2006/12/30

Firefox settings to change

In Firefox 2, type "about:config" in the location bar, and press enter. You'll get some settings. Here are the ones I change:

Old New Setting/Affect
3 1 browser.cache.check_doc_frequency - check page every load.
true false browser.cache.disk.enable - don't cache to disk
140 140 browser.tabs.tabClipWidth - don't shot close button on tabs narrower than this
100 30 browser.tabs.tabMinWidth - let tabs become this narrow
1 3 browser.startup.page - restore your previous browsing session

2006/12/29

MS SQL Tips

Here are some MS SQL Tips, Tricks, Recipes, etc.:


  • Find out who's using what databases:
    1. Open SQL Query Analyzer
    2. type "exec sp_who" into the Query window.
    3. Click "Execute Query" or press F5.
  • From cryptosid at experts-exchange:
    • before using DBCC REBUILD_LOG better check this article and read it through
      http://www.sqlmag.com/Articles/Index.cfm?ArticleID=9011

      a safe alternative would be
      Backup the consistent Database.
      and RESTORE the database with the MOVE option using which u can move the database files to whichever drive u want...
  • Get information on a DB's logfile:
    1. Open Query Analyzer
    2. Type this in the query window, then click Execute Query:
      • use db_name
      • dbcc LOGINFO
  • Detach and re-attach a database:
    1. confirm that nothing has the db open. Open QA and run "exec sp_who"
    2. If nobody is using the db, detach the database with the QA command "EXEC sp_detach_db 'db_name' ", or right-click the DB in the enterprise mgr and select "detach database".
    3. Re-attach the DB by using the QA command "EXEC sp_attach_db 'db_name', 'x:\full\path\to\db\file\db_filename.MDF' " or by right-clicking the databases in the enterprise mgr, and select "attach database".
  • How to set up SQL mail
    • http://support.microsoft.com/?id=263556
  • Safely delete a transaction log:
    1. make sure nobody's using the database, as above under "Detach..."
    2. Backup the database.
    3. make sure nobody's using the database still.
    4. detach the database, as above.
    5. rename the log file (.LDF file)
    6. re-attach the database, as above.
    7. logfile should be automatically re-created.
  • From rsrm at experts-exchange, http://www.experts-exchange.com/Databases/Microsoft_SQL_Server/Q_20823435.html
    • Comment from rsrsm
      Date: 12/11/2003 07:29PM PST
      Comment

      If the log file is deleted for the database and SQL server is not able to locate it..you can rebuild the log. try the following steps (But if the log file is not deleted then you can ignore this comment):

      REBUILD LOG and recover a suspect database:

      1. Back up the .mdf/.ndf and .ldf files.

      2. Change the database context to Master and allow updates to system tables:

      Use Master
      Go
      sp_configure 'allow updates', 1
      reconfigure with override
      Go

      3. Set the database in Emergency (bypass recovery) mode:

      select * from sysdatabases where name = ''
      -- note the value of the status column for later use
      begin tran
      update sysdatabases set status = 32768 where name = ''
      -- Verify one row is updated before committing
      commit tran

      If you run DBCC REBUILD_LOG without setting the database in Emergency
      mode,
      the command does not work. You do not receive an error, but the log is
      not
      rebuilt either.

      4. Stop and restart SQL server.

      If you run DBCC REBUILD_LOG without recycling the server, the following
      message displays:

      Server: Msg 5023, Level 16, State 2, Line 1 Database must be put in
      bypass
      recovery mode to rebuild the log. DBCC execution completed. If DBCC
      printed
      error messages, contact your system administrator.

      5. The syntax for DBCC REBUILD_LOG is as follows:

      DBCC REBUILD_LOG('','')

      where is the name of the database and is
      the physical path to the new log file, not a logical file name. If you
      do not
      specify the full path, the new log is created in the Windows NT system
      root
      directory (by default, this is the Winnt\System32 directory).

      If the file is placed in the Winnt\System32 folder, you can move it to a
      different folder by running the following commands from the SQL Query
      Analyzer:

      sp_detach_db ''
      Go

      Move the log file over from the Winnt\System32 folder to the preferred
      folder.

      sp_attach_db '', '', ''
      Go

      If a log file with the same name as specified in DBCC REBUILD_LOG already
      exists in that directory, then the following message occurs:

      Server: Msg 5025, Level 16, State 1, Line 1
      The file 'C:\MSSQL7\Data\' already exists. It should be
      renamed or deleted so that a new log file can be created.
      DBCC execution completed. If DBCC printed error messages, contact your
      system
      administrator.

      You will need to specify a different filename or rename or delete the
      existing
      one.

      Rebuild the log with this code:

      DBCC TRACEON (3604)
      DBCC REBUILD_LOG('','')
      Go

      If the command is successful, the following message appears:

      Warning: The log for database '' has been rebuilt.
      Transactional consistency has been lost. DBCC CHECKDB should be run to
      validate physical consistency. Database options will have to be reset,
      and
      extra log files may need to be deleted.

      After the log is successfully rebuilt, the database is placed in DBO Use
      Only
      mode. That is, the status of the database is 2048 irrespective of what
      the
      status was previously. You must reset the status using sp_dboption or
      through
      the SEM.

      6. Set the database in single-user mode and run DBCC CHECKDB to validate
      physical consistency:

      sp_dboption '', 'single user', 'true'
      DBCC CHECKDB('')
      Go
      begin tran
      update sysdatabases set status = where name = ''
      -- verify one row is updated before committing
      commit tran
      Go

      7. Turn off the updates to system tables by using:

      sp_configure 'allow updates', 0
      reconfigure with override
      Go

      WARNING: After verifying the consistency of the database by running DBCC
      CHECKDB,
      and fixing any errors, please make sure to check the database for logical
      consistency as well. Because a new log has been built, the transactions in
      the
      old log are lost, hence you must also verify the logical consistency of the
      data
      as well.

2006/12/18

bash shortcuts

from http://www.howtogeek.com/howto/ubuntu/keyboard-shortcuts-for-bash-command-shell-for-ubuntu-debian-suse-redhat-linux-etc/

Ctrl + A : Go to the beginning of the line you are currently typing on
Ctrl + E : Go to the end of the line you are currently typing on
Ctrl + L : Clears the Screen, similar to the clear command
Ctrl + U : Clears the line before the cursor position. If you are at the end of the line, clears the entire line.
Ctrl + H : Same as backspace
Ctrl + R : Let’s you search through previously used commands
Ctrl + C : Kill whatever you are running
Ctrl + D : Exit the current shell
Ctrl + Z : Puts whatever you are running into a suspended background process. fg restores it.
Ctrl + W : Delete the word before the cursor
Ctrl + K : Clear the line after the cursor
Ctrl + T : Swap the last two characters before the cursor
Esc + T : Swap the last two words before the cursor
Alt + F : Move cursor forward one word on the current line
Alt + B : Move cursor backward one word on the current line
Tab : Auto-complete files and folder names

2006/12/15

SCSI Tape status codes in Linux

Status Bit   Description
BOT The tape is positioned at the beginning of the first
file.
EOT A tape operation has reached the physical End Of
Tape.
EOF The tape is positioned just after a filemark.
WR_PROT The tape (or drive) is write-protected. For some
drives this can also mean that the drive does not
support writing on the current medium type.
ONLINE The drive has a tape in place and ready for
operation.
DR_OPEN Door is open. Depending on the type of drive, this
usually means that the drive does not have a tape in
place.
IM_REP_EN Immediate report mode. This bit is set if there are
no guarantees that the data has been physically
written to the tape when the write call returns. It
is set to zero only when the driver does not buffer
data and the drive is set not to buffer data.
SM The tape is currently positioned at a setmark. DDS
specific.
EOD The tape is positioned at the end of recorded data.
DDS specific.
D_6250
D_1600
D_800 This "generic" status information reports the current
density setting for 9-track 1/2 inch tape drives only.

2006/12/13

Linux kernel debugging first steps on i386

(from the SGI XFS mailing list)

If you have compiled in kdb and you get an oops (at least in 2.4 series kernels):

Next time it hangs, enter these kdb commands and
capture the output on the serial console.

set LINES 10000
set BTAPROMPT 0
-md1c320 system_utsname
-id %eip-0x40
-cpu
-ps
-dmesg 200
-bt
-bta


2006/12/01

Hide OS and Apache version number

By default (at least on RHEL 4, CentOS 4.x, and related distros), Apache web server will give the version number of Apache, as well as your OS. This will make it easier for an attacker to guess what vulnerabilities your web server (or host OS) may have. This information can be hidden by changing these two lines in /etc/httpd/conf/httpd.conf:
ServerTokens ProductOnly
ServerSignature Off
Note that this won't actually fix any vulnerabilities, but it will make an attacker have to either guess or scan to determine what vulnerabilities you may have.

An even better idea is to front your apache with modsecurity (perhaps even on a separate (virtual) server), and have modsecurity tell everyone that your apache web server is really an IIS server.

To hide the Apache PHP version number, add/change this line in /etc/php.ini:
expose_php = Off

2006/11/27

Broadcasts on UDP port 41224

In case it helps someone else:

I was seeing broadcasts ( dst:255.255.255.255 ) about every 30 seconds (top and middle of the minute) to UDP port 41224 from a windows box. The a process named "java" was sending to UDP port 41224, and a different "java" thread was listening on UDP port 41224.

The UDP payload only included the text, "KEY:ABCDXYZ"....


It turns out, it’s an e-trade streaming quote applet, runs in an IE window, but uses the java plugin (process name ‘java.exe' ). Apparently it's pay-ware, and it regularly sends out its key and listens for other applets with the same key, ostensibly to ensure that someone isn't running the same license on multiple computers.

2006/11/17

Quickly create or request ssl certificate for Apache

#Create different directories for the different data (this is the path for RedHat derivatives)
cd /etc/httpd/conf
mkdir ssl.csr ssl.key ssl.crt
chmod 700 ssl.*

Self-Signed Certificate

# Create the cert request. Common Name (CN) should be the FQDN, e.g., myhost.foo.com
# 2048 bits is probably adequate these days. Expiration more than 5 years makes little sense.
# PEM passphrase is what the server process (or user) will have to type to use the cert; it
# can be bypassed if you want with the key file in the next step.  EDIT: current versions
# of openssl that ship with CentOS/RHEL do not let you bypass the PEM
# passphrase. Give it one, then create the key file if you want to eliminate the need for it.
openssl req -newkey rsa:2048 > ssl.csr/myhost.foo.com.csr

# create the key file, myhost.foo.com.key (careful! this makes it so that e.g. httpd will
# not prompt for the key on startup, but so that the cert is easily
# read if the host is compromised.)
openssl rsa -in privkey.pem -out ssl.key/myhost.foo.com.key

# self-sign/create the cert, myhost.foo.com.crt
openssl x509 -in ssl.csr/myhost.foo.com.csr -out ssl.crt/myhost.foo.com.crt -req -signkey ssl.key/myhost.foo.com.key

Externally signed certificate request
openssl req -newkey rsa:1024 -keyout ssl.key/myhost.foo.com.key -out ssl.csr/myhost.foo.com.csr

mail the myhost.foo.com.csr file to your ssl provider.
Make the key unencrypted if you want:
openssl rsa -in ssl.key/myhost.foo.com.key -out ssl.key/myhost.foo.com.key.unenc
...and reference the unenc file in your ssl host config file. This will prevent having to enter the encryption key passphrase every time the httpd is restarted, but it will mean your key could be compromised if the box is compromised.

Linux password policies

Password expiration (when password is changed or account is created):

edit login.defs

parameters are:
Password policies include: PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_MIN_LEN

Complexity:
From http://www.puschitz.com/SecuringLinux.shtml#EnforcingStrongerPasswords and http://kbase.redhat.com/faq/FAQ_80_6045.shtm:

Create backup then list contents of the tar file:

# tar -cvf backup.tar /etc/pam.d/system-auth /lib/security/*
# tar -tf backup.tar

Open file /etc/pam.d/system-auth file with an editor such as vi. Inside the /etc/pam.d/system-auth file you will find line:

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type=

To require a password of at least 8 characters, including at least one lower-case, one upper-case, on numeric, and one other character, replace that line with:

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1

reset perl CPAN configuration

# run cpan shell
cpan

# reset config options
cpan> o conf init

Getting started - MySQL on CentOS

yum install mysql-server.x86_64
# ( or .i386, etc)

mysql_install_db

/usr/bin/mysqld_safe &

# (please don't use "password" -- duh!)
/usr/bin/mysqladmin -u root password "password"

# start mysql client
mysql -u root -p

# give remote access to root if root is accessing mysql from hostname.foo.com (think before you do this -- you probably don't want to leave it like this:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'hostname.foo.com'
mysql> IDENTIFIED BY 'password' WITH GRANT OPTION;

# give root access to root from localhost, .e.g, for accessing mysqld locally over tcp socket.
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY
mysql> 'password' WITH GRANT OPTION;

# give root access to root from anywhere -- why on earth would you want to do this???!!
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY
mysql> 'password' WITH GRANT OPTION;

# give reload+process access to all databases for admin@localhost
mysql> GRANT RELOAD,PROCESS ON *.* TO 'admin'@'localhost';

# give usage access to all databases for dummy@localhost:
mysql> GRANT USAGE ON *.* TO 'dummy'@'localhost';

# now, stop mysqld from running in "safe" mode
service mysqld stop
service mysqld start

2006/11/13

Open Source CMS Comparison

One of my clients has a static web site. When they need content or layout changes, they tell me and then I edit the html. Very painful, for them and for me (that's not how I like to earn my keep).

I'm preparing a comparison of various free (and open source) Content Management Systems. The spreadsheet comparison is here:

Open Source CMS Comparison

2006/11/08

TIP: grub+RAID1 /boot

Adapted from http://gentoo-wiki.com/HOWTO_Gentoo_Install_on_Software_RAID :

If you are using a RAID 1 mirror disk system, you will want to install grub on all the disks in the system, so that when one disk fails, you are still able to boot. The find command above will list the disks, e.g.

grub> find /boot/grub/stage1
(hd0,0)
(hd1,0)
grub>

Now, if your disks are /dev/sda and /dev/sdb, and /boot is its own partition at /dev/sd(a-?)1 , do the following:
device (hd0) /dev/sda
root (hd0,0)
setup (hd0)

This will install grub into the /dev/sda MBR, and

device (hd0) /dev/sdb
root (hd0,0)
setup (hd0)

...will install grub onto the /dev/sdb MBR. The device command tells grub to assume the drive is (hd0), i.e. the first disk in the system, when it is not necessarily the case. If your first disk fails, however, your second disk will then be the first disk in the system, and so the MBR will be correct.
...repeat for all physical disks that have a mirror of /boot.

The grub.conf does change from the normal install. The difference is in the specified root drive, it is now a RAID drive and no longer a physical drive.

2006/09/02

My kitty needs a home

Well, my kitty cat, "Katie", needs a new home. She has been good to/for me. I adopted her about two years ago; she was about a year old at the time. She's a good kitty, and very affectionate; but I can't give her a home any more.

She is spayed (of course!), has a clean bill of health and just recently got her booster shots. She's declawed in front (that's how I got her). She tolerates our dog well enough, and is good with older children.

If you or anyone you know can provide her a good home, please call/email me and you can meet her: 577-5854. Of course, I'll pass along her brush, carrier, kitty box, and some food and litter.

2006/07/25

First Post

Well,

I've always felt I should document my history. I received counsel once to "document [my] geneaology", and I think personal history is part of that. Perhaps having it online will make documenting the more public aspect of my life and experiences a little more do-able.

This is just my first post. They'll (probably) get better over time.

Cheers.