Friday, September 19, 2014

smokeping for Centos7

I am using Centos7 + smokeping-2.6.9

lets start up by install needed package
before that, we will need to enable Epel repo
You can install EPEL by running yum install epel-release. The package is included in the CentOS Extras repository, enabled by default.

# yum install epel-release

Then follow up by the package for
  • mod_fcgid
  • httpd
  • httpd-devel
  • rrdtool
  • perl-CGI-SpeedyCGI
  • fping
  • rrdtool-perl
  • perl
  • perl-Sys-Syslog
# yum install mod_fcgid httpd httpd-devel rrdtool perl-CGI-SpeedyCGI fping rrdtool-perl perl perl-Sys-Syslog

Then we will needed some package for Cpan to install perl stuff

# yum install perl-CPAN perl-local-lib perl-Time-HiRes

The last one is the package to create installation for smokeping

# yum groupinstall "Development tools"
-----------------------------------------------------------------------------------------------------------------

Now lets download the latest smokeping at http://oss.oetiker.ch/smokeping/pub/
currently the latest i saw is 2.6.9, so i just download that

# wget http://oss.oetiker.ch/smokeping/pub/smokeping-2.6.9.tar.gz

then extract it

# tar -zxvf smokeping-2.6.9.tar.gz

Install the smokeping perl stuff

# cd smokeping-2.6.9/setup
# ./build-perl-modules.sh

it will auto install needed perl
Once done, back to smokeping-2.6.9 folder and you will notice a folder name thirdparty is created
we will need to move it to /opt folder, but before that, lets create smokeping folder at /opt first
then copy the thirdparty folder into it

# mkdir /opt/smokeping
# cp -r thirdparty /opt/smokeping/

# ./configure --prefix=/opt/smokeping
# make install

~ NOTE ~
if you encounter problem, please try make install again
this is because for my situation when i first make install, it pop some error but when i try make install again, the error gone

Now you can go to /opt/smokeping/etc and prepare the config file

# cd /opt/smokeping/etc
# for foo in *.dist; do cp $foo `basename $foo .dist`; done

--------------------------------------------------------------------------------------------------------------

Now is time to prepare for the interface
make sure you had install apache
else please install it using yum install httpd

#vim /etc/httpd/conf/httpd.conf

change:
DirectoryIndex index.html index.html.var
to:
DirectoryIndex index.html index.html.var smokeping.fcgi

then enable this
AddHandler cgi-script .cgi

---------------------------------
# vim /etc/httpd/conf.d/smokeping.conf

<Directory "/var/www/html/smokeping">
    Options +ExecCGI
</Directory>
--------------------------------
# mkdir /opt/smokeping/img
# mkdir /opt/smokeping/data
# mkdir /opt/smokeping/var
# mkdir /opt/smokeping/cache
# chown -R apache:apache /opt/smokeping/img
# chown -R apache:apache /opt/smokeping/cache
# ln -s /opt/smokeping/htdocs /var/www/html/smokeping
# ln -s /opt/smokeping/img /var/www/html/smokeping
# ln -s /opt/smokeping/cache /var/www/html/smokeping


# chmod 600 /opt/smokeping/etc/smokeping_secrets
# chmod 600 /opt/smokeping/etc/smokeping_secrets.dist
# chown -R apache:apache /var/www/html/smokeping

Before we start smokeping, please edit your configuration first
edit the smokeping config to your need (change the part in Red color word
# vim /opt/smokeping/etc/config
------------------------------------------
*** General ***

owner    = Peter Random
contact  = some@address.nowhere
mailhost = my.mail.host (Ignore if you do not have smtp server)
sendmail = /usr/sbin/sendmail
# NOTE: do not put the Image Cache below cgi-bin
# since all files under cgi-bin will be executed ... this is not
# good for images.
imgcache = /opt/smokeping/cache
imgurl   = cache
datadir  = /opt/smokeping/data
piddir  = /opt/smokeping/var
cgiurl   = http://some.url/smokeping.cgi
smokemail = /opt/smokeping/etc/smokemail.dist
tmail = /opt/smokeping/etc/tmail.dist
# specify this to get syslog logging
syslogfacility = local0
# each probe is now run in its own process
# disable this to revert to the old behaviour
# concurrentprobes = no

*** Alerts ***
to = alertee@address.somewhere
from = smokealert@company.xy

+someloss
type = loss
# in percent
pattern = >0%,*12*,>0%,*12*,>0%
comment = loss 3 times  in a row

*** Database ***

step     = 300
pings    = 20

# consfn mrhb steps total

AVERAGE  0.5   1  1008
AVERAGE  0.5  12  4320
    MIN  0.5  12  4320
    MAX  0.5  12  4320
AVERAGE  0.5 144   720
    MAX  0.5 144   720
    MIN  0.5 144   720

*** Presentation ***

template = /opt/smokeping/etc/basepage.html.dist

+ charts

menu = Charts
title = The most interesting destinations

++ stddev
sorter = StdDev(entries=>4)
title = Top Standard Deviation
menu = Std Deviation
format = Standard Deviation %f

++ max
sorter = Max(entries=>5)
title = Top Max Roundtrip Time
menu = by Max
format = Max Roundtrip Time %f seconds

++ loss
sorter = Loss(entries=>5)
title = Top Packet Loss
menu = Loss
format = Packets Lost %f

++ median
sorter = Median(entries=>5)
title = Top Median Roundtrip Time
menu = by Median
format = Median RTT %f seconds

+ overview

width = 600
height = 50
range = 10h

+ detail

width = 600
height = 200
unison_tolerance = 2

"Last 3 Hours"    3h
"Last 30 Hours"   30h
"Last 10 Days"    10d
"Last 400 Days"   400d

#+ hierarchies
#++ owner
#title = Host Owner
#++ location
#title = Location

*** Probes ***

+ FPing

binary = /usr/sbin/fping

*** Slaves ***
secrets=/opt/smokeping/etc/smokeping_secrets.dist
+boomer
display_name=boomer
color=0000ff

+slave2
display_name=another
color=00ff00

*** Targets ***

probe = FPing

menu = Top
title = Network Latency Grapher
remark = Welcome to the SmokePing website of xxx Company. \
         Here you will learn all about the latency of our network.

+ Server
menu= Targets

++ google

menu = google.com
title = google.com
alerts = someloss
host = www.google.com
-----------------------------------------------------------------

For mine, i had turn off my firewalld as it was mean for private LAN
# systemctl stop firewalld

and i also had turn SeLinux
# setenforce 0

Start the apache service
# systemctl start httpd

start the smokeping services
# ./bin/smokeping --config=/opt/smokeping/etc/config --logfile=smoke.log

For startup script
you can get it from here
http://oss.oetiker.ch/smokeping/pub/contrib/smokeping-start-script
just edit the smokeping path
then put at /etc/init.d/
chmod 755 it


Thanks Will for pointing out the typo and mistake

Posted by at 20 comments:

Tuesday, August 12, 2014

kali linux - Openvas with Greenbone security assistant

so i assume you had install the kali linux and ready to install openvas

Installation

openvas-mkcert
this will create the ssl cert for openvas program

openvas-nvt-sync
this will sync the Openvas NVT database with the latest NVT and get the latest vulnerability checks

openvas-mkcert-client -n om -i
openvasmd --rebuild
this will generate a client certificate and rebuild the database

openvassd
this will start the Openvas scanner and load all plugins

openvasmd --rebuild
openvasmd --backup
this will rebuild and create backup of the database

opevas-adduser
this will create a normal user

  • enter login name
  • just press enter for auth request
  • enter the password twice
  • for rules, just skip by press Ctrl + D
  • press y to add the user
openvasmd -p 9390 -a 127.0.0.1
openvasad -a 127.0.0.1 -p 9393
gsad --http-only --listen=127.0.0.1 -p 9392
this will configure the port that openvas will use
the port 9392 is for the browser and you can change it for other port

now you can access OpenVAS at your browser using http://127.0.0.1:9392
you should be able to see GreenBone Security Assistant login pages


Login with your admin account


(Optional)
there are other easier method to start and stop Openvas after done all this.
for myself, i just use script provide by Lazykali.
just download the folder and script and save it in 1 folder and execute it using command
you can get the script at the below link
lazykali

------------------------------------------------------------------------------------------------------------

Setup

after you login,
lets start up to scan your own laptop as an example

click on Configuration > Targets



you should be able to see it got Localhost in the list, so lets add a new one into it by click the star button in red highlight as pic below



Then you give it a name and key in the IP or URL you want to scan.
Other things just left it default and click Create Target




Now you should be saw your new target added to the list.
ok, lets proceed to create a new task
click on Scan Management > New Task



Fill in the details mark in Red arrow
for the scan config, there are 4 option for you to choose (ignore test and vulne as i create it myself when i playing around). for now, i choose Full and very deep ultimate to see what it can scan and report later.



Scan target, choose the new target you created just now and click create task



Now you should be able to see your newly created task there and the status is "New"
click the play button in red highlight like the pic below to start the scan
the scan might take some time



When it done, you should be seeing something like in pic below
just click on the date itself on the for the report


then click on the red highlight button like show on the pic below for the report



For more info,
please see the video from NetSecNow as I also learn mine from there
OpenVas guide from NetSecNow
Posted by at 2 comments:

Friday, July 25, 2014

Jboss 5


I am using Centos 6.5 with minimal installation.
using package version Jboss EAP 5.1.2 + Oracle JDK 1.6.0_45

Installation

download the Jboss package and unzip it to /opt
get the JDK from oracle website and install it
http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javase6-419409.html#jdk-6u45-oth-JPR

# unzip jboss-eap-5.1.2.zip -d /opt
# chmod +x jdk-6u45-linux-x64-rpm.bin
# ./jdk-6u45-linux-x64-rpm.bin

confirm the java version by using this command
# java -version

go to opt folder and rename it to jboss
# cd /opt
# mv jboss-eap-5.1 jboss

start up Jboss as default to confirm it is working
# cd /opt/jboss/jboss-as/bin
# ./run.sh

If it running good, you should see a bunch of info and ended with
INFO  [ServerImpl] JBoss (Microcontainer) [5.1.2 (build: SVNTag=JBPAPP_5_1_2 date=201111102209)] Started in 40s:20ms

ok, now you can CTRL + C to end it

NOTE:
you can use command below to run as production profile
run.sh -c production -b 0.0.0.0

----------------------------------------------------------------------------------------------------------
Setup

the run.sh script was run based on default server
you should be notice there are many server at /opt/jboss/jboss-as/server/
for here, i just use the production server, so delete all other except production
# rm -rf all/ minimal/ standard/ web/ default

then go to production/conf folder and edit jboss-log4j.xml
this is to change the log to include the IP into it for easy recognize
# cd production/conf/
# vim jboss-log4j.xml

Change

<param name="File" value="${jboss.server.log.dir}/server.log"/>
<param name="File" value="${jboss.server.log.dir}/cluster.log"/>

To

<param name="File" value="${jboss.server.log.dir}/server.${jboss.bind.address}.log"/>
<param name="File" value="${jboss.server.log.dir}/cluster.${jboss.bind.address}.log"/>

Then go to props and edit jmx-console-users.properties
this file is control the username and password for the console login
# cd props/
# vim jmx-console-users.properties

remove the hash to enable it
remember to change it to other password

Now for the basic tuning,
go to production/deploy/jbossweb.sar and edit server.xml

From

 <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}" redirectPort="8443" />

 <Engine name="jboss.web" defaultHost="localhost">

To

<Connector port="8009" address="${jboss.bind.address}"
      emptySessionPath="true" enableLookups="false" redirectPort="8443"
      protocol="AJP/1.3" connectionTimeout="600000" maxThreads="500"
      useBodyEncodingForURI="true" URIEncoding="UTF-8" />
<Connector port="8009" address="127.0.0.1"
      emptySessionPath="true" enableLookups="false" redirectPort="8443"
      protocol="AJP/1.3" connectionTimeout="600000" maxThreads="500"
      useBodyEncodingForURI="true" URIEncoding="UTF-8" />

<Engine name="jboss.web" defaultHost="localhost" jvmRoute="node${jboss.messaging.ServerPeerID}">

<Valve className="org.jboss.web.tomcat.service.sso.ClusteredSingleSignOn" />

--------------------------------------------------------------------------------------------------
Start up File

Now here is the start up file,
This will easy to manage and can include to chkconfig startup list

go to /etc/init.d/ and create a new file name jboss
# vim /etc/init.d/jboss

paste the below content into it

--------------------------------
#!/bin/sh
#
# $Id: jboss_init_redhat.sh 90717 2009-06-30 23:04:46Z smarlow@redhat.com $
#
# JBoss Control Script
#
# chkconfig: - 85 15
# description: JBoss Application Server
# processname: jboss
#
# To use this script run it as root - it will switch to the specified user
#
# Here is a little (and extremely primitive) startup/shutdown script
# for RedHat systems. It assumes that JBoss lives in /usr/local/jboss,
# it's run by user 'jboss' and JDK binaries are in /usr/local/jdk/bin.
# All this can be changed in the script itself.
#
# Either modify this script for your requirements or just ensure that
# the following variables are set correctly before calling the script.

#define where jboss is - this is the directory containing directories log, bin, conf etc
JBOSS_HOME=${JBOSS_HOME:-"/opt/jboss/jboss-as"}

#define the user under which jboss will run, or use 'RUNASIS' to run as the current user
JBOSS_USER=${JBOSS_USER:-"jboss"}

#make sure java is in your path
JAVAPTH=${JAVAPTH:-"/usr/java/default/bin"}

#configuration to use, usually one of 'minimal', 'default', 'all'
JBOSS_CONF=${JBOSS_CONF:-"production"}

#if JBOSS_HOST specified, use -b to bind jboss services to that address
JBOSS_HOST=`ifconfig|grep 'inet addr:'|grep -v '127.0.0.1'|cut -d: -f2|awk 'NR==1{print $1}'`
JBOSS_BIND_ADDR=${JBOSS_HOST:+"-b $JBOSS_HOST"}  

#Clustering
JBOSS_PARTITION="cluster1"
JBOSS_PEERID=`echo $JBOSS_HOST|cut -d. -f4`
JBOSS_CLUSTER=${JBOSS_PARTITION:+"-g $JBOSS_PARTITION -Djboss.messaging.ServerPeerID=$JBOSS_PEERID -DjvmRoute=node$JBOSS_PEERID"}

#define the classpath for the shutdown class
JBOSSCP=${JBOSSCP:-"$JBOSS_HOME/bin/shutdown.jar:$JBOSS_HOME/client/jnet.jar"}

#define the script to use to start jboss
JBOSSSH=${JBOSSSH:-"/bin/sh $JBOSS_HOME/bin/run.sh -c $JBOSS_CONF $JBOSS_BIND_ADDR $JBOSS_CLUSTER"}

if [ "$JBOSS_USER" = "RUNASIS" ]; then
  SUBIT=""
else
  SUBIT="su - $JBOSS_USER -s /bin/sh -c "
fi

if [ -n "$JBOSS_CONSOLE" -a ! -d "$JBOSS_CONSOLE" ]; then
  # ensure the file exists
  touch $JBOSS_CONSOLE
  if [ ! -z "$SUBIT" ]; then
    chown $JBOSS_USER $JBOSS_CONSOLE
  fi
fi

if [ -n "$JBOSS_CONSOLE" -a ! -f "$JBOSS_CONSOLE" ]; then
  echo "WARNING: location for saving console log invalid: $JBOSS_CONSOLE"
  echo "WARNING: ignoring it and using /dev/null"
  JBOSS_CONSOLE="/dev/null"
fi

#define what will be done with the console log
JBOSS_CONSOLE=${JBOSS_CONSOLE:-"/dev/null"}

JBOSS_CMD_START="cd $JBOSS_HOME/bin; $JBOSSSH"
JBOSS_CMD_STOP=${JBOSS_CMD_STOP:-"java -classpath $JBOSSCP org.jboss.Shutdown --shutdown -s $JBOSS_HOST -u admin -p admin"}

if [ -z "`echo $PATH | grep $JAVAPTH`" ]; then
  export PATH=$PATH:$JAVAPTH
fi

if [ ! -d "$JBOSS_HOME" ]; then
  echo JBOSS_HOME does not exist as a valid directory : $JBOSS_HOME
  exit 1
fi


case "$1" in
start)
    echo JBOSS_CMD_START = $JBOSS_CMD_START
    cd $JBOSS_HOME/bin
    if [ -z "$SUBIT" ]; then
        eval $JBOSS_CMD_START >${JBOSS_CONSOLE} 2>&1 &
    else
        $SUBIT "$JBOSS_CMD_START >${JBOSS_CONSOLE} 2>&1 &"
    fi
    touch /var/lock/subsys/jboss
    ;;
stop)
    echo JBOSS_CMD_STOP = $JBOSS_CMD_STOP
    if [ -z "$SUBIT" ]; then
        $JBOSS_CMD_STOP
    else
        $SUBIT "$JBOSS_CMD_STOP"
    fi
    rm -rf $JBOSS_HOME/server/$JBOSS_CONF/tmp/*
    rm -rf $JBOSS_HOME/server/$JBOSS_CONF/work/*
    rm -rf /var/lock/subsys/jboss
    ;;
restart)
    $0 stop
    i=0
    while [ `ps ax|grep -v grep|grep java|wc -l` -gt 0 -a $i -lt 60 ]
    do
     sleep 1
     (( i += 1 ))
    done
    /usr/bin/killall -9 java
    $0 start
    ;;
*)
    echo "usage: $0 (start|stop|restart|help)"

esac

then change its permission to 755
# chmod 755 /etc/init.d/jboss

then add it into chkconfig list
# cd /etc/init.d/
# chkconfig --add jboss

inside the startup script, search admin word and update the password according to jmx-console-users.properties you done just now

then add user jboss for the script to run
# useradd jboss

then now change jboss folder owner to jboss
# chown -R jboss:jboss /opt/jboss

-----------------------------------------------------------------------------------------------------------
Putting the WAR file

Now for deploy WAR, just put the whole things at /production/deploy/ folder
start up the service and you can try access it at <your-IP>:8080

Note: Please give it 5-10 min to start
you can check is the command is running or not using
# ps -aux | grep jboss

for more troubleshooting, please first check the log file located at
/opt/jboss/jboss-as/server/production/log

Now your JBOSS is fully functional for production use
-----------------------------------------------------------------------------------------------------------
Connect to MySQL (Optional)

Install the MySQL
create databases jboss
create user jboss and full access to jboss database
Please refer to here for mysql setup if you don't know
MySQL Setup

1. download the appropriate driver for your MySQL at http://www.mysql.com/products/connector/
choose Connector/J
2. untar / unzip the file to get the jar file
3. copy the jar file to your /opt/jboss/jboss-as/server/production/lib/
4. copy the /opt/jboss/jboss-as/docs/example/jca/mysql-ds.xml file to /opt/jboss/jboss-as/server/production/deploy/
5. now open the mysql-ds.xml file to edit it
replace this 4 things
    <jndi-name>MySqlDS</jndi-name>
    <connection-url>jdbc:mysql://<Your-Server-IP>:3306/jboss</connection-url>
    <user-name>jboss</user-name>
    <password>jboss</password>

NOTE: 
If you choose to make mySQL your default database (DefaultDS), then change your jndi-name from MySqlDS to DefaultDS and be sure to delete the example $JBOSS_HOME/server/all/deploy/hsqldb-ds.xml which is also configured to be DefaultDS.
Then remove the /production/messaging/hsqldb-persistence-service.xml
and put this
cp /opt/jboss/jboss-as/docs/examples/jms/mysql-persistence-service.xml


Reference for MySQL:
https://community.jboss.org/wiki/SetUpAMysqlDatasource

----------------------------------------------------------------------------------------------------

Clustering

Ok, let add 1 more node into it for failover or load balance it.
the step is easy as it just repeat everything above, mean setup another duplicate.
the most important part is at the startup script.
if you see back the startup script i provide above, you should be notice got 1 word i highlight in red color. thats the keyword. as long as it is under same network zone and using the same keyword, it will auto detect and add as new member for the group.
during startup, you should see some info like this

INFO  [org.jboss.cache.RPCManagerImpl] (main) Received new cluster view: [172.20.1.172:55200|1] [172.20.1.172:55200, 172.20.1.173:55200]

----------------------------------------------------------------------------------------------------

Posted by at No comments:

Thursday, July 24, 2014

Installing Varnish cache in Centos 6

download you varnish cache from their official website
https://www.varnish-cache.org/releases
click on which OS you using, for mine, i using Centos, so i going to use red hat
once you click on it, it should be got 2 line command to install the repo so you can just install using yum

# rpm --nosignature -i https://repo.varnish-cache.org/redhat/varnish-4.0.el6.rpm
# yum install varnish

there will be got 3 file need to edit

  1. /etc/varnish/default.vcl
  2. /etc/sysconfig/varnish
  3. /etc/httpd/conf/httpd.conf

1. edit the file /etc/varnish/default.vcl
this file is to connect varnish cache to your apache. for me, i will decide to let apache use port 8080 while give varnish to use port 80. so for my configuration, i just change to this


backend default {
    .host = "127.0.0.1";
    .port = "8080";
}

2. edit the file /etc/sysconfig/varnish
you should be notice that inside this file, it got 3 alternative way to setup the config.
by default, it will use alternative 3, but for me, i prefer to use alternative 2 because simple
all you need to do is remove alternative 3 and enable alternative 2

DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -u varnish -g varnish \
             -S /etc/varnish/secret \
             -s file,/var/lib/varnish/varnish_storage.bin,254M"

for the option, i set varnish to use port 80
set localhost:6082 as listening address and port
set to read option we set at /etc/varnish/default.vcl
set to use user varnish and group varnish when start up
and set the cache file of 254M

you can increase the cache file size according to you case

3. edit the /etc/httpd/conf/httpd.conf
at here, we will set apache to use port 8080

Listen 8080


with all that done
you can try start up your varnish and httpd

# /etc/init.d/varnish start
# /etc/init.d/httpd start
you can verify it is running on varnish by using this command

# curl -I <your-server-IP>

you should see something like this mention varnish name

HTTP/1.1 200 OK
Date: Wed, 23 Jul 2014 18:35:53 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 22 Jul 2014 20:07:18 GMT
ETag: "2032a-e-4fecdc55090a2"
Content-Type: text/html; charset=UTF-8
X-Varnish: 19
Age: 0
Via: 1.1 varnish-v4
Content-Length: 14
Connection: keep-alive

----------------------------------------------------------------------------------------------------
Useful command for varnish

# varnishstat : Provides all the info you need to spot cache misses and errors.
# varnishhist : Provides a histogram view of cache hits/misses.
# varnishlog : Provides detailed information on requests.
# varnishtop : It reads varnishd shared memory logs and presents a most commonly occurring log entries.
# varnishadm : Command-line varnish administration used to reload vcl and purge urls.
----------------------------------------------------------------------------------------------------
I still learning and will record down more on the option




Posted by at No comments:

Wednesday, July 16, 2014

Installing VMware tools in Centos 7

here is another simple way of installing vmware tools,
# yum install open-vm-tools
# systemctl start vmtoolsd.service

enable vm tools to start on boot
# systemctl enable vmtoolsd.service

reference:
https://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=2073803&sliceId=1&docTypeID=DT_KB_1_1

For those having problem, please follow back the below guide for manual installation

-: above information updated on 6th April 2016

---------------------------------------------------------------------------------------------------------------

I am using VMware Player version 6.0.2 build-1744117

After done format Centos 7 (i format using minimal option)
you need to install few package to be use for installing the vmware tools
after done install and update, reboot it

If you are format choosing minimal option as well,
you might need to install Development tools group
# yum groupinstall "Development Tools"

and also please make sure you had perl install

below is the package needed for vmware to be use:-
- net-tools (to provide ifconfig command)
- kernel-headers
- kernel-devel
- gcc

# yum install net-tools kernel-headers kernel-devel gcc
# yum update
# reboot

after done reboot, mount the cdrom to /media

# mount /dev/cdrom /media

then copy out the VMwareTools-x.x.x.tar.gz to your root folder
then extract out the file

# cp VMwareTools-x.x.x.tar.gz /root/
# tar -zxvf VMwareTools-x.x.x.tar.gz
# cd vmware-tools-distrib

then run the vmware-install.pl
just click enter for all option
Posted by at 8 comments:

Friday, June 27, 2014

Jboss 6

1. install java in Linux
# yum install java
verify it by using this command
# java -version

2. download Jboss
you can get the latest or older version at http://jbossas.jboss.org/downloads/
for here, i use the latest package
# wget http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip
then extract it to /opt folder
# unzip jboss-as-7.1.1.Final.zip -d /opt

3. add user jboss and update the folder permission
# useradd jboss
# chown -R jboss:jboss /opt/jboss

4. create jboss admin
# cd /opt/jboss/bin
# ./add-user.sh

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): a

Enter the details of the new user to add.
Realm (ManagementRealm) :
Username : admin
Password :
Re-enter Password :
The username 'admin' is easy to guess
Are you sure you want to add user 'admin' yes/no? yes
About to add user 'admin' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'admin' to file '/opt/jboss-eap-6.0/standalone/configuration/mgmt-users.properties'
Added user 'admin' to file '/opt/jboss-eap-6.0/domain/configuration/mgmt-users.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <secret value="amJvc3M=" />


NOTE: please keep the secret value as we will need it later on configuration file
-----------------------------------------------------------------------------------------------------------

For Master domain controller

1. go to  domain/configuration folder
# cd /opt/jboss/domain/configuration

2. update the interface IP to your server IP
# vim host-master.xml

from:
    <interfaces>
        <interface name="management">
            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
        </interface>
    </interfaces>
to
    <interfaces>
        <interface name="management">
            <inet-address value="${jboss.bind.address.management:172.30.10.100}"/>
        </interface>
    </interfaces>

3. start up the services
# cd /opt/jboss/bin
# ./domain.sh --host-config=host-master.xml&

this is to tell the system which config to use and by adding "&" at the end will make it run at background but still showing out the output
you should be see some output like this at the end to indicate the services was started

       Started 11 of 11 services (0 services are passive or on-demand)

Then you can try to access it using your browser by entering this
<your-server-ip>:9990
for mine, it will be 172.30.10.100:9990
enter the username and password you just setup for the system and you will see the interface


---------------------------------------------------------------------------------------------------------

For Slave domain controller

1. go to  domain/configuration folder
# cd /opt/jboss/domain/configuration

2. update the interface IP to your server IP
# vim host-slave.xml

From
<host xmlns="urn:jboss:domain:1.3">

To
<host name="host1" xmlns="urn:jboss:domain:1.3">

---------------

From
                <server-identities>
                     <!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
                     <secret value="c2xhdmVfdXNlcl9wYXNzd29yZA=="/>
                </server-identities>

To
                <server-identities>
                     <!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
                     <secret value="amJvc3M="/>
                </server-identities>

NOTE: the secret value is obtain when you add user to your jboss system

---------------

From
    <domain-controller>
       <remote host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" security-realm="ManagementRealm"/>
    </domain-controller>

To
    <domain-controller>
       <remote host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}" username="admin" security-realm="ManagementRealm"/>
    </domain-controller>

NOTE: this is to tell which user to connect to at master domain controller

---------------

From
    <interfaces>
        <interface name="management">
            <inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
        </interface>
        <interface name="public">
           <inet-address value="${jboss.bind.address:127.0.0.1}"/>
        </interface>
        <interface name="unsecure">
            <!-- Used for IIOP sockets in the standard configuration.
                 To secure JacORB you need to setup SSL -->
            <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
        </interface>
    </interfaces>

To
    <interfaces>
        <interface name="management">
            <inet-address value="${jboss.bind.address.management:<your-server-ip>}"/>
        </interface>
        <interface name="public">
           <inet-address value="${jboss.bind.address:<your-server-ip>}"/>
        </interface>
        <interface name="unsecure">
            <!-- Used for IIOP sockets in the standard configuration.
                 To secure JacORB you need to setup SSL -->
            <inet-address value="${jboss.bind.address.unsecure:<your-server-ip>}"/>
        </interface>
    </interfaces>

NOTE: you can check your server ip using ifconfig command

--------------

3. Now all config done, is time to start up the services
# cd /opt/jboss/bin
# ./domain.sh --host-config=host-slave.xml -Djboss.domain.master.address=172.20.10.100

NOTE: 172.20.10.100 is my master domain controller IP.
-Djboss.domain.master.address is just to point it to master domain IP

At the end of line, you should be see this log if success

[Host Controller] 20:53:25,835 INFO  [org.jboss.as.host.controller] (proxy-threads - 2) JBAS010919: Registering server server-one
[Host Controller] 20:53:25,835 INFO  [org.jboss.as.host.controller] (proxy-threads - 1) JBAS010919: Registering server server-two

Now at your browser, refresh it
you should be see your master and host 1 under the Host: option


Just repeat the same step if you want to add host2

Posted by at No comments:

Friday, June 20, 2014

Install Magento in Centos 6

This will be simple guide for installing Magento in Centos 6

1. Install needed service
before that, add Epel repo first as we needed some package from there
# rpm -ivh http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
then now proceed with the installation 
# yum install httpd mysql mysql-server php php-xml php-mcrypt mcrypt gd php-gd php-mysql

then setup your mysql server accordingly 
you need to create a database and user

for reference on how to setup mysql, please refer to 

2. get the latest Magento and extract it at your web folder

try get the latest version from Magento

# wget http://www.magentocommerce.com/downloads/assets/1.9.0.1/magento-1.9.0.1.tar.gz
# tar-zxvf magento-1.9.0.1.tar.gz

3. start up your httpd and mysql services. Then at your browser go to <your ip>/magento and follow the wizard guide

during the wizard installation, you will reach a pages where it told you unable to write file into a list of dir.
just change those Dir to use 777 and file use 666 permission



Common error message and solution
PHP extension "dom" must be loaded. -> install php-xml
PHP extension "mcrypt" must be loaded. -> install php-mcrypt + mcrypt
PHP extension "gd" must be loaded. -> install php-gd
php extensions pdo_mysql must be loaded -> install php-mysql
Posted by at 1 comment:

Friday, April 18, 2014

setup postfix

# yum install postfix

If you using sendmail before, please remove it to avoid smtp port taken up by sendmail
# yum remove sendmail

you can check and configure which to use for the main MTA
# alternatives --config mta

Open and edit the postfix config 
# vim /etc/postfix/main.cf.
Normally postfix server could be used directly out of the box. However to make sure you have more control on it, a few tuning needed to be done.
In /etc/postfix/main.cf , you need to change myhostnam, mydomain and myorigin. for example,


     myhostname=mail.gabby.com
 
     mydomain=gabby.com #Normally this will need not to be done, as the postfix server will use your system domain name.
 
     myorigin=$myhostname

Let say if your $myhostname is mail.gabby.com, your email sending from this host will have gab@mail.gabby.com appear in the email 'From' if you're logging in as gab. If you're logging in as root, the recipient will get an email from root@mail.gabby.com


Make sure also

     mydestination=localhost, localhost.$mydomain, $myhostname
this is to tell the postfix, if it receives an email end with @localhost, @localhost.offgamers.lan, @my-proxy.offgamers.lan, he will not deliver that email 'out' from that box, and it will deliver locally which mean no 'sending' will be done. This is important to prevent infinite loop of the email sent out from this box.


     mynetworks_style=host
     relay_domains=
to prevent this box from receiving other email server to relay out emails and it will not sending relay email to other email server as well. This help stopping this box become a relay zombie for spamming.


Becareful that if that mail server is used by REMOTE client to post mail, then the mynetworks_style need to put as


     mynetworks_style=subnet
     inet_interfaces=all
if the REMOTE client is in the same subnet, to surf for as a small LAN mail server for the subnet.


You also need to change /etc/syslog.conf , from
mail.*     -/var/log/maillog
to 
mail.*     /var/log/maillog
to prevent Asynchronous log writing as this email server only used by the local box hence the traffic is not heavy till need to use an Asynchronous log writing. That is only vital for a production mail server.Restart syslogd to have the result updated

# /etc/init.d/syslog restart

If you are using hostname same with the email, your postfix will send to gab locally instead of sending to gab@mail.gabby.com
to solve this, you need to remove the $myhostname from mydestionation

     mydestination=localhost, localhost.$mydomain

but by doing this, all your root email will not be send to you locally and will send out to root@mail.gabby.com. in order to deliver the email locally for root users you need set up virtual aliases as follow:

# vim /etc/postfix/main.cf
     
     virtual_alias_maps = hash:/etc/postfix/virtual

# vim /etc/postfix/virtual

     root     root@localhost

after done, execute this command

# postmap /etc/postfix/virtual
Posted by at No comments:

Friday, March 28, 2014

create SSH key using puttygen and connect to linux server

here will show you how to create public key and connect to Linux server.
First of all, you need to install puttygen, you can get it from http://winscp.net/download/puttygen.exe

1. Click Generate 


2. Just move around your mouse cursor inside the box until it done process


3. Copy the key and paste to your server at ./ssh/authorized_keys and save down the private key


If you want to enable password when connect using this private key, just enter password here before you click save private key. everytime you use this private key to connect to your server, it will ask for password



Now you can try connect using Putty
remember to select your private key at Connection > SSH > Auth




Troubleshoot
1. If it show error message " server refused our key"
please make sure the file at ./ssh/authorized_keys is using 700 permission

2. For other error, you can enable LogLevel DEBUG3 at /etc/ssh/sshd_config. Then monitor the log at /var/log/secure



Posted by at No comments:

Wednesday, March 26, 2014

AWS mount S3 bucket to amazon linux

Before start, please create S3 bucket first as this will be needed to mount to your EC2 instance.
There is 2 way to connect and mount S3 into your EC2. One is using user secret key and access and another is using the IAM role.


Here is the step by step to create IAM user access

1. Login to your AWS console and go to IAM section.
2. Click create a new group of users


3. create a project name


4. select Amazon S3 Full Access


5. Click Continue


6. Create a users for this if you do not have a user or add existing users. this is if you have another users to manage your AWS and limited access. If you are admin itself, just go to account and use the security key and secret key


7. confirm the details and click Continue


8. drop down and save your access key ID and secret access key



Here is the step by step for creating IAM roles

1. Click on Roles and create new role


2. Create a role name


3. Select Amazon EC2


4.  Select Amazon S3 Full Access


5. Click Continue


6. Confirm everything and create role




Now you need to create an EC2 instance, but do take note, during creating, you should be stop at this pages, and you need to select the IAM role to the one you created just now





After done create an instance, ssh into it and we start to install package needed

this is package needed for later use
# yum install kernel-devel libxml2-devel curl-devel gcc gcc-c++ pkgconfig openssl-devel subversion git -y

this is the package we will be using to install and mount
# yum install automake fuse fuse-devel -y

download down the latest s3fs-fuse package
# git clone https://github.com/s3fs-fuse/s3fs-fuse.git

configure, make, and make install
# cd s3fs-fuse
#  ./configure --prefix=/usr
# make
# make install

Now we create a folder for mounting
#  mkdir /data

If you are using IAM role, mount it using this command
# /usr/bin/s3fs <bucket name> /data -o rw,allow_other,uid=0,gid=0,default_acl=public-read,iam_role=<IAM role name>

If you are using user secretkey and access
# echo "<Access Key ID>:<Secret Access Key>" | tee -a /etc/passwd-s3fs
# chmod 640 /etc/passwd-s3fs


then mount it using this command


# /usr/bin/s3fs <Bucket Name> /data -o rw,allow_other,uid=<UID>,gid=<GID>,default_acl=public-read








After success, you can use df to show out the partition to confirm it










Posted by



at





2 comments:
  


































          

        

          

        

Thursday, March 20, 2014


          

        









FTP access locked at web directory










This post will teach you how to install FTP service to your server and create users which is locked to web directories.



Install FTP services

     # yum install vsftpd



now we create user which is without home directory and remove users mailbox. Then we will update its password.

     # useradd -M ftpuser

     # rm -rf /var/spool/mail/ftpuser

     # passwd ftpuser



this will make parent directory and update it to user login directory

     # mkdir -p /var/www/html/ftpfiles

     # usermod -d /var/www/html/ftpfiles



Open and edit ftp config to lock the user at their home directory

     # vim /etc/vsftpd/vsftpd.conf



and enable " chroot_local_user=YES "



Now this ftpuser will be lock at its home directory once login and unable to access other folder



we need to enable ftpuser to upload file into it

since i locking it to web directory, i set the owner to apache



     # chown apache:apache ftpuser



now add ftpuser to belong to apache group



     # useradd -G apache ftpuser



DONE

now you can try ftp into it



note 1

add this line to force active mode


pasv_enable=NO










Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)