What is the Difference between Call Filter and Data Filter?

Hello,

I have confused between Call Filter and Data Filter in Vigor Draytek configuration.

I search officially document and googled relatively link. Finally I see what I need in i-helpdesk.com.au

Now I show you that hope it can help reduce your time. Hope you see this post in the top result of google :))

IP filter architecture categorizes traffic into two types: Call Filter and Data Filter. This is based on whether the Internet connection is up or down (WAN link status is up or down).

Call Filter – applies when there is no existing Internet connection.The Call Filter is applied to all outgoing traffic. It will check packets according to the filter rules. If legal, the packet will be allowed to pass. Then the router shall “initiate a call” to start the Internet connection and send the packet out to Internet.

Data Filter – applies when there is an existing Internet connection. The Data Filter is applied to incoming and outgoing traffic. It will check packets according to the filter rules. If legal, the packet will be allowed to pass through the router.

The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively.

 

Thank you :)

Source:  http://www.i-helpdesk.com.au/index.php?/Knowledgebase/Article/View/277/0/what-is-the-difference-between-call-filter-and-data-filter

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

Wireshark Filters frequently use

Hello,

I show you somes Wireshark Filters frequently use :) Hope this help,

1.       ip.addr == 10.0.0.1
[Sets a filter for any packet with 10.0.0.1, as either the source or dest]

2.       ip.addr==10.0.0.1  && ip.addr==10.0.0.2
[sets a conversation filter between the two defined IP addresses]

3.       http or dns
[sets a filter to display all http and dns]

4.       tcp.port==4000
[sets a filter for any TCP packet with 4000 as a source or dest port]

5.       tcp.flags.reset==1
[displays all TCP resets]

6.       http.request
[displays all HTTP GET requests]

7.       tcp contains traffic
[displays all TCP packets that contain the word ‘traffic’. Excellent when searching on a specific string or user ID]

8.       !(arp or icmp or dns)
[masks out arp, icmp, dns, or whatever other protocols may be background noise. Allowing you to focus on the traffic of interest]

9.       udp contains 33:27:58
[sets a filter for the HEX values of 0x33 0x27 0x58 at any offset]

10.   tcp.analysis.retransmission
[displays all retransmissions in the trace. Helps when tracking down slow application performance and packet loss]

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

[HOW TO] remove the special character in linux?

Do you need to remove the special character in linux?

A quick tip will be help you.

Firstly, you use "ls -il" to show the inode information of file/ folder

[~]# ls -il
total 17900
1048619 -rw-r--r--  1 root root     297 Jul 23 15:15 \

To be continued, you use find command to delete them by inode

[~]#find . -inum  1048619 -exec rm -rf {} \;

It will find and remove them without prompt.

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

[HOW TO] Easiest way to fix MySQL UTF8 to Latin1 character set encoding issues.

MySQL originally used the latin1 character set by default which stored characters in a 2-byte sequence. In recent versions it defaults to UTF-8 to be friendlier to international users.

When migrating MySQL databases, occasionally you’ll see odd characters appear on the new system. For example, a simple quote mark may be replaced by 4-5 characters of junk symbols.

This happens when MySQL is trying to display characters using a different character set to the one they are stored in. To fix, we need to make sure the database is marked as latin1 when we export it from the old system, and then re-encode it into UTF-8 when importing it into it’s new home.

Export:

mysqldump -u $user -p --opt --quote-names --skip-set-charset \
--default-character-set=latin1 $dbname > dump.sql

Import:

mysql -u $user -p --default-character-set=utf8 $dbname < dump.sql

Source: blog . Thank you :)

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

[HOW TO] Export mysql result to csv file

Hello,

Export mysql result to csv file is necessary. It is useful in case of you need to send the result to developer or others.

You can follow:

SELECT *
FROM report
INTO OUTFILE '/tmp/orders.csv'
FIELDS TERMINATED BY ','
ENCLOSED BY '"'
LINES TERMINATED BY '\n';

What it means?
FIELDS TERMINATED BY ',' :the fields will be separated by commas,
ENCLOSED BY '"' :each field will be enclosed in “double quotes,”
LINES TERMINATED BY '\n'; :each row will be output on a new line separated by a newline (\n)

Hope this help!

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

Export/Import/Create database with exact character set (eg. utf8)

Hello,

A short article,

1. Export database with exact character set (eg. utf8)

$mysqldump -uUSERNAME -pPASSWORD --default-character-set=utf8 USER_DATABASE > backup.sql

2. Import database with exact character set (eg. utf8)

#mysql -uUSERNAME -pPASSWORD --default-character-set=utf8 USER_DATABASE < backup.sql

3. Create database with exact character set (eg. utf8)

$mysql -uroot -p
...
mysql> CREATE DATABASE mydb CHARACTER SET utf8;

 

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

[HOW TO] copy multiple files from remote host to local host

Hello,


A short article,

copy multiple files from remote host to local host

$scp your_user_remotehost@remote_host:/direct1/\{file1,file2,file3\} /home/local_host

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

Install Sun/Oracle Java JDK/JRE 7u79/80 on Fedora 22/21/20/19, CentOS/Red Hat (RHEL) 7.1/6.6/5.11

1. Download Sun/Oracle Java JDK/JRE 7u79/80 32-bit/64-bit RPM packages

Download Sun/Oracle Java 7u79 or 7u80 from here http://www.oracle.com/technetwork/java/javase/downloads/index.html. Select rpm package (jdk-7u79-linux-i586.rpm, jdk-7u79-linux-x64.rpm, jre-7u79-linux-i586.rpm or jre-7u79-linux-x64.rpm) or (jdk-7u80-linux-i586.rpm, jdk-7u80-linux-x64.rpm, jre-7u80-linux-i586.rpm or jre-7u80-linux-x64.rpm).

2. Change to root user.

sudo -i

## OR ##

su -

3. Install Java JDK or JRE package

## JDK 32-bit ##

rpm -Uvh /path/to/binary/jdk-7u79-linux-i586.rpm

# OR #

rpm -Uvh /path/to/binary/jdk-7u80-linux-i586.rpm

## JDK 64-bit ##

rpm -Uvh /path/to/binary/jdk-7u79-linux-x64.rpm

# OR #

rpm -Uvh /path/to/binary/jdk-7u80-linux-x64.rpm

## JRE 32-bit ##

rpm -Uvh /path/to/binary/jre-7u79-linux-i586.rpm

# OR #

rpm -Uvh /path/to/binary/jre-7u80-linux-i586.rpm

## JRE 64-bit ##

rpm -Uvh /path/to/binary/jre-7u79-linux-x64.rpm

# OR #

rpm -Uvh /path/to/binary/jre-7u80-linux-x64.rpm

4a. Install Sun/Oracle JDK java, javaws, libjavaplugin.so (for Firefox/Mozilla) and javac with alternatives –install command

Use Java JDK latest version (/usr/java/latest)

## java ##

alternatives --install /usr/bin/java java /usr/java/latest/jre/bin/java 200000

## javaws ##

alternatives --install /usr/bin/javaws javaws /usr/java/latest/jre/bin/javaws 200000

## Java Browser (Mozilla) Plugin 32-bit ##

alternatives --install /usr/lib/mozilla/plugins/libjavaplugin.so libjavaplugin.so /usr/java/latest/jre/lib/i386/libnpjp2.so 200000

## Java Browser (Mozilla) Plugin 64-bit ##

alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /usr/java/latest/jre/lib/amd64/libnpjp2.so 200000

## Install javac only if you installed JDK (Java Development Kit) package ##

alternatives --install /usr/bin/javac javac /usr/java/latest/bin/javac 200000

alternatives --install /usr/bin/jar jar /usr/java/latest/bin/jar 200000

Use Java JDK CPU absolute version (/usr/java/jdk1.7.0_79)

## java ##
alternatives --install /usr/bin/java java /usr/java/jdk1.7.0_79/jre/bin/java 200000
## javaws ##
alternatives --install /usr/bin/javaws javaws /usr/java/jdk1.7.0_79/jre/bin/javaws 200000

## Java Browser (Mozilla) Plugin 32-bit ##
alternatives --install /usr/lib/mozilla/plugins/libjavaplugin.so libjavaplugin.so /usr/java/jdk1.7.0_79/jre/lib/i386/libnpjp2.so 200000

## Java Browser (Mozilla) Plugin 64-bit ##
alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /usr/java/jdk1.7.0_79/jre/lib/amd64/libnpjp2.so 200000

## Install javac only if you installed JDK (Java Development Kit) package ##
alternatives --install /usr/bin/javac javac /usr/java/jdk1.7.0_79/bin/javac 200000
alternatives --install /usr/bin/jar jar /usr/java/jdk1.7.0_79/bin/jar 200000

 

Use Java JDK PSU absolute version (/usr/java/jdk1.7.0_80)

## java ##
alternatives --install /usr/bin/java java /usr/java/jdk1.7.0_80/jre/bin/java 200000
## javaws ##
alternatives --install /usr/bin/javaws javaws /usr/java/jdk1.7.0_80/jre/bin/javaws 200000

## Java Browser (Mozilla) Plugin 32-bit ##
alternatives --install /usr/lib/mozilla/plugins/libjavaplugin.so libjavaplugin.so /usr/java/jdk1.7.0_80/jre/lib/i386/libnpjp2.so 200000

## Java Browser (Mozilla) Plugin 64-bit ##
alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /usr/java/jdk1.7.0_80/jre/lib/amd64/libnpjp2.so 200000
## Install javac only if you installed JDK (Java Development Kit) package ##
alternatives --install /usr/bin/javac javac /usr/java/jdk1.7.0_80/bin/javac 200000
alternatives --install /usr/bin/jar jar /usr/java/jdk1.7.0_80/bin/jar 200000

 

4b. Install Sun/Oracle JRE java, javaws and libjavaplugin.so (for Firefox/Mozilla) with alternatives –install command

Use Java JRE latest version (/usr/java/latest)

## java ##
alternatives --install /usr/bin/java java /usr/java/latest/bin/java 200000

## javaws ##
alternatives --install /usr/bin/javaws javaws /usr/java/latest/bin/javaws 200000

## Java Browser (Mozilla) Plugin 32-bit ##
alternatives --install /usr/lib/mozilla/plugins/libjavaplugin.so libjavaplugin.so /usr/java/latest/lib/i386/libnpjp2.so 200000

## Java Browser (Mozilla) Plugin 64-bit ##
alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /usr/java/latest/lib/amd64/libnpjp2.so 200000

 

Use Java JRE CPU absolute version (/usr/java/jre1.7.0_79)

## java ##
alternatives --install /usr/bin/java java /usr/java/jre1.7.0_79/bin/java 200000

## javaws ##
alternatives --install /usr/bin/javaws javaws /usr/java/jre1.7.0_79/bin/javaws 200000

## Java Browser (Mozilla) Plugin 32-bit ##
alternatives --install /usr/lib/mozilla/plugins/libjavaplugin.so libjavaplugin.so /usr/java/jre1.7.0_79/lib/i386/libnpjp2.so 200000

## Java Browser (Mozilla) Plugin 64-bit ##
alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /usr/java/jre1.7.0_79/lib/amd64/libnpjp2.so 200000

 

Use Java JRE PSU absolute version (/usr/java/jre1.7.0_80)

## java ##
alternatives --install /usr/bin/java java /usr/java/jre1.7.0_80/bin/java 200000

## javaws ##
alternatives --install /usr/bin/javaws javaws /usr/java/jre1.7.0_80/bin/javaws 200000

## Java Browser (Mozilla) Plugin 32-bit ##
alternatives --install /usr/lib/mozilla/plugins/libjavaplugin.so libjavaplugin.so /usr/java/jre1.7.0_80/lib/i386/libnpjp2.so 200000

## Java Browser (Mozilla) Plugin 64-bit ##
alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /usr/java/jre1.7.0_80/lib/amd64/libnpjp2.so 200000

 

5. Check current java, javac, javaws and libjavaplugin.so versions

java -version
java version "1.7.0_79"
Java(TM) SE Runtime Environment (build 1.7.0_79-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)

javaws
Java(TM) Web Start 10.51.2.13-fcs
[...]

javac -version
javac 1.7.0_79

6. Swap between OpenJDK and Sun/Oracle Java JDK/JRE 6 and 7 versions

java

alternatives --config java

There are 5 programs which provide 'java'.

  Selection    Command
-----------------------------------------------
*  1           /usr/java/jdk1.6.0_24/jre/bin/java
   2           /usr/lib/jvm/jre-1.5.0-gcj/bin/java
 + 3           /usr/java/jdk1.6.0_26/jre/bin/java
   4           /usr/lib/jvm/jre-1.6.0-openjdk/bin/java
   5           /usr/java/jdk1.7.0_79/jre/bin/java

Enter to keep the current selection[+], or type selection number: 5

 

javaws

alternatives --config javaws

There are 3 programs which provide 'javaws'.

  Selection    Command
-----------------------------------------------
*  1           /usr/java/jdk1.6.0_24/jre/bin/javaws
 + 2           /usr/java/jdk1.6.0_26/jre/bin/javaws
   3           /usr/java/jdk1.7.0_79/jre/bin/javaws

Enter to keep the current selection[+], or type selection number: 3

 

libjavaplugin.so (32-bit)

alternatives --config libjavaplugin.so

There are 3 programs which provide 'libjavaplugin.so'.

  Selection    Command
-----------------------------------------------
*  1           /usr/java/jdk1.6.0_24/jre/lib/i386/libnpjp2.so
 + 2           /usr/java/jdk1.6.0_26/jre/lib/i386/libnpjp2.so
   3           /usr/java/jdk1.7.0_79/jre/lib/i386/libnpjp2.so

Enter to keep the current selection[+], or type selection number: 3

 

libjavaplugin.so.x86_64 (64-bit)

alternatives --config libjavaplugin.so.x86_64

There are 3 programs which provide 'libjavaplugin.so.x86_64'.

  Selection    Command
-----------------------------------------------
*  1           /usr/java/jdk1.6.0_24/jre/lib/amd64/libnpjp2.so
 + 2           /usr/java/jdk1.6.0_26/jre/lib/amd64/libnpjp2.so
   3           /usr/java/jdk1.7.0_79/jre/lib/amd64/libnpjp2.so

Enter to keep the current selection[+], or type selection number: 3

 

javac

alternatives --config javac

There are 3 programs which provide 'javac'.

  Selection    Command
-----------------------------------------------
*  1           /usr/java/jdk1.6.0_24/bin/javac
 + 2           /usr/java/jdk1.6.0_26/bin/javac
   3           /usr/java/jdk1.7.0_79/bin/javac

Enter to keep the current selection[+], or type selection number: 3

 

Post-Installation Setup

Add JAVA_HOME environment variable to /etc/profile file or $HOME/.bash_profile file
Java JDK and JRE latest version (/usr/java/latest)

## export JAVA_HOME JDK/JRE ##
export JAVA_HOME="/usr/java/latest"

Java JDK and JRE absolute version (/usr/java/jdk1.7.0_79)

## export JAVA_HOME JDK ##
export JAVA_HOME="/usr/java/jdk1.7.0_79"

## export JAVA_HOME JRE ##
export JAVA_HOME="/usr/java/jre1.7.0_79"

Java JDK and JRE absolute version (/usr/java/jdk1.7.0_80)

## export JAVA_HOME JDK ##
export JAVA_HOME="/usr/java/jdk1.7.0_80"

## export JAVA_HOME JRE ##
export JAVA_HOME="/usr/java/jre1.7.0_80"

Totally reference: http://www.if-not-true-then-false.com/2010/install-sun-oracle-java-jdk-jre-7-on-fedora-centos-red-hat-rhel/

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[HOW TO] fix :com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: No operations allowed after connection closed

The last week, when check the logs of Tomcat, I see:

com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: No operations allowed after connection closed

Humn, it looks like the MySQL connection has a problem about connection pooling. Mysql implicitly closed the db connection because the db connection has been inactive too long time ( 34,247,052 milliseconds ).so you prgram fetch a bad connection from connection-pool, and that cause the 'MySQLNonTransientConnectionException: No operations allowed after connection closed'

mysql suggests 'You should consider either expiring and/or testing connection validity before use in your application, increasing the server configured values for client timeouts, or using the Connector/J connection property 'autoReconnect=true' to avoid this problem.'

How to solve it?

In case of me, If you use Mysql, you can set autoReconnect property:

url="jdbc:mysql://localhost:3307/merchant-mc useUnicode=yes&amp;characterEncoding=UTF-8&amp;autoReconnect=true"

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

Linux Disable Core Dumps

Only software developers legitimately need to access core files and none of my production web server requires a core dump. How do I disable core dumps on Debian / CentOS / RHEL / Fedora Linux to save large amounts of disk space?

A core dump file is the memory image of an executable program when it was terminated by the operating system due to various error behavior.

Reference link: http://www.cyberciti.biz/faq/linux-disable-core-dumps/  Thank .cyberciti.biz :)

Disable Core Dumps

To disable core dumps for all users, open /etc/security/limits.conf, enter:
# vi /etc/security/limits.conf
Make sure the following config directive exists:

* hard core 0

Save and close the file. Once a hard limit is set in /etc/security/limits.conf, the user cannot increase that limit within his own session. Add fs.suid_dumpable = 0 to /etc/sysctl.conf file:
# echo 'fs.suid_dumpable = 0' >> /etc/sysctl.conf
# sysctl -p
This will make sure that core dumps can never be made by setuid programs. Finally, add the following to /etc/profile to set a soft limit to stop the creation of core dump files for all users (which is default and must be disabled):
# echo 'ulimit -S -c 0 > /dev/null 2>&1' >> /etc/profile

Intrusion detection tools on Linux - AIDE

AIDE is an opensource file integrity check tool. It can help you verifying files integrity in an easy way.

1. Install AIDE package on CentOS/RHEL:

# yum install -y aide

2. Check and adjust aide configuration file to fulfill your needs:

# vim /etc/aide.conf

3. Initialize AIDE database - it will scan all the files in folders that were included in the config file and save their hash as well as attributes info

4. You may consider keeping golden copy of AIDE database (default is set to /var/lib/aide/aide.db.gz) is secure and read-only location. It will allow you to compare current system integrity to the golden copy.
To check what changed run:

# aide -C

If you get "Couldn't open file /var/lib/aide/aide.db.gz for reading" error it means you need to move database generated in step 3 to this location:

#  mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

In this article, I am totally follow in his instruction: http://sysadmin-notepad.blogspot.com/2013/07/intrusion-detection-tools-on-linux-aide.html

Thank you :)

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

[HOW TO] use yum history to roll back an update in CentOS

You just updated OS. Unlucky, some applications has a errors, it can not start properly.

Rollback is the right action that you need. How to roll back an update?

In this article I show you

Environment:

CentOS 6.6
yum

Resolution

Note: Downgrading a system to minor version (ex: RHEL6.1 to RHEL6.0) is not recommended as this might leave the system in broken state where libgcc and other libraries won't rollback as expected. Use the history option for small update rollbacks.

Note: Rollback of selinux-policy-* package to older version is not supported.

If you decide to proceed with rollback, rather then reinstall, here are the instructions:

Red Hat Enterprise Linux 6 includes the yum history module which helps to rollback any updates done with the yum command. With this command, you can choose an update yum issued and remove those selected packages. The following is an example while installing the screen package:

[root@localhost ~]# yum install screen
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
rhel-6-server-rpms                                                                                                                             | 2.4 kB     00:00     
rhel-ha-for-rhel-6-server-rpms                                                                                                                 | 2.4 kB     00:00     
rhel-lb-for-rhel-6-server-rpms                                                                                                                 | 2.0 kB     00:00     
rhel-rs-for-rhel-6-server-rpms                                                                                                                 | 2.4 kB     00:00     
rhel-scalefs-for-rhel-6-server-rpms                                                                                                            |  951 B     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package screen.i686 0:4.0.3-16.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================
 Package                            Arch                             Version                                     Repository                                      Size
======================================================================================================================================================================
Installing:
 screen                             i686                             4.0.3-16.el6                                rhel-6-server-rpms                             484 k

Transaction Summary
======================================================================================================================================================================
Install       1 Package(s)                                                                                                                                            

Total download size: 484 k                                                                                                                                            
Installed size: 484 k                                                                                                                                                 
Is this ok [y/N]: y                                                                                                                                                   
Downloading Packages:                                                                                                                                                 
screen-4.0.3-16.el6.i686.rpm                                                                                                                   | 484 kB     00:08     
Running rpm_check_debug                                                                                                                                               
Running Transaction Test                                                                                                                                              
Transaction Test Succeeded                                                                                                                                            
Running Transaction
  Installing : screen-4.0.3-16.el6.i686                                                                                                                           1/1 
rhel-6-server-rpms/productid                                                                                                                   | 1.7 kB     00:00     
rhel-ha-for-rhel-6-server-rpms/productid                                                                                                       | 1.7 kB     00:00     
rhel-lb-for-rhel-6-server-rpms/productid                                                                                                       | 1.7 kB     00:00     
rhel-rs-for-rhel-6-server-rpms/productid                                                                                                       | 1.7 kB     00:00     
duration: 319(ms)
Installed products updated.

Installed:
  screen.i686 0:4.0.3-16.el6                                                                                                                                          

Complete!

[root@localhost ~]# yum history
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
ID     | Login user               | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
     8 | root <root>              | 2011-10-03 14:40 | Install        |    1   
     7 | root <root>              | 2011-09-21 04:24 | Install        |    1 ##
     6 | root <root>              | 2011-09-21 04:23 | Install        |    1 ##
     5 | root <root>              | 2011-09-16 13:35 | Install        |    1   
     4 | root <root>              | 2011-09-16 13:33 | Erase          |    1   
     3 | root <root>              | 2011-09-14 14:36 | Install        |    1   
     2 | root <root>              | 2011-09-12 15:48 | I, U           |   80   
     1 | System <unset>           | 2011-09-12 14:57 | Install        | 1025 

[root@localhost ~]# yum history undo 8
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
rhel-6-server-rpms                                                                                                                             | 2.4 kB     00:00     
rhel-ha-for-rhel-6-server-rpms                                                                                                                 | 2.4 kB     00:00     
rhel-lb-for-rhel-6-server-rpms                                                                                                                 | 2.0 kB     00:00     
rhel-rs-for-rhel-6-server-rpms                                                                                                                 | 2.4 kB     00:00     
rhel-scalefs-for-rhel-6-server-rpms                                                                                                            |  951 B     00:00     
Undoing transaction 8, from Mon Oct  3 14:40:01 2011
    Install screen-4.0.3-16.el6.i686
Resolving Dependencies
--> Running transaction check
---> Package screen.i686 0:4.0.3-16.el6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================
 Package                            Arch                             Version                                    Repository                                       Size
======================================================================================================================================================================
Removing:
 screen                             i686                             4.0.3-16.el6                               @rhel-6-server-rpms                             783 k

Transaction Summary
======================================================================================================================================================================
Remove        1 Package(s)

Installed size: 783 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Erasing    : screen-4.0.3-16.el6.i686                                                                                                                           1/1 
duration: 320(ms)
Installed products updated.

Removed:
  screen.i686 0:4.0.3-16.el6                                                                                                                                          

Complete! 

Reference link:

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

Allow others access to home own directory chroot

On the last week, developer told me that he need to write the data to sftp folder of customer.

Humnnn, break out the chroot?
It comes fast to me. I am using the chroot to jail sftp user, they can not come around others and do anything (limited access to files normally in their own home directory). And now developer want to allow access to this.

Providing convenience to users, while still ensure safety system, I always think about this when making. What is the next step?

• Use "setfacl" to grant the permission for developer? Nope! it will break the sftp service.
• Add developer user to sftp group? Nope! it also break the sftp service.
• What the help? I think about "mount", googled, "mount --bind" . Ok, choose it.

Ok, let do it. But sftp service has broken. What happened? Open chat box & chat to HE, HE told me that the "mount --bind" is right!

Re-thinking, it seems to be that I have a issues with sftp permission. Right! I do again.

mount --bind /home/A/ /home/B/

notice:
/home/A :sftp user
/home/B: developer

After this the developer will be able to write the data into sftp chroot, sftp user will be albe to see the needed files in his home directory and use them.

What happened if the server has rebooted? the mount --bind will break?
Yes, thus you need to make add the mount command in startup script or you can just include as below (/etc/fstab)

/home/A/            /home/B/          none    bind            0 0

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

[HOW TO] configure Step Ticker (NTP) Linux

Lynis report give me the recommendation about "Step Ticker".

What is a "Step Ticker"?
I do not know "Step Ticker" until now. I googled to know a bit about it.

A Step Ticker is basically a way to tell the NTP daemon to check a server or two, and correct time on startup, rather than relying on the time that was restored from the hardware.

Ok,

How to configure?

/etc/ntp.conf:
server 192.168.0.5
server 192.168.0.6

/etc/ntp/step-tickers
192.168.0.5
192.168.0.6

Above example is my IP. It is not for you, please change.

:D I come back to work.

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

[HOW TO] Improvement DNS lookups (Linux)

Around two weeks ago, I checked handling the Linux system with Lynis. It recommended me improvement the DNS lookups

A long time ago, co-worker has improved the DNS local system, he said it will be improved the DNS operation. Linked them, I think this is a useful.

Nameservers are listed in /etc/resolv.conf, one per line

Example:
nameserver 10.10.5.130

To improve DNS lookups, add multiple DNS servers

Example:
nameserver 10.10.5.130
nameserver 10.10.5.131

And follow options below:

options rotate
options timeout:1

This will use both nameserver in rotation and wait max. 1 second for answer before trying the next one.

Hope this help.

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

[HOW TO] backup and restore the mysql database

Hello,

Do you want to backup/ restore the MySQL database?

Please follows this article:

1. Backup
mysqldump -u username -p -–all-databases > file.sql

2. Backup and compress
mysqldump -u username -p -–all-databases | gzip > file.sql.gz

3. Restore
mysql -u username -p < file.sql

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success

[HOW TO] Cannot establish FTP connection to an SFTP server. Please select proper protocol.

Hello,

2 hours ago, I got the notification when I try to connect to my sftp server on FileZilla (software ftp client)

Status:    Connecting to x.x.x.x:4444...
Status:    Connection established, waiting for welcome message...
Response:    SSH-2.0-OpenSSH_5.3
Error:    Cannot establish FTP connection to an SFTP server. Please select proper protocol.
Error:    Critical error: Could not connect to server

A few second, I confused what is it?

And this is a cause:
I did not choose the type of protocol is SFTP - SSH File Transfer Protocol in FileZille setting for host.

You can do follows:
1. On FileZilla windows, click File/ Site Manager ...
2. On the left windows, click your host. Next, on the right windows, in General tab, you need to select SFTP - SSH File Transfer Protocol.
3. You have done.

Hope this help for you!

Thank you for reading this article, please a comment if you are interested.

Tiến Phan - R0039

Knowledge is Endless

Sharing for Success