Archive for the ‘Mẹo vặt của hiếu râu’ Category

6
Dec

httpd conf exclude subdir

   Posted by: admin 

AuthType Basic
AuthName "Auth Required"
AuthUserFile /path/to/.htpasswd
Require valid-user

Now adding the following below this will allow you to exclude directories and files

# Allow access to excluded diretories
SetEnvIf Request_URI "path/to/excluded/directory/" allow
SetEnvIf Request_URI "path/to/excluded/file"  allow
Order allow,deny
Allow from env=allow
Satisfy any
Comments Off
22
Nov

tcpdump

   Posted by: admin

tcpdump -i eth0 -nnn -w pcap-%Y-%m-%d-%H-%M-%S.pcap -G 60

-C MB , -W num files, -G second

incomming TCP syn group by port

tcpdump -tttt -nn -r pcap-2016-11-22_10:42:32.pcap ‘tcp and dst 127.0.0.1 and tcp[13]=2′ | cut -f 6 -d ‘ ‘ | cut -f 5 -d ‘.’ | sort | uniq -c

incoming http syn group by source ip

tcpdump -tttt -nn -r pcap-2016-11-22_10:43:32.pcap ‘tcp and dst 127.0.0.1 and tcp[13]=2 and port 80′ | cut -f 4 -d ‘ ‘ | cut -f 1-4 -d ‘.’ | sort | uniq -c | sort -nr

Fin = 1

Syn = 2

Rst = 4

Psh = 8

Ack = 16

Ugent = 32

Comments Off
19
Oct

GSM modem linux

   Posted by: admin

#dmesg

usb 2-2.1: new full speed USB device number 6 using uhci_hcd

usb 2-2.1: New USB device found, idVendor=067b, idProduct=2303

usb 2-2.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0

usb 2-2.1: Product: USB-Serial Controller

usb 2-2.1: Manufacturer: Prolific Technology Inc.

usb 2-2.1: configuration #1 chosen from 1 choice

pl2303 2-2.1:1.0: pl2303 converter detected

usb 2-2.1: pl2303 converter now attached to ttyUSB0

#stty -F /dev/ttyUSB0
speed 115200 baud; line = 0;
min = 1; time = 5;
ignbrk -brkint -icrnl -imaxbel
-opost -onlcr
-isig -icanon -iexten -echo -echoe -echok -echoctl -echoke
# stty -F /dev/ttyUSB0 115200
# setserial -a /dev/ttyUSB0
Comments Off
18
Sep

freeradius - OTP

   Posted by: admin

# vi /var/www/html/OTP/pam.php

<?php

echo “:-(”;    // :-)

file_put_contents(’/tmp/pam.txt’,date(’Y-m-d D H:i:s ‘).json_encode($_GET).”\n”,FILE_APPEND);

?>

#yum install freeradius freeradius-utils freeradius-perl perl-libwww-perl
#perl -MCPAN -e shell
>install LWP
#radius -X
#radtest  hieu 2234 127.0.0.1 123 testing123
    Create a new file ‘/etc/freeradius/sites-available/linotp’ with the following content:

    authorize {

#normalizes maleformed client request before handed on to other modules (see '/etc/freeradius/modules/preprocess')
        preprocess

        #  If you are using multiple kinds of realms, you probably
        #  want to set "ignore_null = yes" for all of them.
        #  Otherwise, when the first style of realm doesn't match,
        #  the other styles won't be checked.

#allows a list of realm (see '/etc/freeradius/modules/realm')
        IPASS

#understands something like USER@REALM and can tell the components apart (see '/etc/freeradius/modules/realm')
        suffix

#understands USER\REALM and can tell the components apart (see '/etc/freeradius/modules/realm')
        ntdomain

        #  Read the 'users' file to learn about special configuration which should be applied for
        # certain users (see '/etc/freeradius/modules/files')
        files

        # allows to let authentification to expire (see '/etc/freeradius/modules/expiration')
        expiration

        # allows to define valid service-times (see '/etc/freeradius/modules/logintime')
        logintime

        # We got no radius_shortname_map!
        pap
}

#here the linotp perl module is called for further processing
authenticate {
        perl
}
  • and activate the configuration by softlinking it in to ‘/etc/freeradius/sites-enabled’
    • ln -s ../sites-available/linotp /etc/freeradius/sites-enabled'
#less example.pl
#
# If you are using DBI and do some queries to DB, please be sure to
# use the CLONE function to initialize the DBI connection to DB.
#
use strict;
use LWP;
# use …
# This is very important ! Without this script will not get the filled hashesh from main.
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
use Data::Dumper;
# This is hash wich hold original request from radius
#my %RAD_REQUEST;
# In this hash you add values that will be returned to NAS.
#my %RAD_REPLY;
#This is for check items
#my %RAD_CHECK;
sub authenticate {
# For debugging purposes only
#       &log_request_attributes;
my $ua = LWP::UserAgent->new();
my $req = HTTP::Request->new( GET =>  “http://localhost/OTP/pam.php?user=” .
$RAD_REQUEST{’User-Name’} . “&pass=” . $RAD_REQUEST{’User-Password’} . “&client=” . $RAD_REQUEST{’NAS-IP-Address’} .
“&clientId=” . $RAD_REQUEST{’NAS-Identifier’} .
“&realm=” . $RAD_REQUEST{’Calling-Station-Id’} );
my $response = $ua->request( $req );
die “Error at OTP/pam.php\n “, $response->status_line, “\n Aborting”
unless $response->is_success;
if($response->content =~ m/:\-\)/i) {
return RLM_MODULE_OK;
} else {
$RAD_REPLY{’Reply-Message’} = “Wrong OTP - access denied !”;
return RLM_MODULE_REJECT;
}
}
#vi users
lameuser        Auth-Type := Reject
Reply-Message = “Your account has been disabled.”
DEFAULT         Auth-Type := perl
DB
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET NAMES utf8 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE=’NO_AUTO_VALUE_ON_ZERO’ */;
– Dumping database structure for OTP
CREATE DATABASE IF NOT EXISTS `OTP` /*!40100 DEFAULT CHARACTER SET utf8 */;
USE `OTP`;
– Dumping structure for table OTP.tbl_cache
CREATE TABLE IF NOT EXISTS `tbl_cache` (
`Username` varchar(50) DEFAULT NULL,
`Code` varchar(100) DEFAULT NULL,
`Dt` datetime DEFAULT NULL,
`LastUpdate` int(11) DEFAULT NULL,
`Server` varchar(50) DEFAULT NULL,
UNIQUE KEY `Index 1` (`Server`,`Username`),
KEY `Index 2` (`LastUpdate`,`Code`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
– Data exporting was unselected.
– Dumping structure for table OTP.tbl_users
CREATE TABLE IF NOT EXISTS `tbl_users` (
`id` int(10) NOT NULL AUTO_INCREMENT,
`Username` varchar(50) NOT NULL,
`Code` varchar(50) NOT NULL,
`Pin` varchar(50) NOT NULL,
`Phone` varchar(50) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `Index 2` (`Username`)
) ENGINE=InnoDB AUTO_INCREMENT=77 DEFAULT CHARSET=utf8;
– Data exporting was unselected.
/*!40101 SET SQL_MODE=IFNULL(@OLD_SQL_MODE, ”) */;
/*!40014 SET FOREIGN_KEY_CHECKS=IF(@OLD_FOREIGN_KEY_CHECKS IS NULL, 1, @OLD_FOREIGN_KEY_CHECKS) */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
=========CENTOS 7==============
cp default otp
remove eap lines, remove eap module
replace sessions authorize/authenticate in sites-enabled/otp with following lines
authorize {
preprocess
files
expiration
logintime
}
authenticate {
perl
}
#users
#
lameuser        Auth-Type := Reject
Reply-Message = “Your account has been disabled.”
DEFAULT         Auth-Type := perl
#
#vi example.pl above
===============
https://github.com/multiOTP/radius-class-php
http://wiki.freeradius.org/modules/Rlm_perl
Comments Off
13
Aug

Xen WinPv Driver

   Posted by: admin

gplpv_vista2008×32_signed_0110373

gplpv_vista2008×64_signed_0110373

http://wiki.univention.com/index.php?title=Installing-signed-GPLPV-drivers

Comments Off
25
May

tmux - terminal multiplex

   Posted by: admin

/etc/tmux.conf

set-option -g prefix C-a

unbind-key C-b

bind-key C-a send-prefix

set-option -g status off

#set-option -g status-bg blue

set-option -g pane-border-fg black

set-option -g pane-active-border-fg black

set-option -g mouse-select-pane on

Comments Off
5
May

spamassassin + fail2ban

   Posted by: admin 

yum install spamassassin spamass-milter
yum install perl-Mail-SPF perl-Mail-DKIM perl-Razor-Agent pyzor poppler-utils re2c
chkconfig spamassassin on
chkconfig spamass-milter on
service spamassassin start
service spamass-milter start
vi sendmail.mc
INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
make
/etc/init.d/sendmail restart
spamassassin -D < /usr/share/doc/spamassassin-3.3.1/sample-spam.txt 2>&1|grep -i spf
$ diff -u spamd.org /usr/sbin/spamd
--- spamd.org	2011-04-21 23:35:10.000000000 +0000
+++ /usr/sbin/spamd	2011-04-22 00:11:17.000000000 +0000
@@ -1593,7 +1593,10 @@

   my $scantime = sprintf( "%.1f", time - $start_time );

-  info("spamd: $was_it_spam ($msg_score/$msg_threshold) for\
  $current_user:$> in"
+  my @from_addrs = $mail->get_pristine_header("Received");
+  join("\n",@from_addrs) =~ m/(\[\d+\.\d+\.\d+\.\d+\])/;
+  my $from_addr = $1;
+  info("spamd: $was_it_spam ($msg_score/$msg_threshold) from\
  $from_addr for $current_user:$> in"
        . " $scantime seconds, $actual_length bytes." );

   # add a summary "result:" line, based on mass-check format
# Fail2Ban filter for spamass-filter failures
#

[INCLUDES]

before = common.conf

[Definition]

failregex = spamd: identified spam .* from \[<HOST>\]

ignoreregex =

# DEV Notes:
#
# Author:
cat /etc/sysconfig/spamass-milter
### Standard parameters for spamass-milter are:
### -f -P /var/run/spamass-milter.pid
### These run the milter as a daemon and have it write a PID file
###
### You may add another parameters here, see spamass-milter(1)
EXTRA_FLAGS="-r 6"
Comments Off
26
Apr

apache error : No space left on device

   Posted by: admin

# less /var/log/httpd/error_log

08:52:28 2016] [emerg] (28)No space left on device: Couldn’t create accept lock (/etc/httpd/logs/accept.lock.9206) (5)

# ipcs -s

# for i in `ipcs -s | awk ‘/apache/ {print $2}’`; do (ipcrm -s $i); done

# ipcs -s

Comments Off
18
Mar

Devtools2 for CentOS

   Posted by: admin

source link https://braaten-family.org/ed/blog/2014-05-28-devtools-for-centos/

Posted on 2014-05-28 by Ed Braaten

I needed to compile some source that required a newer version of the GNU GCC compiler than the ancient 4.4.7 20120313 that comes with my fully-up-to-date CentOS 6.5 Linux system. Following the steps below, I was able to install and use devtools-2 which contains a fully functioning 4.8.2 20140120 version of the GNU GCC compiler environment.

  1. Go to the /etc/yum.repos.d/ directory on your system and download the devtools-2.repo file from http://people.centos.org/tru/devtools-2/:


    2. cd /etc/yum.repos.d
    wget http://people.centos.org/tru/devtools-2/devtools-2.repo

  2. Install the gcc, binutils, fortran, and C++ packages with:


    3. yum install devtoolset-2-gcc
    yum install devtoolset-2-binutils
    yum install devtoolset-2-gcc-gfortran
    yum install devtoolset-2-gcc-c++

  3. Use the “scl” command to open a shell which is running in the devtools environment:


    4. scl enable devtoolset-2 bash

No mess, no fuss! The devtools-2 environment is fully self-contained and doesn’t impact your distro’s base compiler environment.

=========== UPDATE =============

# 1. Install a package with repository for your system:
# On CentOS, install package centos-release-scl available in CentOS repository:
$ sudo yum install centos-release-scl

# On RHEL, enable RHSCL repository for you system:
$ sudo yum-config-manager --enable rhel-server-rhscl-7-rpms

# 2. Install the collection:
$ sudo yum install devtoolset-6

# 3. Start using software collections:
$ scl enable devtoolset-6 bash
Comments Off
13
Mar

apache mod_qos

   Posted by: admin

$ wget http://sourceforge.net/projects/mod-qos/files/latest/download

cd tools

./configure make make install

(replace automake-1.14 with -1.11)

$ cd mod_qos-10.15/apache2/
$ apxs2 -i -c mod_qos.c

[root@us conf.d]# cat qos.conf

LoadModule qos_module modules/mod_qos.so

# minimum request rate (bytes/sec at request reading):

QS_SrvRequestRate                                 120

# limits the connections for this virtual host:

QS_SrvMaxConn                                     100

# allows keep-alive support till the server reaches 600 connections:

QS_SrvMaxConnClose                                60

# allows max 50 connections from a single ip address:

QS_SrvMaxConnPerIP                                 25

# disables connection restrictions for certain clients:

#QS_SrvMaxConnExcludeIP                    172.18.3.32

#QS_SrvMaxConnExcludeIP                    192.168.10.

# allows not more than 20 events/penalty points per 10 minutes:

QS_ClientEventBlockCount                          20

# don’t allow a client to access /app/start.html more than

# 20 times within 10 minutes:

#SetEnvIf     Request_URI /app/start.html          QS_Block=1

# don’t allow more than 4 “403″ status code responses

# (forbidden) for a client within 10 minutes:

QS_SetEnvIfStatus        403                      QS_Block=5

QS_SetEnvIfStatus        301                      QS_Block=2

[root@us conf.d]#

Comments Off
Back to top
Previous EntriesNext Entries