/haproxy/test.pem</div>
<div>
reqadd X-Forwarded-Proto:\ https</div>
<div>
default_backend LB # go to backend name LB</div>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
so the connection will be like this</div>
<div>
<span style="color: #6aa84f;">Public</span> <span style="color: orange;">-- use https secure connection --></span> <span style="color: #6aa84f;">Haproxy</span> <span style="color: orange;">-- use http --></span> <span style="color: #6aa84f;">backend server</span></div>
<div>
<br /></div>
<div>
2. if you want to enforce ssl, then add this to the backend</div>
<div>
<br /></div>
<div>
redirect scheme https if !{ ssl_fc }</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
so the final configuration will look something like this</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
frontend LB<br />
bind 0.0.0.0:80 <br />
reqadd X-Forwarded-Proto:\ http <br />
default_backend LB <br />
<br />
frontend LBS<br />
bind 172.20.101.128:443 ssl crt /etc/haproxy/test.pem<br />
reqadd X-Forwarded-Proto:\ https<br />
default_backend LB<br />
<div>
<br /></div>
backend LB<br />
mode http<br />
redirect scheme https if !{ ssl_fc }<br />
stats enable <br />
<div>
stats hide-version <br />
stats uri /stats <br />
stats realm Haproxy\ Statistics <br />
stats auth username:password </div>
balance roundrobin <br />
option httpchk<br />
option httpclose<br />
option forwardfor<br />
cookie SERVERID insert <br />
server svrv-trep-app01 172.20.101.115:80 cookie app01 check <br />
server svrv-trep-app02 172.20.101.116:80 cookie app02 check <br />
server backup-server 172.20.101.124:80 check backup </div>
<div>
<br />
<br />
<b><u>Microsite or redirrect certain sub path to other server</u></b><br />
<br />
1. define the incoming domain name<br />
acl in_domain hdr_dom(host) -i www.testing.com<br />
<br />
2. define backend server<br />
backend testing_backend<br />
balance roundrobin<br />
option httpchk GET / HTTP/1.0<br />
server test-server 172.20.1.60:80 maxconn 200 check inter 5s<br />
server maintenance 203.208.240.126:80 backup<br />
timeout server 60s<br />
<br />
3. define backend, if want to redirrect www.testing.com/camera to different server<br />
<br />
acl camera_r path -i /camera<br />
redirect location /camera/ if testing_domain camera_r<br />
acl camera path_beg -i /camera/<br />
use_backend testing_backend if in_domain camera<br />
<div>
<br /></div>
<div>
<div>
== explain ==</div>
<div>
1st line, is to define camera_r = /camera</div>
<div>
2nd line, if fall on in_domain camera_r (mean www.testing.com/camera) then redirrect to www.testing.com/camera/</div>
<div>
3rd line, is to define camera = /camera/</div>
<div>
4th line, if fall on in_domain camera (www.testing.com/camera/) then redirrect to server testing_backend</div>
</div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-22012893324909464702016-08-19T14:37:00.001+08:002016-08-19T14:37:49.483+08:00maven simple setupInstallation<br />
<br />
1. download maven<br />
<br />
2. Ensure <tt>JAVA_HOME</tt> environment variable is set and points to your JDK installation<br />
<br />
3. extract maven and put to /opt/<div>
<span style="color: blue;">tar xzvf apache-maven-3.3.9-bin.tar.gz</span><br /><br />4. make soflink<br /><span style="color: blue;">ln -s apache-maven-3.3.9 maven</span><br /><br />5. edit user .bash_profile and add this into it<br /><span style="color: blue;">export M2_HOME=/opt/maven </span></div>
<div>
<span style="color: blue;">export PATH=${M2_HOME}/bin:${PATH}
</span><br />6. exit and login again to take effect and test maven<br /><span style="color: blue;">mvn --version</span><div>
<br /></div>
<div>
7. create a new project and let it generate a new pom.xml</div>
<div>
<span style="color: blue;"><span class="pln">mvn archetype</span><span class="pun">:</span><span class="pln">generate </span><span class="pun">-</span><span class="typ">DgroupId</span><span class="pun">=</span><span class="pln">com</span><span class="pun">.</span><span class="pln">mycompany</span><span class="pun">.</span><span class="pln">app </span><span class="pun">-</span><span class="typ">DartifactId</span><span class="pun">=</span><span class="kwd">my</span><span class="pun">-</span><span class="pln">app -</span><span class="typ">DarchetypeArtifactId</span><span class="pun">=</span><span class="pln">maven</span><span class="pun">-</span><span class="pln">archetype</span><span class="pun">-</span><span class="pln">quickstart </span><span class="pun">-</span><span class="typ">DinteractiveMode</span><span class="pun">=</span><span class="kwd">false</span></span></div>
</div>
<div>
<span style="color: blue;"><span class="kwd"><br /></span></span></div>
<div>
<span style="color: blue;"><span class="kwd"><br /></span></span></div>
<div>
<span class="kwd">reference:</span></div>
<div>
<span class="kwd">https://maven.apache.org/guides/getting-started/maven-in-five-minutes.html</span></div>
<div>
<span class="kwd">http://www.tutorialspoint.com/maven/maven_environment_setup.htm</span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-12572678837774392142016-08-18T17:01:00.003+08:002016-08-18T17:01:39.915+08:00jboss fuse simple setup<u>Environment</u><div>
OS: RedHat Enterprise 7</div>
<div>
Java: Oracle jdk1.8.0_91</div>
<div>
Fuse: jboss-fuse-6.2.1.redhat-117</div>
<div>
<br /></div>
<div>
Firewall disable<br />systemctl stop firewalld<br />systemctl disable firewalld</div>
<div>
<br /></div>
<div>
SELinux disable</div>
<div>
vi /etc/selinux/config<br />change to disabled</div>
<div>
<br /><div>
<u>Java Setup</u></div>
</div>
<div>
<br /></div>
<div>
1. download Java from oracle website</div>
<div>
<br /></div>
<div>
2. edit /etc/hosts file and add your IP and hostname into it</div>
<div>
<span style="color: blue;">172.20.1.100 fuse1</span></div>
<div>
if you are setup cluster fuse, then add fuse2 and fuse3 as well to all node hosts file</div>
<div>
<br /></div>
<div>
3. unzip java and put to /opt</div>
<div>
then make softlink</div>
<span style="color: blue;">ln –s jdk1.8.0_91 jdk1.8.0</span><div>
this is to easy to upgrade java in future. just extract new update java and change the softlink pointing</div>
<div>
then add following line to .bash_profile</div>
<span style="color: blue;">export JAVA_HOME=/opt/jdk1.8.0</span><div>
<br /></div>
<div>
4. exit and login again to make java take effect and test by using this command</div>
<div>
<span style="color: blue;">java -version</span></div>
<div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<u>Fuse Setup</u></div>
<div>
<br /></div>
<div>
<b>NODE 1</b></div>
<div>
1. unzip jboss fuse to /opt and make a softlink as well</div>
<span style="color: blue;">ln –s jboss-fuse-full-6.2.1-redhat-117 fuse</span></div>
<div>
<br /></div>
2. edit <fuse-install-dir>/etc/system.properties to rename karaf instance as fuse1 (from root):<br /><span style="color: blue;"># Name of this Karaf instance<br />karaf.name=fuse1</span><div>
<div>
<br /></div>
<div>
3. start fuse</div>
<div>
<span style="color: blue;">cd /opt/fuse</span></div>
<div>
<span style="color: blue;">bin/fuse</span></div>
<div>
<br /></div>
4. From the Fuse CLI, create an ESB admin user using the following command, substitute <user name> and <user password> with actual values:<br /><span style="color: blue;">esb:create-admin-user --new-user <user name> --new-user-password <user password></span></div>
<div>
<br /></div>
5. Shutdown Fuse and restart as a background service using:<div>
<span style="color: blue;">bin/start</span></div>
<div>
<br /></div>
<div>
6. Connect to Fuse using admin user created above:<br /><span style="color: blue;">bin/client –u <user name> -p <user password></span><br /></div>
<div>
7. Next create Fabric:<br /><span style="color: blue;">fabric:create --zookeeper-password <zookeeper-password> --zookeeper-data-dir zkdata<br />--resolver localhostname --wait-for-provisioning</span><br /></div>
<div>
8. As a practice, we do not deploy application services to root containers, so we can remove the jboss-fuse-full profile from the container:<br /><span style="color: blue;">container-remove-profile fuse1 jboss-fuse-full</span><div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<b>NODE 2 & NODE 3</b></div>
1. After unzip, JBoss Fuse will be installed in /opt/jboss-fuse-full-6.2.1-redhat-117. For convenience, create a symbolic link:<br /><span style="color: blue;">cd /opt/dportal<br />ln –s jboss-fuse-full-6.2.1-redhat-117 fuse</span><br /></div>
<div>
2. edit <fuse-install-dir>/etc/system.properties to rename karaf instance as fuse2 and fuse3 (from root), respectively:<br />Node 2 (172.20.1.101):<br /><span style="color: blue;"># Name of this Karaf instance<br />karaf.name=fuse2</span><br />Node 3 (171.20.1.102):<br /><span style="color: blue;"># Name of this Karaf instance<br />karaf.name=fuse3</span><br /></div>
<div>
3. Start Fuse:<br /><span style="color: blue;">$ cd /home/fmsapps/fuse<br />$ bin/fuse</span><br /></div>
<div>
4. Join fabric<br /><span style="color: blue;">fabric:join --zookeeper-password <zookeeper-password> --resolver localhostname<br />fuse1:2181</span><br /></div>
<div>
5. Shutdown Fuse and restart as a background service using:<br /><span style="color: blue;">$ bin/start</span><br /></div>
<div>
6. Connect to Fuse using admin user created above:<br /><span style="color: blue;">$ bin/client –u <user name> -p <user password></span><br /></div>
At this point, 3 JBoss Fuse Fabric containers were created and started.<br />On 172.20.1.100 (fuse1), log in to Fuse Fabric CLI and issue the following command to create an <br />ensemble.<br /><span style="color: blue;">JBossFuse:fuseadmin@utdrvfuse1> ensemble-add utdrvfuse2 utdrvfuse3</span><br /><br /><div>
Once the command is completed, the fabric container list should be similar to:<br /><span style="color: blue;">JBossFuse:fabric@fuse1> container-list<br /> [id] [version][connected] [profiles] [provision status]<br /> utdrvfuse1* 1.0 yes fabric, fabric-ensemble-0001-1 success<br /> utdrvfuse2 1.0 yes fabric, fabric-ensemble-0001-2 success<br /> utdrvfuse3 1.0 yes fabric, fabric-ensemble-0001-3 success</span><br />The Fuse setup is complete. Fuse management console can be accessed from http://172.20.1.100:8181</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-21457335128650679242016-08-15T10:34:00.004+08:002016-08-15T10:34:51.814+08:00LinkChecker<div class="MsoNormal">
<b><u><span style="font-size: 14.0pt; line-height: 107%;">Install Linckecker<o:p></o:p></span></u></b></div>
<div class="MsoNormal">
<a href="http://wummel.github.io/linkchecker/">http://wummel.github.io/linkchecker/</a><o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
# <span style="color: blue;">wget --no-check-certificate https://pypi.python.org/packages/source/L/LinkChecker/LinkChecker-9.3.tar.gz</span><o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><u>Got 2 way to install</u></b></div>
<div class="MsoNormal">
<span style="text-indent: -0.25in;"><br /></span></div>
<div class="MsoNormal">
</div>
<ul>
<li><span style="text-indent: -0.25in;">Manual installation where you download the
source and initiate install yourself</span></li>
<li><span style="text-indent: -0.25in;">Auto install Linckecker by using pip</span></li>
</ul>
<br />
<div class="MsoNormal">
<span style="text-indent: -0.25in;"><br /></span></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<o:p></o:p></div>
<div class="MsoNormal">
<u><span style="font-size: 12.0pt; line-height: 107%;">Manual Installation<o:p></o:p></span></u></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
For
Centos/RHEL 6 -> enable Software Collection to install Python 2.7<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
For
Centos/RHEL 7 -> just use yum install python<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<u>Enable Software collection<o:p></o:p></u></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
RHEL -> #
<span style="color: blue;">subscription-manager repos --enable rhel-server-rhscl-6-rpms</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
Centos ->
# <span style="color: blue;">yum install centos-release-scl</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
Then install
python27<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
# <span style="color: blue;">yum
install python27</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
You need to
enable it in order to use<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
# <span style="color: blue;">scl enable
python27 bash</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
Install the
remain package needed to run<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
#<span style="color: blue;"> yum
install gcc python-requests qt-devel</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
On How to
install, you can read the doc at LinkChecker-9.3/doc/install.txt<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="color: blue;"># make -C
doc/html<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="color: blue;"># python
setup.py sdist --manifest-only<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="color: blue;"># python
setup.py build<o:p></o:p></span></div>
<br />
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="color: blue;"># python
setup.py install</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
You can test
run by using this command<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
#
<span style="color: blue;">linkchecker www.google.com -Fcsv//tmp/google.csv</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<o:p><br /></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<u>Troubleshooting<o:p></o:p></u></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
If you
encounter this error “This program requires Python requests 2.2.0 or later”
when you test run.<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
Downgrade
the request version as Linkcheck 9.3 having bug with request ver 10<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
Downgrade
using pip<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
# <span style="color: blue;">yum
install python27-python-pip</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
# <span style="color: blue;">pip
install requests==2.9.2</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-size: 12.0pt; line-height: 107%;"><br /></span></u></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-size: 12.0pt; line-height: 107%;"><br /></span></u></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-size: 12.0pt; line-height: 107%;"><br /></span></u></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-size: 12.0pt; line-height: 107%;">Auto Installation</span></u><span style="font-size: 12.0pt; line-height: 107%;"><o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-size: 12.0pt; line-height: 107%;"># <span style="color: blue;">yum install gcc </span></span><span style="color: blue;">qt-devel</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
Enable
software collection if you using Centos/RHEL 6 and install python27 & python27-python-pip<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
# <span style="color: blue;">yum
install python27-python-pip python27</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
Then install
Linkchecker using pip <o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
# <span style="color: blue;">scl enable
python27 bash</span><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
# <span style="color: blue;">pip
install LinkChecker</span><span style="font-size: 12.0pt; line-height: 107%;"><o:p></o:p></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-8679632932251527882016-07-12T11:45:00.000+08:002021-09-07T16:40:53.057+08:00spoof DNS using kali linux1. locate a file by the name etter.dns<br />
#locate etter.dns<br />
<div>
<br /></div>
<div>
2. open the file using nano/vi/vim</div>
<div>
<br /></div>
<div>
3. edit after the line "<em style="background: rgb(255, 255, 255); border: 0px; color: #464241; font-family: "Open Sans"; font-size: 16px; line-height: 24px; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">*wildcards in PTR are not allowed"</em></div>
example, you can add this below that line<br />
<div>
<span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;">www.msn.com A 192.168.1.8</span></div>
<div>
<span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;"><br /></span></div>
<div>
<span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;">4. go to </span><span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;">/proc/sys/net/ipv4 and edit </span><span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;">ip_forward to 1</span></div>
<div>
<span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;"><br /></span></div>
<div>
<span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;">5. start the ettercap</span></div>
<div>
<span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;">ettercap -T -q -M arp:remote -P dns_spoof</span></div>
<div>
<span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;"><br /></span></div>
<div>
<span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;">(enter q to abort)</span><br />
<span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;"><br /></span>
<span style="background-color: white; color: #464241; font-family: "open sans"; font-size: 16px; line-height: 24px;">reference</span><br />
<span style="background-color: white; color: #464241; font-family: open sans; line-height: 24px;">https://www.cybrary.it/0p3n/infosec-101-dns-spoof/</span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-19754915676685061222016-04-18T12:06:00.001+08:002016-04-18T12:06:33.178+08:00mariadb clusterEnvironment i using<br />OS: RHEL7<br />
database: MariaDB 10.1.13<br />
firewalld: off<br />SElinux: off<br />
<br />
===== Install MariaDB =====<br />
<br />
default in your OS, it had mariadb include in yum repo but it was using old version.<br />Please add this repo to enable the latest version officially from MariaDB<br />
<br />
# vim /etc/yum.repo.d/mariadb.repo<br />
<br />
---------- mariadb.repo ----------<br />
<br />
[mariadb]<br />
name = MariaDB<br />
baseurl = http://yum.mariadb.org/10.1/rhel7-amd64<br />
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB<br />
gpgcheck=1<br />
<div>
<br /></div>
<div>
---------- END ----------</div>
<div>
<br /></div>
<div>
for the baseurl, if you are using centos or other, you can check it at here for the path</div>
<div>
<a href="http://yum.mariadb.org/10.1/">http://yum.mariadb.org/10.1/</a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
install mariadb using this command<br /><br /># yum install mariadb-server</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
===== Setup MaridDB for Cluster =====</div>
<div>
<br /></div>
<div>
open and edit my.cnf</div>
<div>
add the section in red color</div>
<div>
<br /></div>
<div>
# vim /etc/my.cnf</div>
<div>
<br /></div>
<div>
---------- my.cnf ----------</div>
<div>
<div>
#</div>
<div>
# This group is read both both by the client and the server</div>
<div>
# use it for options that affect everything</div>
<div>
#</div>
<div>
[client-server]</div>
<div>
<br /></div>
<div>
#</div>
<div>
# include all files from the config directory</div>
<div>
#</div>
<div>
!includedir /etc/my.cnf.d</div>
<div>
<br /></div>
</div>
<div>
<div>
<span style="color: red;">[galera]</span></div>
<div>
<span style="color: red;"><br /></span></div>
<div>
<span style="color: red;">wsrep_on=ON</span></div>
<div>
<span style="color: red;">wsrep_provider=/usr/lib64/galera/libgalera_smm.so</span></div>
<div>
<span style="color: red;">binlog_format=ROW</span></div>
<div>
<span style="color: red;">wsrep_cluster_address='gcomm://'</span></div>
<div>
<span style="color: red;">wsrep_cluster_name='galera_cluster'</span></div>
<div>
<span style="color: red;">wsrep_node_name='node1'</span></div>
</div>
<div>
<br /></div>
<div>
---------- END ----------</div>
<div>
<br /></div>
<div>
for the 2nd database, just repeat the installation step but at my.cnf you need to edit the</div>
<div>
<span style="color: red;">wsrep_cluster_address='gcomm://<node 1 IP address>'</span></div>
<div>
<span style="color: red;">wsrep_node_name='node2'</span></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Start both databases</div>
<div>
# systemctl start mariadb</div>
<div>
<br /></div>
<div>
login to mysql and you can check if it was success</div>
<div>
<br /></div>
<div>
<div>
MariaDB [(none)]> SHOW STATUS LIKE 'wsrep_cluster_size';</div>
<div>
+--------------------+-------+</div>
<div>
| Variable_name | Value |</div>
<div>
+--------------------+-------+</div>
<div>
| wsrep_cluster_size | 2 |</div>
<div>
+--------------------+-------+</div>
<div>
1 row in set (0.01 sec)</div>
</div>
<div>
<br /></div>
<div>
this shown above indicate got 2 node mean it was success.</div>
<div>
<br /></div>
<div>
you can check for other info using this command</div>
<div>
<br /></div>
<div>
MariaDB [(none)]> show global status like 'wsrep_%';</div>
Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-4404297455070980293.post-60937537631087575742016-04-11T16:33:00.000+08:002016-04-11T16:33:38.833+08:00SSH Login Bannerthere are 2 type of banner<br />
1 is show before you login<br />
and another is show after you success login<br />
<br />
-------------------------------------------------------------------<br />
Show before login<br />
<br />
by default, there already prepare a banner for us but is not used.<br />
it located at /etc/issue.net<br />
it show the kernel version as banner at login<br />
you can use this or use your own script<br />
just create a file example<br />
# vim /etc/ssh/banner<br />
and put something like this<br />
<br />
#####################<br />
# #<br />
# Welcome to Centos 7 #<br />
# #<br />
####################<br />
<br />
then enable the banner<br />
# vim /etc/ssh/sshd_config<br />
find and edit this<br />
<br />
# no default banner path<br />
#Banner none<br />
<div>
<br /></div>
<div>
to</div>
<div>
<br /></div>
<div>
<div>
# no default banner path</div>
<div>
Banner /etc/ssh/banner</div>
</div>
<div>
<br /></div>
<div>
then restart the sshd service</div>
<div>
-----------------------------------------------------------------</div>
<div>
<br /></div>
<div>
Show after success login</div>
<div>
<br /></div>
<div>
# vim /etc/motd</div>
<div>
<br /></div>
<div>
and edit to your like</div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-74506593666719101162016-04-11T16:30:00.001+08:002016-05-16T14:53:34.464+08:00setup Liferay 7 tomcat bundle + clusterOS = CentOS Linux release 7.2.1511 (Core)<br />
<div>
Liferay version = liferay-portal-tomcat-7.0-ce-<wbr></wbr>ga1-20160331161017956</div>
<div>
Java = java version "1.7.0_79"<br />
<br />
<span style="color: blue;">===== Liferay =====</span><br />
<br />
1. download java and install it<br />
for mine i download oracle java sdk 7 at<br />
<a href="http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html">http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html</a><br />
download the rpm for easy install and upgrade<br />
# yum localinstall jdk-7u79-linux-x64.rpm<br />
<br />
2. download liferay and extract it.<br />
for mine, i extract and put it at /opt<br />
then i rename it to liferay so it will become /opt/liferay<br />
<br />
3. go to /opt/liferay/tomcat-8.0.32/bin<br />
test run 1 times to confirm it was working with default settings<br />
# ./startup.sh<br />
use browser and try access it at<br />
<server ip>:8080<br />
and stop it after confirm working<br />
# shutdown.sh<br />
<br />
4. install tomcat native for better performance<br />
at bin directory, extract tomcat-native.tar.gz and navigate to native directory inside it<br />
# ./configure --with-apr=/usr/bin/apr-1-config --with-java-home=/usr/java/default --with-ssl=/usr/bin/openssl --prefix=/usr<br />
# make<br />
# make install<br />
<br />
5. back to bin directory and extract commons-daemon-native.tar.gz<br />
navigate into unix folder<br />
# ./configure --with-java=/usr/java/default<br />
# make<br />
# cp jsvc ../..<br />
<br />
6. add tomcat user for liferay to run instead of using root<br />
# useradd tomcat<br />
# chown -R tomcat: /opt/liferay<br />
<br />
7. at tomcat bin directory, edit setenv.sh and change the Xmx value to suit your server memory.<br />
for mine, i also had manual set Xms value as well<br />
<br />
<span style="color: blue;">====== startup script =====</span><br />
<br />
since it is using systemd for centos7, below is the guide on how to add<br />
# cd /etc/systemd/system<br />
# vim tomcat.service<br />
<br />
=== tomcat.service ===<br />
<br />
# Systemd unit file for tomcat<br />
[Unit]<br />
Description=Apache Tomcat Web Application Container<br />
After=syslog.target network.target<br />
<br />
[Service]<br />
Type=forking<br />
#ExecStart=/etc/init.d/tomcat start<br />
ExecStart=/opt/liferay/tomcat/bin/startup.sh<br />
ExecStop=/opt/liferay/tomcat/bin/shutdown.sh<br />
User=tomcat<br />
Group=tomcat<br />
<br />
TimeoutStartSec=0<br />
TimeoutStopSec=600<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<br />
=== END ===<br />
<br />
enable it to run at startup<br />
# systemctl enable tomcat.service<br />
<br />
now you can test use systemctl to start and stop to confirm it working<br />
# systemctl start tomcat<br />
# systemctl stop tomcat<br />
<br />
monitor the log at /opt/liferay/tomcat/logs/catalina.out<br />
to make sure it fully startup without error<br />
<br />
<br />
<span style="color: blue;">===== Apache =====</span><br />
<br />
you either can use your firewall to redirrect port 8080 to port 80<br />
or<br />
use mod_jk for port 80 to 8080<br />
<br />
<br />
<br />
<br />
<span style="color: blue;">===== cluster =====</span><br />
<br />
1. edit <liferay>/tomcat/conf/context.xml<br />
change <Context><br />
to <Context distributable="true"><br />
<br />
2. edit server.xml<br />
change <Engine name="Catalina" defaultHost="localhost"><br />
to <Engine name="Catalina" defaultHost="localhost" jvmRoute="node1"><br />
then below it add this as well<br />
<br />
=== server.xml ===<br />
<br />
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"<br />
channelSendOptions="6"><br />
<br />
<Manager className="org.apache.catalina.ha.session.BackupManager"<br />
expireSessionsOnShutdown="false"<br />
notifyListenersOnReplication="true"<br />
mapSendOptions="6"/><br />
<br />
<br />
<Channel className="org.apache.catalina.tribes.group.GroupChannel"><br />
<Membership className="org.apache.catalina.tribes.membership.McastService"<br />
address="228.0.0.4"<br />
port="45564"<br />
frequency="500"<br />
dropTime="3000"/><br />
<Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver"<br />
address="auto"<br />
port="5000"<br />
selectorTimeout="100"<br />
maxThreads="6"/><br />
<br />
<Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter"><br />
<Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/><br />
</Sender><br />
<Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/><br />
<Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/><br />
<Interceptor className="org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor"/><br />
</Channel><br />
<br />
<Valve className="org.apache.catalina.ha.tcp.ReplicationValve"<br />
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/><br />
<br />
<ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/><br />
</Cluster><br />
=== end ===<br />
<br />
3. edit <liferay>/tomcat/conf/Catalina/localhost/ROOT.xml and add this into it<br />
<br />
=== ROOT.xml ===<br />
<br />
<Resource<br />
name="jdbc/LiferayPool"<br />
auth="Container"<br />
type="javax.sql.DataSource"<br />
driverClassName="com.mysql.jdbc.Driver"<br />
url="jdbc:mysql://<span style="color: red;"><DB IP></span>/<span style="color: red;"><DB name></span>?useUnicode=true&amp;characterEncoding=UTF-8"<br />
username="<span style="color: red;">DB username</span>"<br />
password="<span style="color: red;">DB password</span>"<br />
maxActive="100"<br />
maxIdle="30"<br />
maxWait="60000"<br />
/><br />
<br />
=== end ===<br />
<br />
4. then at <liferay>/tomcat/webapps/ROOT/WEB-INF/classes, create portal-ext.properties file and put this into it<br />
<br />
=== portal-ext.properties ===<br />
<br />
jdbc.default.jndi.name=jdbc/LiferayPool<br />
<br />
=== end ===<br />
<br /></div>
Unknownnoreply@blogger.com7tag:blogger.com,1999:blog-4404297455070980293.post-53550038645957702032016-03-02T03:15:00.000+08:002017-03-13T00:52:39.727+08:00deploy liferay EE into Jboss 6 EAP manuallyi am using Jboss EAP 6.4<br />
<div>
with java 1.7.0_79</div>
<div>
and for liferay, i am deploying Liferay Portal 6.2 EE SP14</div>
<div>
with Liferay Portal 6.2 EE SP14 Dependencies<br />
the dependencies is needed in order for liferay to run if you build yourself</div>
<div>
<br /></div>
<div>
unzip the jboss eap and install the java</div>
<div>
create a folder call liferay and put extracted jboss into it</div>
<div>
<br /></div>
<div>
for mine, i put the liferay at /opt , it will look like this</div>
<div>
/opt/liferay/jboss</div>
<div>
<br /></div>
<div>
<h3>
1. deploy dependencies</h3>
</div>
<div>
<br /></div>
<div>
cd to jboss folder and make new dir like this</div>
<div>
<jboss>/modules/com/liferay/portal/main</div>
<div>
<br /></div>
<div>
unzip liferay-portal-dependencies-6.2-ee-sp14 and put all into <jboss>/modules/com/liferay/portal/main</div>
<div>
put the mysql connector there as well if you using mysql</div>
<div>
<br /></div>
<div>
at the same directory, create a file name module.xml</div>
<div>
and put this into it</div>
<div>
<br /></div>
<div>
<div>
<span style="color: blue;"><?xml version="1.0"?></span></div>
<div>
<span style="color: blue;"><br /></span></div>
<div>
<span style="color: blue;"><module xmlns="urn:jboss:module:1.0" name="com.liferay.portal"></span></div>
<div>
<span style="color: blue;"> <resources></span></div>
<div>
<span style="color: blue;"> <resource-root path="hsql.jar" /></span></div>
<div>
<span style="color: blue;"><br /></span></div>
<div>
<span style="color: blue;"> <resource-root path="portal-service.jar" /></span></div>
<div>
<span style="color: blue;"> <resource-root path="portlet.jar" /></span></div>
<div>
<span style="color: blue;"> <resource-root path="mysql-connector-java-5.1.38-bin.jar" /></span></div>
<div>
<span style="color: blue;"> </resources></span></div>
<div>
<span style="color: blue;"> <dependencies></span></div>
<div>
<span style="color: blue;"> <module name="ibm.jdk" /></span></div>
<div>
<span style="color: blue;"> <module name="javax.api" /></span></div>
<div>
<span style="color: blue;"> <module name="javax.mail.api" /></span></div>
<div>
<span style="color: blue;"> <module name="javax.servlet.api" /></span></div>
<div>
<span style="color: blue;"> <module name="javax.servlet.jsp.api" /></span></div>
<div>
<span style="color: blue;"> <module name="javax.transaction.api" /></span></div>
<div>
<span style="color: blue;"> </dependencies></span></div>
<div>
<span style="color: blue;"></module></span></div>
</div>
<div>
<br /></div>
<div>
please edit the mysql name to match yours</div>
<div>
<br /></div>
<div>
<h3>
2. Jboss configuration</h3>
<h4>
<span style="color: orange;">part 1</span></h4>
go to liferay/jboss/standalone/configuration/<br />
and edit standalone.xml<br />
between the </extensions> and <management> (note: should be around line 27 - 30 )<br />
add this into it<br />
<br />
<div>
<div>
<span style="color: mediumblue;"><em><system-properties></em></span></div>
<div>
<span style="color: mediumblue;"><em> <property name="org.apache.catalina.connector.URI_ENCODING" value="UTF-8"/></em></span></div>
<div>
<span style="color: mediumblue;"><em> <property name="org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING" value="true"/></em></span></div>
<div>
<span style="color: mediumblue;"><em></system-properties></em></span></div>
</div>
</div>
<div>
<span style="color: mediumblue;"><em><br /></em></span></div>
<h4>
<span style="color: orange;">part 2</span></h4>
<div>
then search <strong style="line-height: 1.5;">deployment-scanner</strong></div>
<div>
<span style="line-height: 1.5;">and add </span><span style="color: mediumblue;"><span style="line-height: 1.5;">deployment-timeout="240"</span></span></div>
<div>
<em><span style="color: mediumblue;"><span style="line-height: 1.5;"><strong><br /></strong></span></span></em></div>
<div>
<span style="line-height: 1.5;">it will look something like this</span></div>
<div>
<span style="line-height: 24px;"><deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" <span style="color: blue;">deployment-timeout="240"</span>/></span></div>
<div>
<span style="line-height: 24px;"><br /></span></div>
<h4>
<span style="line-height: 24px;"><span style="color: orange;">part 3</span></span></h4>
<div>
<span style="line-height: 24px;">then search for </span><strong style="line-height: 1.5;"><subsystem xmlns="urn:jboss:domain:security:1.2"></strong></div>
<div>
<span style="line-height: 1.5;">and add this into it</span></div>
<div>
<span style="line-height: 1.5;"><br /></span></div>
<div>
<div>
<span style="color: mediumblue;"><em><span style="line-height: 1.5;"><security-domain name="PortalRealm"></span></em></span></div>
<div>
<span style="color: mediumblue;"><em> <authentication></em></span></div>
<div>
<span style="color: mediumblue;"><em> <login-module code="com.liferay.portal.security.jaas.PortalLoginModule" flag="required" /></em></span></div>
<div>
<span style="color: mediumblue;"><em> </authentication></em></span></div>
<div>
<span style="color: mediumblue;"><em></security-domain></em></span></div>
</div>
<div>
<br /></div>
<div>
it will look something like this</div>
<div>
<br /></div>
<div>
<div>
<subsystem xmlns="urn:jboss:domain:security:1.2"></div>
<div>
<security-domains></div>
<div>
<security-domain name="other" cache-type="default"></div>
<div>
<authentication></div>
<div>
<login-module code="Remoting" flag="optional"></div>
<div>
<module-option name="password-stacking" value="useFirstPass"/></div>
<div>
</login-module></div>
<div>
<login-module code="RealmDirect" flag="required"></div>
<div>
<module-option name="password-stacking" value="useFirstPass"/></div>
<div>
</login-module></div>
<div>
</authentication></div>
<div>
</security-domain></div>
<div>
<security-domain name="jboss-web-policy" cache-type="default"></div>
<div>
<authorization></div>
<div>
<policy-module code="Delegating" flag="required"/></div>
<div>
</authorization></div>
<div>
</security-domain></div>
<div>
<security-domain name="jboss-ejb-policy" cache-type="default"></div>
<div>
<authorization></div>
<div>
<policy-module code="Delegating" flag="required"/></div>
<div>
</authorization></div>
<div>
</security-domain></div>
<div>
<span style="color: blue;"><security-domain name="PortalRealm"></span></div>
<div>
<span style="color: blue;"> <authentication></span></div>
<div>
<span style="color: blue;"> <login-module code="com.liferay.portal.security.jaas.PortalLoginModule" flag="required" /></span></div>
<div>
<span style="color: blue;"> </authentication></span></div>
<div>
<span style="color: blue;"> </security-domain></span></div>
<div>
</security-domains></div>
<div>
</subsystem></div>
</div>
<div>
<br /></div>
<h4>
<span style="color: orange;">part 4</span></h4>
<div>
search <span style="color: blue;">enable-welcome-root</span> and change it to false</div>
<div>
<br /></div>
<div>
<virtual-server name="default-host" enable-welcome-root="false"></div>
<div>
<br /></div>
<h3>
3. deploy Liferay war</h3>
<div>
create ROOT.war folder in liferay/jboss/standalone/deployments</div>
<div>
extract the Liferay <strong>.war </strong>file into the <strong>ROOT.war </strong>folder</div>
<div>
<br /></div>
<div>
# jar -xvf liferay.war</div>
<div>
<br /></div>
<div>
at the same level with ROOT.war, create empty file call ROOT.war.dodeploy</div>
<div>
# touch ROOT.war.dodeploy</div>
<div>
<br />
In the ROOT.war file, open the <code>WEB-INF/jboss-deployment-structure.xml</code> file. In this file, replace the <code><module name="com.liferay.portal" /></code> dependency with the following configuration:<br />
<br />
<pre><span style="font-family: Arial, Helvetica, sans-serif; line-height: 1.5;"><module <span style="color: blue;">meta-inf="export"</span> name="com.liferay.portal">
</span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 1.5;"> <imports>
</span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 1.5;"> <include path="META-INF" />
</span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 1.5;"> </imports>
</span><span style="font-family: Arial, Helvetica, sans-serif; line-height: 1.5;"></module></span></pre>
<br />
This allows OSGi plugins like Audience Targeting to work properly, by exposing the Portal API through the OSGi container.<br />
<br />
reference:<br />
1. https://www.liferay.com/group/customer/knowledge/kb/-/knowledge_base/article/23340173 (must login liferay first)</div>
<span style="line-height: 1.5;"></span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-75790362735336360292015-12-30T11:34:00.001+08:002016-04-07T16:32:18.735+08:00Liferay bundle with jboss + RHEL 7This is the instruction on how to install jboss on Redhat Enterprise Linux 7 (RHEL 7)<br />
<br />
you can signup and download Liferay from<br />
<a href="https://www.liferay.com/downloads/liferay-portal/available-releases">https://www.liferay.com/downloads/liferay-portal/available-releases</a><br />
<br />
for my case, i created /opt<br />
and unzip the zip file into it<br />
# unzip liferay-portal-jboss-6.2-ee-sp14-20151105114451508.zip<br />
<br />
before we start anything, i had manual downloaded Java JDK 7 release 79 and install it<br />
<a href="http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html">http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html</a><br />
<br />
once you extract out liferay, please try to run it to confirm the file you download is working<br />
# cd /opt/<Liferay>/<jboss-version>/bin<br />
# ./standalone.sh<br />
<br />
you can test it by access 127.0.0.1:8080 with browser<br />
by default, standalone is listen to 127.0.0.1 only and if your Linux didnt install with gui, you need to mortify it.<br />
CTRL + C to stop the jboss<br />
<br />
# cd ..<br />
# cd standalone/configuration/<br />
# vim standalone.xml<br />
<br />
---------------- Default -------------------<br />
<interfaces><br />
<interface name="management"><br />
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/><br />
</interface><br />
<interface name="public"><br />
<inet-address value="${jboss.bind.address:127.0.0.1}"/><br />
</interface><br />
<interface name="unsecure"><br />
<inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/><br />
</interface><br />
</interfaces><br />
<br />
-------------- Change to -----------------<br />
<interfaces><br />
<interface name="management"><br />
<inet-address value="${jboss.bind.address.management:<span style="color: red;"><your server ip></span>}"/><br />
</interface><br />
<interface name="public"><br />
<inet-address value="${jboss.bind.address:<span style="color: red;"><your server ip></span>}"/><br />
</interface><br />
<interface name="unsecure"><br />
<inet-address value="${jboss.bind.address.unsecure:<span style="color: red;"><your server ip></span>}"/><br />
</interface><br />
</interfaces><br />
<br />
----------------------------------------------<br />
<br />
restart the jboss liferay and test again using your <server-IP>:8080<br />
# cd ../../bin/<br />
# ./standalone.sh<br />
<br />
<br />
---------------- Connecting to MySQL Database ---------------------<br />
you need to download the mysql connector from<br />
https://www.mysql.com/products/connector/<br />
choose <span style="background-color: white; color: #555555; font-family: "open sans" , "arial" , "helvetica" , sans-serif; font-size: 12.312px; line-height: 19.6992px;">JDBC Driver for MySQL (Connector/J)</span><br />
extract the file and copy the mysql-connector-java-5.1.38-bin.jar<br />
to this location<br />
/opt/<Liferay-location/<jboss-version>/modules/com/liferay/portal/main/<br />
edit the module.xml<br />
add this under <resource><br />
<resource-root path="mysql-connector-java-5.1.38-bin.jar" /><br />
<br />
example:<br />
<br />
<resources><br />
<resource-root path="hsql.jar" /><br />
<resource-root path="jtds.jar" /><br />
<span style="color: red;"><resource-root path="mysql-connector-java-5.1.38-bin.jar" /></span><br />
<resource-root path="portal-service.jar" /><br />
<resource-root path="portlet.jar" /><br />
<resource-root path="postgresql.jar" /><br />
</resources><br />
<br />
------------------ Configure httpd to divert traffic to Liferay jboss ------------------<br />
Download and install httpd-devel<br />
# yum install httpd-devel<br />
<br />
download mod_jk from<br />
https://tomcat.apache.org/download-connectors.cgi<br />
extract it the file, configure, make and make install<br />
it will automatic deploy the mod_jk into your apache<br />
<br />
If you encounter error saying<br />
<span style="color: blue;">no apache given</span><br />
<span style="color: blue;">no netscape given</span><br />
<span style="color: blue;">configure: error: Cannot find the WebServer</span><br />
<span style="color: blue;"><br /></span>
then you need to configure --with-apxs<br />
but before that, find out your apxs location<br />
# find / -iname apxs<br />
# ./configure --with-apxs=/usr/bin/apxs<br />
<br />
now go to /etc/httpd/conf.d/<br />
create worker.properties file and put this into it<br />
# vim worker.properties<br />
<br />
worker.list=worker1,node1,status<br />
worker.jkstatus.type=status<br />
<br />
#node1<br />
worker.node1.port=8009<br />
worker.node1.host=172.20.17.64<br />
worker.node1.type=ajp13<br />
worker.node1.lbfactor=1<br />
worker.node1.ping_mode=A<br />
<br />
# Load-balancing behaviour<br />
worker.worker1.type=lb<br />
worker.worker1.balance_workers=node1<br />
worker.worker1.sticky_session=1<br />
<br />
<br />
then create mod_jk.conf file and put this into it<br />
# vim mod_jk.conf<br />
<br />
LoadModule jk_module modules/mod_jk.so<br />
<br />
<IfModule mod_jk.c><br />
JkWorkersFile /etc/httpd/conf.d/worker.properties<br />
JkShmFile /var/log/httpd/mod_jk.shm<br />
JkLogFile /var/log/httpd/mod_jk.log<br />
JkLogLevel info,debug<br />
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "<br />
<br />
JkMount /* worker1<br />
</IfModule><br />
<br />
<br />
Before we start apache, we need to configure the jboss to listen to port 8009 AJP1.3<br />
by default it was disable at standalone.xml<br />
<br />
# cd /opt/liferay-portal-6.2-ee-sp14/jboss-7.1.1/standalone/configuration/<br />
# vim standalone.xml<br />
<br />
----- default ------<br />
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false"><br />
<configuration><br />
<jsp-configuration development="true"/><br />
</configuration><br />
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/><br />
<virtual-server name="default-host" enable-welcome-root="false"><br />
<alias name="localhost"/><br />
<alias name="example.com"/><br />
</virtual-server><br />
</subsystem><br />
<br />
------- change to --------<br />
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false"><br />
<configuration><br />
<jsp-configuration development="true"/><br />
</configuration><br />
<connector name="<span style="color: red;">ajp</span>" protocol="<span style="color: red;">AJP/1.3</span>" scheme="http" socket-binding="<span style="color: red;">ajp</span>"/><br />
<virtual-server name="default-host" enable-welcome-root="false"><br />
<alias name="localhost"/><br />
<alias name="example.com"/><br />
</virtual-server><br />
</subsystem><br />
<div>
-----------------------------</div>
<div>
<br /></div>
<div>
Start jboss and httpd service and test it by accessing your server ip without port 8080</div>
<div>
once success to see the pages, now we need to create a startup script</div>
<div>
<br /></div>
<div>
---------- startup --------------</div>
<div>
<br /></div>
<div>
by default, in jboss/bin/init.d directory, it already have the startup script name jboss-as-standalone.sh</div>
<div>
If you are using RHEL 6 or before, you can just make a symlink from /etc/init.d/jboss and point to this file</div>
<div>
for RHEL7, it a bit tricky since it use systemd</div>
<div>
<br /></div>
<div>
but before that, edit the jboss-as-standalone.sh and define the </div>
<div>
JBOSS_CONF="/opt/<span style="color: red;"><liferay-location></span>/<span style="color: red;"><jboss-ver></span>/bin/init.d/jboss-as.conf"</div>
<div>
JBOSS_HOME=/opt/<span style="color: red;"><liferay-location></span>/<span style="color: red;"><jboss-ver></span></div>
<br />
then go to /usr/lib/systemd/system<br />
create jboss.service file and put this<br />
<br />
[Unit]<br />
Description=Jboss Application Server<br />
After=syslog.target<br />
After=network.target<br />
<br />
<br />
[Service]<br />
Type=forking<br />
PIDFile=/var/run/jboss-as/jboss-as-standalone.pid<br />
ExecStart=/opt/<span style="color: red;"><liferay-location></span>/<span style="color: red;"><jboss-ver></span>/bin/init.d/jboss-as-standalone.sh start<br />
ExecStop=/opt/<span style="color: red;"><liferay-location></span>/<span style="color: red;"><jboss-ver></span>/bin/init.d/jboss-as-standalone.sh stop<br />
TimeoutStartSec=300<br />
TimeoutStopSec=300<br />
<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
<div>
<br /></div>
<br />
then go to /etc/systemd/system/multi-user.target.wants and create symlink point to the file just now<br />
then enable this for startup list<br />
# systemctl enable jboss.service<br />
<br />
<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-82962294599166955282015-08-10T14:30:00.005+08:002021-09-07T16:42:09.868+08:00man in the middle - hackinguse netdiscover to find out ip if uncertain which IP range it use<br />
use nmap to find out more info<br />
# nmap 172.20.1.30<br />
or<br />
# nmap 172.20.1.1/24<br />
<br />
used command<br />
Arpspoof<div>
Driftnet</div>
<div>
<br /></div>
<div>
setup port forwarding<br />Change the value in your /proc/sys/net/ipv4/ip_forward from 0 to 1 - See more at: http://www.hacking-tutorial.com/tips-and-trick/how-to-set-up-port-forwarding-in-linux-and-windows/#sthash.YQIMORR4.dpuf</div>
<div>
<br /></div>
<div>
<br /></div>
<br /><br />Victim IP address : 192.168.8.90<br /><br />Attacker network interface : eth0; with IP address : 192.168.8.93<br /><br />Router IP address : 192.168.8.8<div>
<br /></div>
And then setting up arpspoof from to capture all packet from router to victim.<div>
# 168.8.90 192.168.8.8<br /><br />After step three and four, now all the packet sent or received by victim should be going through attacker machine.<br />Now we can try to use driftnet to monitor all victim image traffic. According to its <a href="http://www.ex-parrot.com/~chris/driftnet/">website</a>,<br />Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.<br />to run driftnet, we just run this<br /># driftnet -i eth0<br /><br />To stop driftnet, just close the driftnet window or press CTRL + C in the terminal<br /><br />For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code<br /># urlsnarf -i eth0<br /><br />and urlsnarf will start capturing all website address visited by victim machine.<br /><br />When victim browse a website, attacker will know the address victim visited.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-19003266385308358752015-07-08T11:42:00.004+08:002017-02-03T02:09:29.084+08:00tomcat 7 setup guide<u><b>Tomcat Setup guide</b></u><br />
this setup was done on centos 7<br />
<p1><u><br /></u></p1>
<p1><u><b>Tomcat 7</b></u></p1>
<br />
This is my own setup guide for my server.<br />
you can change according to your need<br />
<br />
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
Download the
package from <a href="https://tomcat.apache.org/download-70.cgi">https://tomcat.apache.org/download-70.cgi</a><o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
Choose
“Core” -> tar.gz to download<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
Tomcat 7.0
is designed to run on Java SE 6 and later. So download the appropriate version<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
For more
info, you can Read the RELEASE-NOTES and the RUNNING.txt file in the
distribution for more details.<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
For easy
installation, I download rpm and use localinstall from Oracle website<o:p></o:p></div>
<span style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 107%;"><span style="color: blue;"># yum localinstall jdk-7u80-linux-x64.rpm</span></span><br />
<span style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 107%;"><br /></span>
<br />
<div class="MsoNormal">
<b><u><span style="font-size: 12.0pt; line-height: 107%;"><br /></span></u></b></div>
<div class="MsoNormal">
<b><u><span style="font-size: 12.0pt; line-height: 107%;">Installation<o:p></o:p></span></u></b></div>
<div class="MsoListParagraph" style="margin-bottom: 0.0001pt;">
<!--[if !supportLists]-->1<span style="font-size: 7pt; font-stretch: normal;"> </span>Extract the file and put it at /opt<br />
<br />
<span style="color: blue;"># tar -zxvf apache-tomcat-7.0.62.tar.gz</span><br />
<br />
<br />
<br />
2 Install tomcat native<br />
<br />
<span style="color: blue;"># cd /opt/apache-tomcat-7.0.62/bin<br /># tar -zxvf tomcat-native.tar.gz<br /># cd tomcat-native-1.1.33-src/jni/native</span><br />
<br />
Build tc-native requires three components to be installed: <br />
- APR library <br />
- OpenSSL libraries <br />
- Java SE Development Kit (JDK) </div>
<div class="MsoListParagraph" style="margin-bottom: 0.0001pt;">
<span style="color: blue;"># yum install apr-devel openssl-devel</span><br />
<br />
Now proceed to install the native using this command<br />
<br />
<span style="color: blue;"># ./configure --with-apr=/usr/bin/apr-1-config --with-java-home=/usr/java/jdk1.7.0_80/ --with-ssl=yes --prefix=/usr</span><br />
<br />
p/s:- Update the java location accordingly<br />
<br />
3 Install common-daemon-native<br />
<br />
<span style="color: blue;"># cd /opt/apache-tomcat-7.0.62/bin<br /># tar –zxvf commons-daemon-native.tar.gz<br /># cd commons-daemon-1.0.15-native-src/unix<br /># ./configure<br /> # cp jsvc ../..</span></div>
<span style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 107%;"><br /></span>
<br />
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<b><u><span style="font-size: 12.0pt; line-height: 107%;">Tuning<o:p></o:p></span></u></b></div>
<div class="MsoListParagraphCxSpFirst" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18.0pt;">
<!--[if !supportLists]-->1 <span style="font-size: 7pt; font-stretch: normal;"> </span><!--[endif]-->Edit /opt/apache-tomcat-7.0.62/conf/server.xml<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;">
Search connectionTimeout and change the value to
600000<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;">
Search maxThreads and change the value to 500 (if
got enable)<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18.0pt;">
<!--[if !supportLists]-->2<span style="font-size: 7pt; font-stretch: normal;"> </span><!--[endif]-->Edit /conf/context.xml<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;">
Change all <Context> <o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;">
To <Context swallowOutput="true"><o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;">
( it is use to redirect system err to catalina)<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18.0pt;">
<!--[if !supportLists]-->3<span style="font-size: 7pt; font-stretch: normal;"> </span><!--[endif]-->Edit conf/logging.properties, and add this<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;">
1catalina.org.apache.juli.AsyncFileHandler.rotatable
= true<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;">
( it is use to rotate the log)<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpLast" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18.0pt;">
<!--[if !supportLists]-->4 <span style="font-size: 7pt; font-stretch: normal;"> </span><!--[endif]-->Create setenv.sh at bin directory and add this
into it<o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18.0pt;">
---------------------------------------------------------------------------------------------------</div>
<div class="MsoNoSpacing" style="margin-left: 36.0pt;">
<span lang="EN-US" style="font-size: 9.0pt; mso-bidi-font-family: "Courier New";">JAVA_OPTS="-Xms4096m
-Xmx4096m -XX:MaxPermSize=512m -Dorg.jboss.resolver.warning=true
-Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000
-Dsun.lang.ClassLoader.allowArraySyntax=true -Dhttp.maxConnections=500 -XX:+UseConcMarkSweepGC
-XX:+CMSIncrementalMode"<br />
<!--[if !supportLineBreakNewLine]--><br />
<!--[endif]--><o:p></o:p></span></div>
<div class="MsoNoSpacing" style="margin-left: 36.0pt; tab-stops: 170.35pt;">
<span lang="EN-US" style="font-size: 9.0pt; mso-bidi-font-family: "Courier New";"># Set the
-Xms and -Xmx the same, around 50% to 80% of total memory<o:p></o:p></span></div>
<div class="MsoNoSpacing" style="margin-left: 36.0pt; tab-stops: 170.35pt;">
<span lang="EN-US" style="font-size: 9.0pt; mso-bidi-font-family: "Courier New";"># Set the
PermSize to either 256 or 512, increase it if there’s OutOfMemoryError PermGen
space in log<o:p></o:p></span></div>
<br />
<div class="MsoNoSpacing" style="margin-left: 36.0pt;">
<span lang="EN-US" style="font-size: 9.0pt; mso-bidi-font-family: "Courier New";"># to see gc memory,
add "-XX:+PrintGCDetails -XX:+PrintGCTimeStamps -verbose:gc
-Xloggc:/tmp/gc.log"</span></div>
<div>
---------------------------------------------------------------------------------------------------</div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<b><u><span style="font-size: 12.0pt; line-height: 107%;">Startup script<o:p></o:p></span></u></b></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
# vim
/etc/init.d/tomcat<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<br /></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#!/bin/sh<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#
Tomcat startup script<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#
chkconfig: - 85 15<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#
description: Tomcat Server<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#
processname: tomcat<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#
To use this script run it as root - it will switch to the specified user<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#
Either modify this script for your requirements or just ensure that<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#
the following variables are set correctly before calling the script.<o:p></o:p></span></div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#define
where tomcat is - this is the directory containing directories log, bin, conf
etc<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">CATALINA_HOME=${CATALINA_HOME:-"<span style="color: red;">/opt/tomcat</span>"}<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">export
CATALINA_HOME<o:p></o:p></span></div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#define
the user under which jboss will run, or use 'RUNASIS' to run as the current
user<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">TOMCAT_USER=${TOMCAT_USER:-"<span style="color: red;">tomcat</span>"}<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">export
TOMCAT_USER<o:p></o:p></span></div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">#make
sure java is in your path<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">JAVA_HOME=${JAVA_HOME:-"<span style="color: red;">/usr/java/jdk</span>"}<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">export
JAVA_HOME<o:p></o:p></span></div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
<br /></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">case
"$1" in<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">start)<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> $CATALINA_HOME/bin/daemon.sh start<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> ;;<o:p></o:p></span></div>
<span style="font-family: "courier new"; font-size: 8.0pt; line-height: 107%;">stop)</span><br />
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> $CATALINA_HOME/bin/daemon.sh stop<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> rm -rf $TOMCAT_HOME/work/*<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> ;;<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">restart)<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> $0 stop<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> i=0<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> while [ `ps ax|grep -v grep|grep jsvc|wc
-l` -gt 0 -a $i -lt 60 ]<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> do<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> sleep 1<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> (( i += 1 ))<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> done<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> /usr/bin/killall -9 jsvc<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> $0 start<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> ;;<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;">*)<o:p></o:p></span></div>
<div class="MsoPlainText">
<span lang="EN-US" style="font-family: "courier new"; font-size: 8.0pt;"> echo "usage: $0
(start|stop|restart|help)"<o:p></o:p></span></div>
<span style="font-family: "courier new"; font-size: 8.0pt; line-height: 107%;">esac</span><br />
<br />
<br />
<br />
edit the java location and tomcat location <br />
then change its permission <br />
<br />
<span style="color: blue;"># chmod 755 /etc/init.d/tomcat </span><br />
then create tomcat user <br />
<br />
<span style="color: blue;"># useradd –s /sbin/nologin tomcat</span> <br />
<br />
Change tomcat permission to tomcat <br />
<br />
<span style="color: blue;"># chown -R tomcat:tomcat apache-tomcat-7.0.62 </span><br />
<br />
<br />
<br />
Add to startup list <br />
<br />
# chkconfig --add tomcat <br />
<br />
# chkconfig --level 2345 tomcat on<br />
<br />
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<span style="font-size: 10.0pt; line-height: 107%; mso-bidi-font-family: "Courier New";"><br /></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<b><u>Connect
to mysql<o:p></o:p></u></b></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<br /></div>
<br />
<br />
Get the JDBC driver and put to lib<br />
http://www.mysql.com/products/connector/<br />
<br />
Edit conf/context.xml<br />
Add under <Context swallowOutput="true"><br />
Below is the example format<br />
<br />
--------------------------------------------------------------------------------------------------------------<br />
<Resource name="jdbc/<span style="color: red;">TestDB</span>" auth="Container" type="javax.sql.DataSource"<br />
maxActive="<span style="color: red;">100</span>" maxIdle="<span style="color: red;">30</span>" maxWait="<span style="color: red;">10000</span>"<br />
username="javauser" password="javadude" driverClassName="com.mysql.jdbc.Driver"<br />
url="jdbc:mysql://<span style="color: red;">localhost</span>:3306/<span style="color: red;">javatest</span>"/><br />
<br />
--------------------------------------------------------------------------------------------------------------<br />
<br />
change the word in red accordingly<br />
<br />
<b> maxActive</b> = Maximum number of database connections in pool. Make sure you configure your.<br />
<div>
mysqld max_connections large enough to handle all of your db connections. Set to -1 for no limit.<br />
<b>maxIdle</b> = Maximum number of idle database connections to retain in pool. Set to -1 for no limit.<br />
<b> maxWait</b> = Maximum time to wait for a database connection to become available in ms, An Exception is thrown if this timeout is exceeded. Set to -1 to wait indefinitely.<br />
<div>
<br /></div>
<div>
<br /></div>
<div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<b><u>Apache<o:p></o:p></u></b></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
Install
apache and fine tune it<o:p></o:p></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm;">
<br /></div>
<br />
1. Install MOD_JK connector <br />
<br />
<span style="color: blue;"># yum install httpd-devel </span><br />
<br />
Go to <a href="https://tomcat.apache.org/download-connectors.cgi">https://tomcat.apache.org/download-connectors.cgi</a> and download the source <br />
Configure, make and make install <br />
copy binary file to /etc/http/modules <br />
<br />
p/s = if got error saying "error: Cannot find the WebServer"<br />
use this function to find apxs<br />
<span style="color: blue;"># find / -iname apxs</span><br />
then install using this command<br />
<span style="color: blue;"># configure --with-apxs=/usr/bin/apxs</span><br />
<br />
<span style="color: blue;"># chmod 755 /etc/httpd/modules/mod_jk.so</span> <br />
<br />
<br />
Create workers.properties<br />
Change the node name according to the same as the servers name. If you follow the startup, location is define in mod_jk.conf<br />
<br />
--------------------------------------------------------------------------------------------------------------------<br />
worker.list=worker1,node1,node2,status #node name you want to use add this in server.xml <br />
worker.jkstatus.type=status <br />
<br />
#node1 <br />
worker.node1.port=8009 <br />
worker.node1.host=10.0.3.129 <br />
worker.node1.type=ajp13 <br />
worker.node1.lbfactor=1 <br />
worker.node1.ping_mode=A <br />
#worker.node1.cachesize=10<br />
<br />
#node2 <br />
worker.node2.port=8009 <br />
worker.node2.host=10.0.3.130 <br />
worker.node2.type=ajp13 <br />
worker.node2.lbfactor=3 <br />
worker.node2.ping_mode=A <br />
#worker.node2.cachesize=10 <br />
<br />
# Load-balancing behaviour <br />
worker.worker1.type=lb <br />
worker.worker1.balance_workers=node1,node2<br />
worker.worker1.sticky_session=1<br />
<br />
--------------------------------------------------------------------------------------------------------------------<br />
<br />
<br />
Create mod_jk.conf<br />
<br />
-------------------------------------------------------------------------------------------------------------------<br />
LoadModule jk_module modules/mod_jk.so <br />
<br />
<IfModule mod_jk.c> <br />
JkWorkersFile /data/sys/etc/httpd/workers.properties <br />
JkShmFile /var/log/httpd/mod_jk.shm <br />
JkLogFile /var/log/httpd/mod_jk.log <br />
JkLogLevel info,debug <br />
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " <br />
<br />
<br />
JkMount /app/* worker1 #mount this url, edit as neccessary <br />
# DO NOT MOUNT EVERYTHING! <br />
</IfModule></div>
------------------------------------------------------------------------------------------------------------------<br />
<div class="MsoNoSpacing" style="margin-left: 36.0pt;">
<br /></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-36804134707139917632015-02-12T11:39:00.003+08:002015-02-12T11:47:39.519+08:00Amazon AWS CloudFront setup Custom SSL CertificateHere i will show how i enable the custom ssl certificate option in CloudFront.<br />
<br />
<span style="font-size: large;"><b><u>SSL cert preparation</u></b></span><br />
there are few things you need to prepare:-<br />
1. Private key (.pem)<br />
2. public key (.pem)<br />
3. certificate chain file (.pem)<br />
<br />
If you have yours private.key & public.crt from CA,<br />
you can use below command to change it to .pem format<br />
<br />
<span id="docs-internal-guid-646866ab-7ba9-39e8-7b44-8fbeebd98d20"><span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"><span style="color: blue;">openssl rsa -in Private.key -text > Private.pem</span></span></span><br />
<span style="color: blue;"><span id="docs-internal-guid-646866ab-7bac-0703-1a5f-696b21953be5"></span></span><br />
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><span style="color: blue;">openssl x509 -inform PEM -in Public.crt > Public.pem</span></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">For the Certificate Chain file,</span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;">once you deploy your SSL cert to your server/web</span></span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;">you can use this link to check how is the chain file look like as different provider have different chain</span></span><br />
<span style="font-family: Arial; font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;"><a href="https://ssltools.thawte.com/checker/views/certCheck.jsp">https://ssltools.thawte.com/checker/views/certCheck.jsp</a></span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;"><br /></span></span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;">Example 1</span></span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;"><br /></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQshQYKrXVZxzHLeAzOQd4sKCtnxNBK4Hz4JZ3U-8mqlxatfan182UQgWy4pLg2MpLiu2KWAmO8YFHk2jCB8MjkIliJpnpL5pIrYEdik9inwIyR7kL27rVPUSZKd7pYNgzIhTsmzsHgMZq/s1600/chain-file-02.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQshQYKrXVZxzHLeAzOQd4sKCtnxNBK4Hz4JZ3U-8mqlxatfan182UQgWy4pLg2MpLiu2KWAmO8YFHk2jCB8MjkIliJpnpL5pIrYEdik9inwIyR7kL27rVPUSZKd7pYNgzIhTsmzsHgMZq/s1600/chain-file-02.jpg" height="176" width="640" /></a></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;"><br /></span></span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;">For Facebook, there is only 1 Intermediate Cert in chain</span></span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;"><br /></span></span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;"><br /></span></span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;">Example 2</span></span></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;"><br /></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpVAm_tcklB5Vz6yeGNMEGTPP84kFQGYq_hFCRgY838S2U02WrW3px48jqYlhALTHH2qtw4BpQxLBSUQF-p11iKqsh9RWBkVKjeNK7PWonQYa_rY8rXmsE2e5Y_L-9WJUcnz-jznPRuskH/s1600/chain-file-01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpVAm_tcklB5Vz6yeGNMEGTPP84kFQGYq_hFCRgY838S2U02WrW3px48jqYlhALTHH2qtw4BpQxLBSUQF-p11iKqsh9RWBkVKjeNK7PWonQYa_rY8rXmsE2e5Y_L-9WJUcnz-jznPRuskH/s1600/chain-file-01.jpg" height="238" width="640" /></a></div>
<div dir="ltr" style="margin-bottom: 0pt; margin-top: 0pt;">
<span style="font-family: Arial;"><span style="font-size: 15px; line-height: 20.7000007629395px; white-space: pre-wrap;"><br /></span></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">For this one, it got 2 intermediate cert inside the chain</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">From AWS documentation, the sample certificate chain will be look like this</span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"><br /></span></div>
<div dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">
<span style="background-color: transparent; color: black; font-family: Arial; font-size: 15px; font-style: normal; font-variant: normal; font-weight: normal; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span></div>
<pre class="programlisting">-----BEGIN CERTIFICATE-----
<em class="replaceable"><code>Intermediate certificate 2</code></em>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<em class="replaceable"><code>Intermediate certificate 1</code></em>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<em class="replaceable"><code>Optional: Root certificate</code></em>
-----END CERTIFICATE-----</pre>
<pre class="programlisting"></pre>
<pre class="programlisting"></pre>
<pre class="programlisting">So after you check hows your certificate chain look like,
all you need is find that cert and combine it</pre>
<pre class="programlisting"></pre>
<pre class="programlisting">for example 1 which is Facebook, it only got 1 intermediate cert in chain and thus DigiCert High Assurance CA-3 can directly use as certificate chain</pre>
<pre class="programlisting"></pre>
<pre class="programlisting">for example 2 which is Gardenbythebay, it got 2 intermediate cert in the chain, then you need to copy and paste follow the sequence like below and save it as certificate_chain.pem </pre>
<pre class="programlisting"></pre>
<pre class="programlisting">-----BEGIN CERTIFICATE-----</pre>
<pre class="programlisting"><i><span style="color: red;">< Thawte SSL CA - G2 ></span></i>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<em class="replaceable"><span style="color: red;">< thawte Primary Root CA ></span></em>
-----END CERTIFICATE-----</pre>
<pre class="programlisting"></pre>
<pre class="programlisting">NOTE, </pre>
<pre class="programlisting">I am using Thawte as well, so here i provide the link for the both intermediate cert </pre>
<pre class="programlisting"><a href="https://www.tbs-certificates.co.uk/FAQ/en/thawte_ssl_ca_g2.html" target="_blank">Thawte SSL CA - G2</a></pre>
<pre class="programlisting"><a href="https://www.thawte.com/roots/thawte_Primary_Root_CA.pem" target="_blank">Thawte Primary Root CA</a></pre>
<pre class="programlisting"></pre>
<pre class="programlisting"></pre>
<pre class="programlisting"><span style="font-size: large;"><b><u>Upload into the IAM store</u></b></span></pre>
<pre class="programlisting"><span style="font-size: large;"><b><u>
</u></b></span></pre>
<pre class="programlisting">Now you have all 3 file you needed, is time to upload it to the IAM store</pre>
<pre class="programlisting">I just go to EC2 and launch a micro instance for this purpose.</pre>
<pre class="programlisting">please choose Amazon linux as your instance for this because it already install with the amazon command. If you use other distro, you need to manual install</pre>
<pre class="programlisting"></pre>
<pre class="programlisting">
</pre>
<pre class="programlisting">1. once you done launch your amazon instance, upload all 3 file into the server.</pre>
<pre class="programlisting">FOR WINDOWS, you can use winscp to upload, but before that, please go to /etc/sshd_config and enable password authentication and reload the service</pre>
<pre class="programlisting"></pre>
<pre class="programlisting">
</pre>
<pre class="programlisting">2. use this command to upload your file</pre>
<pre class="programlisting"><span style="background-color: #eeeeee; color: #000066; font-family: 'Courier New', Courier, mono; font-size: 12px;">aws iam upload-server-certificate --server-certificate-name </span><em class="replaceable" style="color: red; font-family: 'Courier New', Courier, mono; font-size: 12px;">CertificateName</em><span style="background-color: #eeeeee; color: #000066; font-family: 'Courier New', Courier, mono; font-size: 12px;"> --certificate-body file://</span><em class="replaceable" style="color: red; font-family: 'Courier New', Courier, mono; font-size: 12px;">public_key_certificate_file</em><span style="background-color: #eeeeee; color: #000066; font-family: 'Courier New', Courier, mono; font-size: 12px;"> --private-key file://</span><em class="replaceable" style="color: red; font-family: 'Courier New', Courier, mono; font-size: 12px;">privatekey.pem</em><span style="background-color: #eeeeee; color: #000066; font-family: 'Courier New', Courier, mono; font-size: 12px;"> --certificate-chain file://</span><em class="replaceable" style="color: red; font-family: 'Courier New', Courier, mono; font-size: 12px;">certificate_chain_file</em><span style="background-color: #eeeeee; color: #000066; font-family: 'Courier New', Courier, mono; font-size: 12px;"> --path /cloudfront/</span><em class="replaceable" style="color: red; font-family: 'Courier New', Courier, mono; font-size: 12px;">path</em><span style="background-color: #eeeeee; color: #000066; font-family: 'Courier New', Courier, mono; font-size: 12px;">/</span></pre>
<pre class="programlisting"></pre>
<pre class="programlisting">example:</pre>
<pre class="programlisting"><span id="docs-internal-guid-646866ab-7bd5-7913-79f3-f31a5fb2b857"><span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"><span style="color: blue;">aws iam upload-server-certificate --server-certificate-name </span><span style="color: red;">Facebook2015</span><span style="color: blue;"> --certificate-body file://~/</span><span style="color: red;">Public.pem</span><span style="color: blue;"> --private-key file://~/</span><span style="color: red;">Private.pem</span><span style="color: blue;"> --certificate-chain file://~/</span><span style="color: red;">certificate_chain.pem</span><span style="color: blue;"> --path </span><span style="color: red;">/cloudfront/Facebook/</span></span></span></pre>
<pre class="programlisting"><span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">
</span></pre>
<pre class="programlisting"><span style="font-family: Arial;"><span style="font-size: 15px; white-space: pre-wrap;">once done, you should see something like this as output</span></span></pre>
<pre class="programlisting">
</pre>
<span style="color: blue;">{
<br /> "ServerCertificateMetadata": {
<br /> "ServerCertificateId": "ASCAJR5WQNL4PIB4GMMNE",
<br /> "ServerCertificateName": "Facebook2015",
<br /> "Expiration": "2017-04-23T23:59:59Z",
<br /> "Path": "/cloudfront/Facebook/",
<br /> "Arn": "arn:aws:iam::337660227660:server-certificate/cloudfront/Facebook/Facebook2015",
<br /> "UploadDate": "2015-02-11T03:36:56.032Z"
<br /> } </span><div>
<span style="color: blue;">}</span><br />
<br /><pre class="programlisting"><span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">Now you should be able to choose custom SSL at your CLoudFront</span></pre>
<pre class="programlisting"><span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">
</span></pre>
<pre class="programlisting"><span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;">
</span></pre>
<pre class="programlisting"><span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"><u>OTHER COMMAND</u></span></pre>
<pre class="programlisting"><span style="font-family: Arial; font-size: 15px; vertical-align: baseline; white-space: pre-wrap;"><u>
</u></span></pre>
<pre class="programlisting"><span style="font-family: Arial;"><span style="font-size: 15px; white-space: pre-wrap;"><b>delete certificate object:</b></span></span></pre>
<pre class="programlisting"></pre>
<span style="color: blue;">aws iam delete-server-certificate --server-certificate-name certificate_object_name</span><br />
<br />example:<br /></div>
<div>
<span style="color: blue;">aws iam delete-server-certificate --server-certificate-name Facebook2015</span><br /><br /><br /></div>
<div>
<b>View Certificate object:</b><br /><br /><span style="color: blue;">aws iam get-server-certificate --server-certificate-name certificate_object_name</span><br /><br />example:<br /></div>
<div>
<span style="color: blue;">aws iam get-server-certificate --server-certificate-name Facebook2015</span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-4404297455070980293.post-27890809038349324752014-09-19T11:40:00.000+08:002017-10-30T15:21:51.702+08:00smokeping for Centos7I am using Centos7 + smokeping-2.6.9<br />
<div>
<br /></div>
<div>
lets start up by install needed package</div>
<div>
before that, we will need to enable Epel repo</div>
<div>
You can install EPEL by running yum install epel-release. The package is included in the CentOS Extras repository, enabled by default.</div>
<div>
<div>
<br /></div>
<div>
# yum install epel-release</div>
</div>
<div>
<br /></div>
<div>
Then follow up by the package for</div>
<div>
<div>
<ul>
<li>mod_fcgid</li>
<li>httpd</li>
<li>httpd-devel</li>
<li>rrdtool</li>
<li>perl-CGI-SpeedyCGI</li>
<li>fping</li>
<li>rrdtool-perl</li>
<li>perl</li>
<li>perl-Sys-Syslog</li>
</ul>
</div>
</div>
<div>
# yum install mod_fcgid httpd httpd-devel rrdtool perl-CGI-SpeedyCGI fping rrdtool-perl perl perl-Sys-Syslog</div>
<div>
<br /></div>
<div>
Then we will needed some package for Cpan to install perl stuff</div>
<div>
<br /></div>
<div>
# yum install perl-CPAN perl-local-lib perl-Time-HiRes</div>
<div>
<br /></div>
<div>
The last one is the package to create installation for smokeping</div>
<div>
<br /></div>
<div>
# yum groupinstall "Development tools"</div>
<div>
-----------------------------------------------------------------------------------------------------------------</div>
<div>
<br /></div>
<div>
Now lets download the latest smokeping at http://oss.oetiker.ch/smokeping/pub/</div>
<div>
currently the latest i saw is 2.6.9, so i just download that</div>
<div>
<br /></div>
<div>
# wget http://oss.oetiker.ch/smokeping/pub/smokeping-2.6.9.tar.gz</div>
<div>
<br /></div>
<div>
then extract it</div>
<div>
<br /></div>
<div>
# tar -zxvf smokeping-2.6.9.tar.gz</div>
<div>
<br /></div>
<div>
Install the smokeping perl stuff</div>
<div>
<br /></div>
<div>
# cd smokeping-2.6.9/setup</div>
<div>
# ./build-perl-modules.sh</div>
<div>
<br /></div>
<div>
it will auto install needed perl</div>
<div>
Once done, back to smokeping-2.6.9 folder and you will notice a folder name thirdparty is created</div>
<div>
we will need to move it to /opt folder, but before that, lets create smokeping folder at /opt first</div>
<div>
then copy the thirdparty folder into it</div>
<div>
<br /></div>
<div>
# mkdir /opt/smokeping</div>
<div>
# cp -r thirdparty /opt/smokeping/</div>
<div>
<br /></div>
<div>
# ./configure --prefix=/opt/smokeping</div>
<div>
# make install</div>
<div>
<br />
~ NOTE ~</div>
<div>
if you encounter problem, please try make install again<br />
this is because for my situation when i first make install, it pop some error but when i try make install again, the error gone<br />
<br />
Now you can go to /opt/smokeping/etc and prepare the config file<br />
<br />
# cd /opt/smokeping/etc<br />
# for foo in *.dist; do cp $foo `basename $foo .dist`; done<br />
<br />
--------------------------------------------------------------------------------------------------------------<br />
<br />
Now is time to prepare for the interface<br />
make sure you had install apache<br />
else please install it using yum install httpd<br />
<br />
#vim /etc/httpd/conf/httpd.conf<br />
<br />
change:<br />
DirectoryIndex index.html index.html.var<br />
to:<br />
DirectoryIndex index.html index.html.var smokeping.fcgi<br />
<br />
then enable this<br />
AddHandler cgi-script .cgi<br />
<br />
---------------------------------<br />
# vim /etc/httpd/conf.d/smokeping.conf<br />
<br />
<Directory "/var/www/html/smokeping"><br />
Options +ExecCGI<br />
</Directory><br />
--------------------------------<br />
# mkdir /opt/smokeping/img<br />
# mkdir /opt/smokeping/data<br />
# mkdir /opt/smokeping/var<br />
# mkdir /opt/smokeping/cache<br />
# chown -R apache:apache /opt/smokeping/img<br />
# chown -R apache:apache /opt/smokeping/cache<br />
# ln -s /opt/smokeping/htdocs /var/www/html/smokeping<br />
# ln -s /opt/smokeping/img /var/www/html/smokeping<br />
# ln -s /opt/smokeping/cache /var/www/html/smokeping<br />
<br />
<br />
# chmod 600 /opt/smokeping/etc/smokeping_secrets<br />
# chmod 600 /opt/smokeping/etc/smokeping_secrets.dist<br />
# chown -R apache:apache /var/www/html/smokeping<br />
<br />
Before we start smokeping, please edit your configuration first<br />
edit the smokeping config to your need (change the part in Red color word<br />
# vim /opt/smokeping/etc/config<br />
------------------------------------------<br />
*** General ***<br />
<br />
owner = <span style="color: red;">Peter Random</span><br />
contact = <span style="color: red;">some@address.nowhere</span><br />
mailhost = <span style="color: red;">my.mail.host (Ignore if you do not have smtp server)</span><br />
sendmail = /usr/sbin/sendmail<br />
# NOTE: do not put the Image Cache below cgi-bin<br />
# since all files under cgi-bin will be executed ... this is not<br />
# good for images.<br />
imgcache = /opt/smokeping/cache<br />
imgurl = cache<br />
datadir = /opt/smokeping/data<br />
piddir = /opt/smokeping/var<br />
cgiurl = http://some.url/smokeping.cgi<br />
smokemail = /opt/smokeping/etc/smokemail.dist<br />
tmail = /opt/smokeping/etc/tmail.dist<br />
# specify this to get syslog logging<br />
syslogfacility = local0<br />
# each probe is now run in its own process<br />
# disable this to revert to the old behaviour<br />
# concurrentprobes = no<br />
<br />
*** Alerts ***<br />
to = <span style="color: red;">alertee@address.somewhere</span><br />
from = <span style="color: red;">smokealert@company.xy</span><br />
<br />
+someloss<br />
type = loss<br />
# in percent<br />
pattern = >0%,*12*,>0%,*12*,>0%<br />
comment = loss 3 times in a row<br />
<br />
*** Database ***<br />
<br />
step = 300<br />
pings = 20<br />
<br />
# consfn mrhb steps total<br />
<br />
AVERAGE 0.5 1 1008<br />
AVERAGE 0.5 12 4320<br />
MIN 0.5 12 4320<br />
MAX 0.5 12 4320<br />
AVERAGE 0.5 144 720<br />
MAX 0.5 144 720<br />
MIN 0.5 144 720<br />
<br />
*** Presentation ***<br />
<br />
template = /opt/smokeping/etc/basepage.html.dist<br />
<br />
+ charts<br />
<br />
menu = Charts<br />
title = The most interesting destinations<br />
<br />
++ stddev<br />
sorter = StdDev(entries=>4)<br />
title = Top Standard Deviation<br />
menu = Std Deviation<br />
format = Standard Deviation %f<br />
<br />
++ max<br />
sorter = Max(entries=>5)<br />
title = Top Max Roundtrip Time<br />
menu = by Max<br />
format = Max Roundtrip Time %f seconds<br />
<br />
++ loss<br />
sorter = Loss(entries=>5)<br />
title = Top Packet Loss<br />
menu = Loss<br />
format = Packets Lost %f<br />
<br />
++ median<br />
sorter = Median(entries=>5)<br />
title = Top Median Roundtrip Time<br />
menu = by Median<br />
format = Median RTT %f seconds<br />
<br />
+ overview<br />
<br />
width = 600<br />
height = 50<br />
range = 10h<br />
<br />
+ detail<br />
<br />
width = 600<br />
height = 200<br />
unison_tolerance = 2<br />
<br />
"Last 3 Hours" 3h<br />
"Last 30 Hours" 30h<br />
"Last 10 Days" 10d<br />
"Last 400 Days" 400d<br />
<br />
#+ hierarchies<br />
#++ owner<br />
#title = Host Owner<br />
#++ location<br />
#title = Location<br />
<br />
*** Probes ***<br />
<br />
+ FPing<br />
<br />
binary = /usr/sbin/fping<br />
<br />
*** Slaves ***<br />
secrets=/opt/smokeping/etc/smokeping_secrets.dist<br />
+boomer<br />
display_name=boomer<br />
color=0000ff<br />
<br />
+slave2<br />
display_name=another<br />
color=00ff00<br />
<br />
*** Targets ***<br />
<br />
probe = FPing<br />
<br />
menu = Top<br />
title = Network Latency Grapher<br />
remark = Welcome to the SmokePing website of xxx Company. \<br />
Here you will learn all about the latency of our network.<br />
<br />
<span style="color: red;">+ Server</span><br />
menu= Targets<br />
<br />
<span style="color: red;">++ google</span><br />
<br />
menu = <span style="color: red;">google.com</span><br />
title = <span style="color: red;">google.com</span><br />
alerts = someloss<br />
host = <span style="color: red;">www.google.com</span><br />
-----------------------------------------------------------------<br />
<br />
For mine, i had turn off my firewalld as it was mean for private LAN<br />
# systemctl stop firewalld<br />
<br />
and i also had turn SeLinux<br />
# setenforce 0<br />
<br />
Start the apache service<br />
# systemctl start httpd<br />
<br />
start the smokeping services<br />
# ./bin/smokeping --config=/opt/smokeping/etc/config --logfile=smoke.log<br />
<br />
For startup script<br />
you can get it from here<br />
http://oss.oetiker.ch/smokeping/pub/contrib/smokeping-start-script<br />
just edit the smokeping path<br />
then put at /etc/init.d/<br />
chmod 755 it</div>
<div>
<br /></div>
<div>
<br />
Thanks Will for pointing out the typo and mistake</div>
<div>
<br /></div>
Unknownnoreply@blogger.com20tag:blogger.com,1999:blog-4404297455070980293.post-12198163375531016462014-08-12T17:57:00.000+08:002014-08-12T17:57:01.544+08:00kali linux - Openvas with Greenbone security assistantso i assume you had install the kali linux and ready to install openvas<br />
<br />
<b><u><span style="font-size: large;">Installation</span></u></b><br />
<br />
openvas-mkcert<br />
this will create the ssl cert for openvas program<br />
<br />
openvas-nvt-sync<br />
this will sync the Openvas NVT database with the latest NVT and get the latest vulnerability checks<br />
<br />
openvas-mkcert-client -n om -i<br />
openvasmd --rebuild<br />
this will generate a client certificate and rebuild the database<br />
<br />
openvassd<br />
this will start the Openvas scanner and load all plugins<br />
<br />
openvasmd --rebuild<br />
openvasmd --backup<br />
this will rebuild and create backup of the database<br />
<br />
opevas-adduser<br />
this will create a normal user<br />
<br />
<ul>
<li>enter login name</li>
<li>just press enter for auth request</li>
<li>enter the password twice</li>
<li>for rules, just skip by press Ctrl + D</li>
<li>press y to add the user</li>
</ul>
<div>
openvasmd -p 9390 -a 127.0.0.1</div>
<div>
openvasad -a 127.0.0.1 -p 9393</div>
<div>
gsad --http-only --listen=127.0.0.1 -p 9392</div>
<div>
this will configure the port that openvas will use</div>
<div>
the port 9392 is for the browser and you can change it for other port</div>
<div>
<br /></div>
<div>
now you can access OpenVAS at your browser using http://127.0.0.1:9392</div>
<div>
you should be able to see GreenBone Security Assistant login pages</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlUsxyjFdFBDQcGZJrhiuUJ1VtLt4WgqT5MkGAvtRXFpgFQjvW1TZyQQwT-W1nozNDVICDcTiO2nROiMS2mkwYjqzAmGLQSaVxBeYezVQG_KQhPM9e9CScoDRDyssGSB4tJBrjOHoIXBoV/s1600/openvas-08.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlUsxyjFdFBDQcGZJrhiuUJ1VtLt4WgqT5MkGAvtRXFpgFQjvW1TZyQQwT-W1nozNDVICDcTiO2nROiMS2mkwYjqzAmGLQSaVxBeYezVQG_KQhPM9e9CScoDRDyssGSB4tJBrjOHoIXBoV/s1600/openvas-08.jpg" height="400" width="258" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Login with your admin account</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
(Optional)</div>
<div class="separator" style="clear: both; text-align: left;">
there are other easier method to start and stop Openvas after done all this.<br />for myself, i just use script provide by Lazykali.</div>
<div class="separator" style="clear: both; text-align: left;">
just download the folder and script and save it in 1 folder and execute it using command</div>
<div class="separator" style="clear: both; text-align: left;">
you can get the script at the below link</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://code.google.com/p/lazykali/" target="_blank">lazykali</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
------------------------------------------------------------------------------------------------------------</div>
<div>
<br /></div>
<div>
Setup</div>
<div>
<br /></div>
<div>
after you login,</div>
<div>
lets start up to scan your own laptop as an example</div>
<div>
<br /></div>
<div>
click on Configuration > Targets</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEionrVJQrEiyRF6d0BEGYy0I1wD_9Z5siVUpr6FPU4mZrqrTR8fJ017jtdiaGCsZtT-lYmTnpvBi_l0cO8lS6B5CPnwBteWVPQKeut6x4693Z7WnOlp-ld1RMpPMoCGHELr2ujknwwdJJ_w/s1600/openvas-01.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEionrVJQrEiyRF6d0BEGYy0I1wD_9Z5siVUpr6FPU4mZrqrTR8fJ017jtdiaGCsZtT-lYmTnpvBi_l0cO8lS6B5CPnwBteWVPQKeut6x4693Z7WnOlp-ld1RMpPMoCGHELr2ujknwwdJJ_w/s1600/openvas-01.jpg" height="228" width="640" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
you should be able to see it got Localhost in the list, so lets add a new one into it by click the star button in red highlight as pic below</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOlDHbLX_MByr6zhp-YepCObSdlpmN6cZNy4Qa0o5Rjm5XTBvSxXIiH51tEEPgPzAzQ6rlcmdsfnBA_cRUffn7aKE6GyopWzqZhuT_Jv92Q4bSp3KDE8rzsIWYIKSjcT4uHX_ZrAc8IQe9/s1600/openvas-02.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOlDHbLX_MByr6zhp-YepCObSdlpmN6cZNy4Qa0o5Rjm5XTBvSxXIiH51tEEPgPzAzQ6rlcmdsfnBA_cRUffn7aKE6GyopWzqZhuT_Jv92Q4bSp3KDE8rzsIWYIKSjcT4uHX_ZrAc8IQe9/s1600/openvas-02.jpg" height="160" width="640" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Then you give it a name and key in the IP or URL you want to scan.</div>
<div>
Other things just left it default and click Create Target</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6vyQh05Sn4u4c0l1dOA3dDAX_T-INtG439MWJ19AdEPiX_zhUbsb0E-T8HVMHm4GA3wlKGEy_eEYocuEXepEZ_fF4UvjQYCT7FPKFga25UiwebT22heKcHOGrRyJWi-tIyPNsE20u3P2y/s1600/openvas-03.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6vyQh05Sn4u4c0l1dOA3dDAX_T-INtG439MWJ19AdEPiX_zhUbsb0E-T8HVMHm4GA3wlKGEy_eEYocuEXepEZ_fF4UvjQYCT7FPKFga25UiwebT22heKcHOGrRyJWi-tIyPNsE20u3P2y/s1600/openvas-03.jpg" height="232" width="640" /></a></div>
<div>
<br /></div>
<br />
<br />
Now you should be saw your new target added to the list.<br />
ok, lets proceed to create a new task<br />
click on Scan Management > New Task<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoG6WzrJAWrS6fSU49NrWvmUq8KBLx0w9XOWl86d8PX-d9GuggB9IUBmAV-etKHj4ICqmKCA4qFjREC-dOGa9NZV5VWeeBXOnlSCYisQRGuBNyX16Ykc12hoc9Nz_iF3R4LIqurqx2QLmh/s1600/openvas-04.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoG6WzrJAWrS6fSU49NrWvmUq8KBLx0w9XOWl86d8PX-d9GuggB9IUBmAV-etKHj4ICqmKCA4qFjREC-dOGa9NZV5VWeeBXOnlSCYisQRGuBNyX16Ykc12hoc9Nz_iF3R4LIqurqx2QLmh/s1600/openvas-04.jpg" height="234" width="640" /></a></div>
<br />
<br />
Fill in the details mark in Red arrow<br />
for the scan config, there are 4 option for you to choose (ignore test and vulne as i create it myself when i playing around). for now, i choose Full and very deep ultimate to see what it can scan and report later.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEju9ZdxSzToN8dVyhi4HxfdKZZLWl9vhm0ev_TYctDi15fGRJp4Em6ppcewzZtg6Nmuu9nevZdjltCm-TxHSa_kTUHUWaFCml6AusPKNekMbGyKN4FKnxZ7jPfuQl9znUPwXO0rehTwnP-g/s1600/openvas-05.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEju9ZdxSzToN8dVyhi4HxfdKZZLWl9vhm0ev_TYctDi15fGRJp4Em6ppcewzZtg6Nmuu9nevZdjltCm-TxHSa_kTUHUWaFCml6AusPKNekMbGyKN4FKnxZ7jPfuQl9znUPwXO0rehTwnP-g/s1600/openvas-05.jpg" height="256" width="640" /></a></div>
<br />
<br />
Scan target, choose the new target you created just now and click create task<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3dQAPevK0hdVsqDJPPJBIum-G_JjhNLP1P7dhzfo4Qt4F0KQUr-XoNV6aDkZADl3mINykrfmzpNJOxExFMGVCv3qbx587husLnE_SZtBCMry19WdHLDWdZ6Ogwj27Out8lqwtj37jnses/s1600/openvas-06.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3dQAPevK0hdVsqDJPPJBIum-G_JjhNLP1P7dhzfo4Qt4F0KQUr-XoNV6aDkZADl3mINykrfmzpNJOxExFMGVCv3qbx587husLnE_SZtBCMry19WdHLDWdZ6Ogwj27Out8lqwtj37jnses/s1600/openvas-06.jpg" height="160" width="400" /></a></div>
<br />
<br />
Now you should be able to see your newly created task there and the status is "New"<br />click the play button in red highlight like the pic below to start the scan<br />
the scan might take some time<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYo-lnBxVm9Dwwmyz0-FnlzCgupG2rPQ188LgdcWUyWBEgZxNeR4MVMUR_jTsYvawcl4EY2u0VckszP1HP4eeKSw_kdQAi81l8ns6edZAgWm2Kat-zpv8LDr3_3ijVlBOcu9mmF7nJJogJ/s1600/openvas-07.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYo-lnBxVm9Dwwmyz0-FnlzCgupG2rPQ188LgdcWUyWBEgZxNeR4MVMUR_jTsYvawcl4EY2u0VckszP1HP4eeKSw_kdQAi81l8ns6edZAgWm2Kat-zpv8LDr3_3ijVlBOcu9mmF7nJJogJ/s1600/openvas-07.jpg" height="128" width="640" /></a></div>
<br />
<br />
When it done, you should be seeing something like in pic below<br />
just click on the date itself on the for the report<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6EEoQjcDt_Jerh4Dxqd38bRDCH2VCAJiR4j9woMPhsFWPC79y2SYKbOcGJCAgvlOfCSo11ZksrMoImaqutQRVNEHOwqdfP0jtjJTfAzCS4MADaE6n4pyU1w2mx030_weVG_yybJ1HK8Vm/s1600/openvas-09.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6EEoQjcDt_Jerh4Dxqd38bRDCH2VCAJiR4j9woMPhsFWPC79y2SYKbOcGJCAgvlOfCSo11ZksrMoImaqutQRVNEHOwqdfP0jtjJTfAzCS4MADaE6n4pyU1w2mx030_weVG_yybJ1HK8Vm/s1600/openvas-09.jpg" height="76" width="640" /></a></div>
<br />
then click on the red highlight button like show on the pic below for the report<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOeoEu-mmSp3TEENKhp3BanqfPhSIbwKHVee3q2IgD_KC2_tFAFFvafQA18xPZw323pqRX1uwKimU1Fc-UugrmFroAVe5wLRu02eZN9EgcRuJ7QCIOjpzvU88zzZrhKVlV7j_oY_6nSW9L/s1600/openvas-10.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOeoEu-mmSp3TEENKhp3BanqfPhSIbwKHVee3q2IgD_KC2_tFAFFvafQA18xPZw323pqRX1uwKimU1Fc-UugrmFroAVe5wLRu02eZN9EgcRuJ7QCIOjpzvU88zzZrhKVlV7j_oY_6nSW9L/s1600/openvas-10.jpg" height="212" width="640" /></a></div>
<br />
<br />
For more info,<br />
please see the video from NetSecNow as I also learn mine from there<br />
<a href="https://www.youtube.com/watch?v=0b4SVyP0IqI" target="_blank">OpenVas guide from NetSecNow</a>Unknownnoreply@blogger.com2