13
Aug
Xen WinPv Driver
gplpv_vista2008×32_signed_0110373
gplpv_vista2008×64_signed_0110373
http://wiki.univention.com/index.php?title=Installing-signed-GPLPV-drivers
18
Sep
freeradius - OTP
# vi /var/www/html/OTP/pam.php
<?php
echo “:-(”; // 
file_put_contents(’/tmp/pam.txt’,date(’Y-m-d D H:i:s ‘).json_encode($_GET).”\n”,FILE_APPEND);
?>
#yum install freeradius freeradius-utils freeradius-perl perl-libwww-perl
#perl -MCPAN -e shell
#perl -MCPAN -e shell
>install LWP
#radius -X
#radtest hieu 2234 127.0.0.1 123 testing123
- Create a new file ‘/etc/freeradius/sites-available/linotp’ with the following content:
authorize {
#normalizes maleformed client request before handed on to other modules (see '/etc/freeradius/modules/preprocess')
preprocess
# If you are using multiple kinds of realms, you probably
# want to set "ignore_null = yes" for all of them.
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#allows a list of realm (see '/etc/freeradius/modules/realm')
IPASS
#understands something like USER@REALM and can tell the components apart (see '/etc/freeradius/modules/realm')
suffix
#understands USER\REALM and can tell the components apart (see '/etc/freeradius/modules/realm')
ntdomain
# Read the 'users' file to learn about special configuration which should be applied for
# certain users (see '/etc/freeradius/modules/files')
files
# allows to let authentification to expire (see '/etc/freeradius/modules/expiration')
expiration
# allows to define valid service-times (see '/etc/freeradius/modules/logintime')
logintime
# We got no radius_shortname_map!
pap
}
#here the linotp perl module is called for further processing
authenticate {
perl
}
ln -s ../sites-available/linotp /etc/freeradius/sites-enabled'
#less example.pl
#
# If you are using DBI and do some queries to DB, please be sure to
# use the CLONE function to initialize the DBI connection to DB.
#
use strict;
use LWP;
# use …
# This is very important ! Without this script will not get the filled hashesh from main.
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
use Data::Dumper;
# This is hash wich hold original request from radius
#my %RAD_REQUEST;
# In this hash you add values that will be returned to NAS.
#my %RAD_REPLY;
#This is for check items
#my %RAD_CHECK;
sub authenticate {
# For debugging purposes only
# &log_request_attributes;
my $ua = LWP::UserAgent->new();
my $req = HTTP::Request->new( GET => “http://localhost/OTP/pam.php?user=” .
$RAD_REQUEST{’User-Name’} . “&pass=” . $RAD_REQUEST{’User-Password’} . “&client=” . $RAD_REQUEST{’NAS-IP-Address’} .
“&clientId=” . $RAD_REQUEST{’NAS-Identifier’} .
“&realm=” . $RAD_REQUEST{’Calling-Station-Id’} );
my $response = $ua->request( $req );
die “Error at OTP/pam.php\n “, $response->status_line, “\n Aborting”
unless $response->is_success;
if($response->content =~ m/:\-\)/i) {
return RLM_MODULE_OK;
} else {
$RAD_REPLY{’Reply-Message’} = “Wrong OTP - access denied !”;
return RLM_MODULE_REJECT;
}
}
#vi users
lameuser Auth-Type := Reject
Reply-Message = “Your account has been disabled.”
DEFAULT Auth-Type := perl
DB
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET NAMES utf8 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE=’NO_AUTO_VALUE_ON_ZERO’ */;
– Dumping database structure for OTP
CREATE DATABASE IF NOT EXISTS `OTP` /*!40100 DEFAULT CHARACTER SET utf8 */;
USE `OTP`;
– Dumping structure for table OTP.tbl_cache
CREATE TABLE IF NOT EXISTS `tbl_cache` (
`Username` varchar(50) DEFAULT NULL,
`Code` varchar(100) DEFAULT NULL,
`Dt` datetime DEFAULT NULL,
`LastUpdate` int(11) DEFAULT NULL,
`Server` varchar(50) DEFAULT NULL,
UNIQUE KEY `Index 1` (`Server`,`Username`),
KEY `Index 2` (`LastUpdate`,`Code`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
– Data exporting was unselected.
– Dumping structure for table OTP.tbl_users
CREATE TABLE IF NOT EXISTS `tbl_users` (
`id` int(10) NOT NULL AUTO_INCREMENT,
`Username` varchar(50) NOT NULL,
`Code` varchar(50) NOT NULL,
`Pin` varchar(50) NOT NULL,
`Phone` varchar(50) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `Index 2` (`Username`)
) ENGINE=InnoDB AUTO_INCREMENT=77 DEFAULT CHARSET=utf8;
– Data exporting was unselected.
/*!40101 SET SQL_MODE=IFNULL(@OLD_SQL_MODE, ”) */;
/*!40014 SET FOREIGN_KEY_CHECKS=IF(@OLD_FOREIGN_KEY_CHECKS IS NULL, 1, @OLD_FOREIGN_KEY_CHECKS) */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
=========CENTOS 7==============
cp default otp
remove eap lines, remove eap module
replace sessions authorize/authenticate in sites-enabled/otp with following lines
authorize {
preprocess
files
expiration
logintime
}
authenticate {
perl
}
#users
#
lameuser Auth-Type := Reject
Reply-Message = “Your account has been disabled.”
DEFAULT Auth-Type := perl
#
#vi example.pl above
===============
https://github.com/multiOTP/radius-class-php
http://wiki.freeradius.org/modules/Rlm_perl
/etc/tmux.conf
set-option -g prefix C-a
unbind-key C-b
bind-key C-a send-prefix
set-option -g status off
#set-option -g status-bg blue
set-option -g pane-border-fg black
set-option -g pane-active-border-fg black
set-option -g mouse-select-pane on
yum install spamassassin spamass-milter yum install perl-Mail-SPF perl-Mail-DKIM perl-Razor-Agent pyzor poppler-utils re2c chkconfig spamassassin on chkconfig spamass-milter on service spamassassin start service spamass-milter start vi sendmail.mc
INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
make /etc/init.d/sendmail restart spamassassin -D < /usr/share/doc/spamassassin-3.3.1/sample-spam.txt 2>&1|grep -i spf
$ diff -u spamd.org /usr/sbin/spamd
--- spamd.org 2011-04-21 23:35:10.000000000 +0000
+++ /usr/sbin/spamd 2011-04-22 00:11:17.000000000 +0000
@@ -1593,7 +1593,10 @@
my $scantime = sprintf( "%.1f", time - $start_time );
- info("spamd: $was_it_spam ($msg_score/$msg_threshold) for\
$current_user:$> in"
+ my @from_addrs = $mail->get_pristine_header("Received");
+ join("\n",@from_addrs) =~ m/(\[\d+\.\d+\.\d+\.\d+\])/;
+ my $from_addr = $1;
+ info("spamd: $was_it_spam ($msg_score/$msg_threshold) from\
$from_addr for $current_user:$> in"
. " $scantime seconds, $actual_length bytes." );
# add a summary "result:" line, based on mass-check format
# Fail2Ban filter for spamass-filter failures # [INCLUDES] before = common.conf [Definition] failregex = spamd: identified spam .* from \[<HOST>\] ignoreregex = # DEV Notes: # # Author:
cat /etc/sysconfig/spamass-milter
### Standard parameters for spamass-milter are: ### -f -P /var/run/spamass-milter.pid ### These run the milter as a daemon and have it write a PID file ### ### You may add another parameters here, see spamass-milter(1) EXTRA_FLAGS="-r 6"
# less /var/log/httpd/error_log
08:52:28 2016] [emerg] (28)No space left on device: Couldn’t create accept lock (/etc/httpd/logs/accept.lock.9206) (5)
# ipcs -s
# for i in `ipcs -s | awk ‘/apache/ {print $2}’`; do (ipcrm -s $i); done
# ipcs -s
18
Mar
Devtools2 for CentOS
I needed to compile some source that required a newer version of the GNU GCC compiler than the ancient 4.4.7 20120313 that comes with my fully-up-to-date CentOS 6.5 Linux system. Following the steps below, I was able to install and use devtools-2 which contains a fully functioning 4.8.2 20140120 version of the GNU GCC compiler environment.
- Go to the /etc/yum.repos.d/ directory on your system and download the devtools-2.repo file from http://people.centos.org/tru/devtools-2/:
- Install the gcc, binutils, fortran, and C++ packages with:
- Use the “scl” command to open a shell which is running in the devtools environment:
cd /etc/yum.repos.d
wget http://people.centos.org/tru/devtools-2/devtools-2.repo
yum install devtoolset-2-gcc
yum install devtoolset-2-binutils
yum install devtoolset-2-gcc-gfortran
yum install devtoolset-2-gcc-c++
scl enable devtoolset-2 bash
No mess, no fuss! The devtools-2 environment is fully self-contained and doesn’t impact your distro’s base compiler environment.
=========== UPDATE =============
# 1. Install a package with repository for your system:
# On CentOS, install package centos-release-scl available in CentOS repository:
$ sudo yum install centos-release-scl
# On RHEL, enable RHSCL repository for you system:
$ sudo yum-config-manager --enable rhel-server-rhscl-7-rpms
# 2. Install the collection:
$ sudo yum install devtoolset-6
# 3. Start using software collections:
$ scl enable devtoolset-6 bash13
Mar
apache mod_qos
$ wget http://sourceforge.net/projects/mod-qos/files/latest/download
cd tools
./configure make make install
(replace automake-1.14 with -1.11)
$ cd mod_qos-10.15/apache2/
$ apxs2 -i -c mod_qos.c
[root@us conf.d]# cat qos.conf
LoadModule qos_module modules/mod_qos.so
# minimum request rate (bytes/sec at request reading):
QS_SrvRequestRate 120
# limits the connections for this virtual host:
QS_SrvMaxConn 100
# allows keep-alive support till the server reaches 600 connections:
QS_SrvMaxConnClose 60
# allows max 50 connections from a single ip address:
QS_SrvMaxConnPerIP 25
# disables connection restrictions for certain clients:
#QS_SrvMaxConnExcludeIP 172.18.3.32
#QS_SrvMaxConnExcludeIP 192.168.10.
# allows not more than 20 events/penalty points per 10 minutes:
QS_ClientEventBlockCount 20
# don’t allow a client to access /app/start.html more than
# 20 times within 10 minutes:
#SetEnvIf Request_URI /app/start.html QS_Block=1
# don’t allow more than 4 “403″ status code responses
# (forbidden) for a client within 10 minutes:
QS_SetEnvIfStatus 403 QS_Block=5
QS_SetEnvIfStatus 301 QS_Block=2
[root@us conf.d]#
#vmstat 2
#top
#glances
#sar -r
#to be continued …
5
Feb
freeRadius + PAM
# yum install freeradius
#yum install freeradius-utils
#cd /etc/raddb/sites-enabled
#rm inner-tunnel
#vi default
uncomment pam (Pluggable Authentication Modules)
#vi ../users
uncomment lameuser
add : DEFAULT AUTH-Type := PAM
#vi /etc/pam.d/radiusd
#%PAM-1.0
auth required pam_linotp.so nosslhostnameverify nosslcertverify url=https://localhost/OTP/pam.php
account required pam_permit.so
#auth include password-auth
#account required pam_nologin.so
#account include password-auth
#password include password-auth
#session include password-auth
#radtest my_username my_password localhost 18230 testing123
Sending Access-Request of id 228 to 127.0.0.1 port 1812
User-Name = “my_username”
User-Password = “my_password”
NAS-IP-Address = 127.0.0.1
NAS-Port = 18230
Message-Authenticator = 0×00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=228, length=20
http://freeradius.org/pam_radius_auth/
22
Nov
php pthreads
error_reporting(E_ALL);
class AsyncWebRequest extends Thread {
public $url;
public $data;
public function __construct($url) {
$this->url = $url;
}
public function run() {
if (($url = $this->url)) {
/*
* If a large amount of data is being requested, you might want to
* fsockopen and read using usleep in between reads
*/
$this->data = file_get_contents($url);
} else
printf("Thread #%lu was not provided a URL\n", $this->getThreadId());
}
}
$t = microtime(true);
$g = new AsyncWebRequest(sprintf("http://www.google.com/?q=%s", rand() * 10));
/* starting synchronized */
if ($g->start()) {
printf("Request took %f seconds to start ", microtime(true) - $t);
while ( $g->isRunning() ) {
echo ".";
usleep(100);
}
if ($g->join()) {
printf(" and %f seconds to finish receiving %d bytes\n", microtime(true) - $t, strlen($g->data));
} else
printf(" and %f seconds to finish, request failed\n", microtime(true) - $t);
}