## 2006/12/30

### Firefox settings to change

In Firefox 2, type "about:config" in the location bar, and press enter. You'll get some settings. Here are the ones I change:

Old New Setting/Affect
3 1 browser.cache.check_doc_frequency - check page every load.
true false browser.cache.disk.enable - don't cache to disk
140 140 browser.tabs.tabClipWidth - don't shot close button on tabs narrower than this
100 30 browser.tabs.tabMinWidth - let tabs become this narrow
1 3 browser.startup.page - restore your previous browsing session

## 2006/12/29

### MS SQL Tips

Here are some MS SQL Tips, Tricks, Recipes, etc.:

• Find out who's using what databases:
1. Open SQL Query Analyzer
2. type "exec sp_who" into the Query window.
3. Click "Execute Query" or press F5.
• From cryptosid at experts-exchange:
http://www.sqlmag.com/Articles/Index.cfm?ArticleID=9011

a safe alternative would be
Backup the consistent Database.
and RESTORE the database with the MOVE option using which u can move the database files to whichever drive u want...
• Get information on a DB's logfile:
1. Open Query Analyzer
2. Type this in the query window, then click Execute Query:
• use db_name
• Detach and re-attach a database:
1. confirm that nothing has the db open. Open QA and run "exec sp_who"
2. If nobody is using the db, detach the database with the QA command "EXEC sp_detach_db 'db_name' ", or right-click the DB in the enterprise mgr and select "detach database".
3. Re-attach the DB by using the QA command "EXEC sp_attach_db 'db_name', 'x:\full\path\to\db\file\db_filename.MDF' " or by right-clicking the databases in the enterprise mgr, and select "attach database".
• How to set up SQL mail
• http://support.microsoft.com/?id=263556
• Safely delete a transaction log:
1. make sure nobody's using the database, as above under "Detach..."
2. Backup the database.
3. make sure nobody's using the database still.
4. detach the database, as above.
5. rename the log file (.LDF file)
6. re-attach the database, as above.
7. logfile should be automatically re-created.
• From rsrm at experts-exchange, http://www.experts-exchange.com/Databases/Microsoft_SQL_Server/Q_20823435.html

## 2006/12/18

### bash shortcuts

from http://www.howtogeek.com/howto/ubuntu/keyboard-shortcuts-for-bash-command-shell-for-ubuntu-debian-suse-redhat-linux-etc/

Ctrl + A : Go to the beginning of the line you are currently typing on
Ctrl + E : Go to the end of the line you are currently typing on
Ctrl + L : Clears the Screen, similar to the clear command
Ctrl + U : Clears the line before the cursor position. If you are at the end of the line, clears the entire line.
Ctrl + H : Same as backspace
Ctrl + R : Let’s you search through previously used commands
Ctrl + C : Kill whatever you are running
Ctrl + D : Exit the current shell
Ctrl + Z : Puts whatever you are running into a suspended background process. fg restores it.
Ctrl + W : Delete the word before the cursor
Ctrl + K : Clear the line after the cursor
Ctrl + T : Swap the last two characters before the cursor
Esc + T : Swap the last two words before the cursor
Alt + F : Move cursor forward one word on the current line
Alt + B : Move cursor backward one word on the current line
Tab : Auto-complete files and folder names

## 2006/12/15

### SCSI Tape status codes in Linux

Status Bit   Description
BOT The tape is positioned at the beginning of the first
file.
EOT A tape operation has reached the physical End Of
Tape.
EOF The tape is positioned just after a filemark.
WR_PROT The tape (or drive) is write-protected. For some
drives this can also mean that the drive does not
support writing on the current medium type.
ONLINE The drive has a tape in place and ready for
operation.
DR_OPEN Door is open. Depending on the type of drive, this
usually means that the drive does not have a tape in
place.
IM_REP_EN Immediate report mode. This bit is set if there are
no guarantees that the data has been physically
written to the tape when the write call returns. It
is set to zero only when the driver does not buffer
data and the drive is set not to buffer data.
SM The tape is currently positioned at a setmark. DDS
specific.
EOD The tape is positioned at the end of recorded data.
DDS specific.
D_6250
D_1600
D_800 This "generic" status information reports the current
density setting for 9-track 1/2 inch tape drives only.

## 2006/12/13

### Linux kernel debugging first steps on i386

(from the SGI XFS mailing list)

If you have compiled in kdb and you get an oops (at least in 2.4 series kernels):

Next time it hangs, enter these kdb commands and
capture the output on the serial console.

set LINES 10000
set BTAPROMPT 0
-md1c320 system_utsname
-id %eip-0x40
-cpu
-ps
-dmesg 200
-bt
-bta

## 2006/12/01

### Hide OS and Apache version number

By default (at least on RHEL 4, CentOS 4.x, and related distros), Apache web server will give the version number of Apache, as well as your OS. This will make it easier for an attacker to guess what vulnerabilities your web server (or host OS) may have. This information can be hidden by changing these two lines in /etc/httpd/conf/httpd.conf:
ServerTokens ProductOnly
ServerSignature Off
Note that this won't actually fix any vulnerabilities, but it will make an attacker have to either guess or scan to determine what vulnerabilities you may have.

An even better idea is to front your apache with modsecurity (perhaps even on a separate (virtual) server), and have modsecurity tell everyone that your apache web server is really an IIS server.

To hide the Apache PHP version number, add/change this line in /etc/php.ini:
expose_php = Off

## 2006/11/27

### Broadcasts on UDP port 41224

In case it helps someone else:

I was seeing broadcasts ( dst:255.255.255.255 ) about every 30 seconds (top and middle of the minute) to UDP port 41224 from a windows box. The a process named "java" was sending to UDP port 41224, and a different "java" thread was listening on UDP port 41224.

The UDP payload only included the text, "KEY:ABCDXYZ"....

It turns out, it’s an e-trade streaming quote applet, runs in an IE window, but uses the java plugin (process name ‘java.exe' ). Apparently it's pay-ware, and it regularly sends out its key and listens for other applets with the same key, ostensibly to ensure that someone isn't running the same license on multiple computers.

## 2006/11/17

### Quickly create or request ssl certificate for Apache

#Create different directories for the different data (this is the path for RedHat derivatives)
cd /etc/httpd/conf
mkdir ssl.csr ssl.key ssl.crt
chmod 700 ssl.*

Self-Signed Certificate

# Create the cert request. Common Name (CN) should be the FQDN, e.g., myhost.foo.com
# 2048 bits is probably adequate these days. Expiration more than 5 years makes little sense.
# PEM passphrase is what the server process (or user) will have to type to use the cert; it
# can be bypassed if you want with the key file in the next step.  EDIT: current versions
# of openssl that ship with CentOS/RHEL do not let you bypass the PEM
# passphrase. Give it one, then create the key file if you want to eliminate the need for it.
openssl req -newkey rsa:2048 > ssl.csr/myhost.foo.com.csr

# create the key file, myhost.foo.com.key (careful! this makes it so that e.g. httpd will
# not prompt for the key on startup, but so that the cert is easily
# read if the host is compromised.)
openssl rsa -in privkey.pem -out ssl.key/myhost.foo.com.key

# self-sign/create the cert, myhost.foo.com.crt
openssl x509 -in ssl.csr/myhost.foo.com.csr -out ssl.crt/myhost.foo.com.crt -req -signkey ssl.key/myhost.foo.com.key

Externally signed certificate request
openssl req -newkey rsa:1024 -keyout ssl.key/myhost.foo.com.key -out ssl.csr/myhost.foo.com.csr

mail the myhost.foo.com.csr file to your ssl provider.
Make the key unencrypted if you want:
openssl rsa -in ssl.key/myhost.foo.com.key -out ssl.key/myhost.foo.com.key.unenc
...and reference the unenc file in your ssl host config file. This will prevent having to enter the encryption key passphrase every time the httpd is restarted, but it will mean your key could be compromised if the box is compromised.

parameters are:
Password policies include: PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_MIN_LEN

Complexity:

Create backup then list contents of the tar file:

# tar -cvf backup.tar /etc/pam.d/system-auth /lib/security/*
# tar -tf backup.tar

Open file /etc/pam.d/system-auth file with an editor such as vi. Inside the /etc/pam.d/system-auth file you will find line:

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type= To require a password of at least 8 characters, including at least one lower-case, one upper-case, on numeric, and one other character, replace that line with: password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1

### reset perl CPAN configuration

# run cpan shell
cpan

# reset config options
cpan> o conf init

### Getting started - MySQL on CentOS

yum install mysql-server.x86_64
# ( or .i386, etc)

mysql_install_db

/usr/bin/mysqld_safe &

# start mysql client
mysql -u root -p

# give remote access to root if root is accessing mysql from hostname.foo.com (think before you do this -- you probably don't want to leave it like this:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'hostname.foo.com'
mysql> IDENTIFIED BY 'password' WITH GRANT OPTION;

# give root access to root from localhost, .e.g, for accessing mysqld locally over tcp socket.
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY

# give root access to root from anywhere -- why on earth would you want to do this???!!
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY

mysql> GRANT USAGE ON *.* TO 'dummy'@'localhost';

# now, stop mysqld from running in "safe" mode
service mysqld stop
service mysqld start

## 2006/11/13

### Open Source CMS Comparison

One of my clients has a static web site. When they need content or layout changes, they tell me and then I edit the html. Very painful, for them and for me (that's not how I like to earn my keep).

I'm preparing a comparison of various free (and open source) Content Management Systems. The spreadsheet comparison is here:

Open Source CMS Comparison

## 2006/11/08

### TIP: grub+RAID1 /boot

If you are using a RAID 1 mirror disk system, you will want to install grub on all the disks in the system, so that when one disk fails, you are still able to boot. The find command above will list the disks, e.g.

grub> find /boot/grub/stage1
(hd0,0)
(hd1,0)
grub>

Now, if your disks are /dev/sda and /dev/sdb, and /boot is its own partition at /dev/sd(a-?)1 , do the following:
device (hd0) /dev/sda
root (hd0,0)
setup (hd0)

This will install grub into the /dev/sda MBR, and

device (hd0) /dev/sdb
root (hd0,0)
setup (hd0)

...will install grub onto the /dev/sdb MBR. The device command tells grub to assume the drive is (hd0), i.e. the first disk in the system, when it is not necessarily the case. If your first disk fails, however, your second disk will then be the first disk in the system, and so the MBR will be correct.
...repeat for all physical disks that have a mirror of /boot.

The grub.conf does change from the normal install. The difference is in the specified root drive, it is now a RAID drive and no longer a physical drive.

## 2006/11/02

### Good tutorial on manual linux tape backups

http://ploug.eu.org/doc/l-bu-a4.pdf

## 2006/09/02

### My kitty needs a home

Well, my kitty cat, "Katie", needs a new home. She has been good to/for me. I adopted her about two years ago; she was about a year old at the time. She's a good kitty, and very affectionate; but I can't give her a home any more.

She is spayed (of course!), has a clean bill of health and just recently got her booster shots. She's declawed in front (that's how I got her). She tolerates our dog well enough, and is good with older children.

If you or anyone you know can provide her a good home, please call/email me and you can meet her: 577-5854. Of course, I'll pass along her brush, carrier, kitty box, and some food and litter.

## 2006/07/25

### First Post

Well,

I've always felt I should document my history. I received counsel once to "document [my] geneaology", and I think personal history is part of that. Perhaps having it online will make documenting the more public aspect of my life and experiences a little more do-able.

This is just my first post. They'll (probably) get better over time.

Cheers.