Thursday 25 September 2014

(bash vulnerability) Bash software bug could be bigger threat than Heartbleed, experts warn

Secure your Linux , apple pc, servers
Try the vulnerability test (in Terminal): 

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
if you are vulnerable, you get back:
vulnerable
hello
if get it "vulnerable" please immediate update bash shell at linux.

for Centos\RHEL linux :
yum update bash

For ubuntu :

apt-get update aptapt-get install --only-upgrade bash or
mkdir srccd srcwget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patchesfor i in $(seq -f "%03g" 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; donetar zxvf bash-4.3.tar.gz cd bashcd bash-4.3#apply all patchesfor i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done#build and install./configure && make && make install cd
cd .. cd
cd ..rm -r src
Verify patch
export VULNCHECK='() { :; }; echo You are still vulnerable'; bash
You are still vulnerable


You can see if you’re vulnerable by running the following command:
In a vulnerable environment, it’ll say:

And again check vulnerability if look like its fine.
or
$ env X="() { :;} ; echo busted" /bin/sh -c "echo hello"
hello
 or
otherwise you get:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

Tuesday 23 September 2014

Install and configure atlassian jira and atlassian confluence for mysql on Linux\Centos\RHEL

Download jira and confluence package
cd /opt
wget http://www.atlassian.com/software/confluence/downloads/binary/atlassian-confluence-5.3-x64.bin

wget http://www.atlassian.com/software/jira/downloads/binary/atlassian-jira-6.1-x64.bin

wget http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.26.tar.gz/from/http://cdn.mysql.com/

Make executable jira/confluence bin file
chmod +x *.bin

tar -xvzf mysql-connector-java-5.1.26.tar.gz

Installing mysql server

yum install mysql-server mysql
service mysqld start
chkconfig mysqld on   (auto start service on system reboot)

Setup jira database 
mysql -u root -p
CREATE DATABASE jiradb CHARACTER SET utf8 COLLATE utf8_bin;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,INDEX on jiradb.* TO 'jirauser'@'localhost' IDENTIFIED BY 'jiradb';
FLUSH PRIVILEGES;
QUIT

./atlassian-jira-6.1-x64.bin

Configure atlassian jira for mysql
cd mysql-connector-java-5.1.26
cp *.jar /opt/atlassian/jira/lib/
service jira stop
service jira start
chkconfig jira on    (auto start service on system reboot)

Open jira on web browser and complete setup
http://localhost:8080


Setup confluence for mysql

mysql -u root -p
CREATE DATABASE confluence CHARACTER SET utf8 COLLATE utf8_bin;
GRANT ALL PRIVILEGES ON confluence.* TO 'confluenceuser'@'localhost' IDENTIFIED BY 'confluence';
FLUSH PRIVILEGES;
QUIT

./atlassian-confluence-5.3-x64.bin
cd mysql-connector-java-5.1.26
cp *.jar /opt/atlassian/confluence/lib/
service confluence restart
chkconfig confluence on

Open confluence on web browser and complete setup
http://localhost:8090




Wednesday 17 September 2014

OpenVPN Server and Client common issue

1. How to automatically log in to OpenVPN on Windows :

The following launch string is needed for either method:

For 32 bit Windows - "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect client.ovpn

For 64 bit Windows - "C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe" --connect client.ovpn

The client is replaced with the name of the OpenVPN configuration file you wish to start. Your list of available .ovpn files can be found in the 'OpenVPN/config' folder on your computer.

You now need to add this to your WIndows registry start settings. Open regedit on your computer and go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Add a new string entry. Give it a name you can identify later such as "openvpn" then add the above string.

OpenVPN auto start

2.  TLS related Error :

Wed Aug 27 16:05:18 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 27 16:05:18 2014 TLS Error: TLS handshake failed

Solution  :
1. may be openvpn server was not start
2. Check firewall - may respected port is not opened or try with disabled windows or third party firewall

----------------------------------------------------------------------------------
3. Error: 

VERIFY ERROR: depth=1, error=certificate is not yet valid:  in openvpn

Solution :

It may be date/time is not correct server and client machine.

----------------------------------------------------------------------------------
4. Error: 

No server certificate verification method has been enabled.

Solution :
make entry in client.ovpn  file
ns-cert-type server


Install and configure latest OpenVPN Server and Client on Windows machine

ON VPN SERVER :

1. On windows machine Enabling TCP/IP Forwarding

    Use Registry Editor (Regedt32.exe) to view the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    Set the following registry value:
    Value Name: IPEnableRouter
    Value type: REG_DWORD
    Value Data: 1
    NOTE: A value of 1 enables TCP/IP forwarding for all network connections installed and used by this computer.

2. Install openvpn (openvpn-install-2.3.4-I603-x86_64) with full packages, you will get easy-rsa tools
3. Create certificate for server and client
cd cd "Program Files\OpenVPN\easy-rsa"
C:\Program Files\OpenVPN\easy-rsa>init-config.bat  ( it's simply copy vars.bat.sample to vars.bat )
C:\Program Files\OpenVPN\easy-rsa>vars.bat         ( open vars and modify according to our requirement , like
set KEY_COUNTRY=IN
set KEY_PROVINCE=DL
set KEY_CITY=DELHI
set KEY_ORG=ABC
set KEY_EMAIL=abc@gmail.com
set KEY_CN=DELHI-IN
set KEY_NAME=DELHI-IN
set KEY_OU=ABCXYZ
set PKCS11_MODULE_PATH=changeme
set PKCS11_PIN=1234
C:\Program Files\OpenVPN\easy-rsa>clean-all.bat
C:\Program Files\OpenVPN\easy-rsa>build-ca.bat
C:\Program Files\OpenVPN\easy-rsa>build-key-server server
C:\Program Files\OpenVPN\easy-rsa>build-key client
note : please be sure Common Name value and Name value should be change
C:\Program Files\OpenVPN\easy-rsa>build-dh.bat

4. All keys files are stored in keys folder (C:\Program Files\OpenVPN\easy-rsa\keys) copy ca.crt, server.crt, server.key,dh1024.pem and
past in C:\Program Files\OpenVPN\config folder
5. copy server.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past in (C:\Program Files\OpenVPN\config) folder

6. open server.ovpn and make below changes and save it.

Server config :

local 192.168.1.20    (OpenVPN Server ip)
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"   (OpenVPN server network ips)
push "dhcp-option DOMAIN xxxx.com"    (if you are using domain)
client-to-client
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

7. Go to services.msc and make openVpn to start automatic on system start.

8. Be sure udp 1194 port should be open on firewall.

DONE................... server configuration

openVPN client configuration :

1. Install openvpn (openvpn-install-2.3.4-I603-x86_64) on default mode.
2. copy copy ca.crt, client.crt, client.key from server and past in client machine C:\Program Files\OpenVPN\config
3. copy client.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past it on client machine (C:\Program Files\OpenVPN\config)

4. open client.ovpn and make below changes
client config :
client
dev tun
proto udp
remote openvpn server ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3

5. Click on OpenVPN GUI and connect to OpenVPN SERVER


or

OpenVPN GUI connect command line

cd C:\Program Files\OpenVPN\bin
openvpn-gui.exe --config client.ovpn or openvpn.exe --config client.ovpn

Done!.....

Friday 12 September 2014

XEN SERVER 6.2- apply hotfixes,install client, xentools

XenServer 6.2

Download latest all hotfixes from below link :
http://support.citrix.com/article/CTX138115#XenServer%206.2

Apply hotfixes on XENSERVER 

[root@xenserver ~]#
    5  xe patch-upload file-name=XS62ESP1008.xsupdate
    7  xe patch-list | more                         ( find patch uuid )
    8  xe host-list                                  (find host uuid)
   12  xe patch-apply uuid=0850b186-4d47-11e3-a720-001b2151a503 host-uuid=b079bb9c-ab15-499b-90ad-93fd8142fde5
   15  xe-toolstack-restart
Error when applying Update 3: The upload update already exist. Check your settings and try again
http://support.citrix.com/article/ctx121325

Clean hotfix first then apply again :

type the command xe patch-list end press Enter.
Write down the Universally unique Identifier (UUID) of the Update 3 which is 1244e029-4f48-4503-82c7-db4e2ec8f70d.

Type the command xe patch-clean uuid=1244e029-4f48-4503-82c7-db4e2ec8f70d and press Enter.

Create NFS ISO library :

NFS ISO Library [10.201.8.2:/opt/images]

Installing XenServer Tools on Windows VMs

Important: Note that installing XenServer Tools will cause any media in the virtual machine's CD/DVD-drive to be ejected. Do not attempt to install XenServer Tools if the virtual machine's CD/DVD-drive is in use, for example, during OS install from CD.
Select the VM in the Resources pane, right-click, and then click Install XenServer Tools on the shortcut menu. Alternatively, on the VM menu, click Install XenServer Tools.
Click Install XenServer Tools on the message dialog to go to the VM's console and begin the installation.
If Autoplay is enabled for the VM's CD drive, installation will be started automatically after a few moments. If Autoplay is not enabled, double-click on the CD drive to begin installing XenServer Tools.
Follow the on-screen instructions, and reboot the VM when prompted.

Installing XenServer Tools on Linux VMs 

Select the VM in the Resources pane, right-click, and then click Install XenServer Tools on the shortcut menu. Alternatively, on the VM menu, click Install XenServer Tools.
Click Install XenServer Tools on the message dialog to go to the VM's console.
As the root user, mount the image into the VM:
mount /dev/xvdd /mntExecute the installation script as the root user:

/mnt/Linux/install.sh

Download and Install xencenter client on windows:

http://downloadns.citrix.com.edgesuite.net/8708/XenCenter.msi

Install openxenmanager( xencenter client) on linux/centos :

 1008 cd /opt
 1009 wget http://sourceforge.net/projects/openxenmanager/files/openxenmanager_rev48.tar.gz
 1010  tar -xvzf openxenmanager_rev48.tar.gz
 1012  cd openxenmanager
 1014  vi /usr/bin/xenmanager
 1015  chmod 755 /usr/bin/xenmanager
 1019  yum install rrdtool
 1023  yum search python|grep gtk
 1024  yum install gtk-vnc-python.x86_64

 1025  yum install pygtk2.x86_64


Create template :
 

 https://www.youtube.com/watch?v=hK0P6I-JPgo

Change DNS SERVER IP in xen server :
 1. login shell prompt
 2.  Now you'll want to run xe pif-list
Take note of the uuid of your management interface.
3.  Now you'll want to run the xe pif-reconfigure-ip uuid=youruuid mode=static IP=192.168.1.12 netmask=255.255.255.0 gateway=192.168.1.1 DNS=192.168.1.1,8.8.8.8

Press enter and you're set :)
Comman error:

Error:
0x000000FE

Solution :

Change clone machine name

Error on clone machine :

ERROR:

[root@localhost ~]# yum install php ( installing any package )
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os error was
14: PYCURL ERROR 22 - "The requested URL returned error: 403 Forbidden"
Error: Cannot find a valid baseurl for repo: base
[root@localhost ~]#

Solution :
network issue related to internet



Wednesday 18 June 2014

Upgrading Redmine old version to new version


                                    Easy way to Redmine upgrade


Activity done on old installation:

1.            #/opt/redmine/ctlscript.sh stop
      2.            #/opt/redmine/ctlscript.sh start mysql
      3.            #/opt/redmine/mysql/bin/mysqldump –u bitnami -p bitnami_redmine >
                 bitnami_redmine06162014.sql
4.            Backup uploaded files :
                 #cd /opt/redmine/apps/redmine/htdocs
                 # cp –rvf files files.bak ( and take it in safe place)
      5.            Uninstall old redmine :
                #cd /opt/redmine
                #./uninstall    - press enter
                #rm –rf /opt/redmine

Activity done on new installation:

1.            Download latest redmine stack https://bitnami.com/stack/redmine and install it.
    2.            Then check the database details in database.yml , where you have define the
             installation path using vi /opt/redmine/apps/redmine/htdocs/config/database.yml

3.            Login in database using root user

#/opt/redmine/mysql/bin/mysql -u root –p

    Password: ****

    mysql> drop database bitnami_redmine;

    mysql> create database bitnami_redmine;

    mysql> grant all privileges on bitnami_redmine.* to 'bitnami'@'localhost'

    identified by 'DATABASE_PASSWORD';

4.                  Restore the new database:
        #mysql -u bitnami -p bitnami_redmine < bitnami_redmine06162014.sql

5.            Restore file backup :

         #cp files.bak/* /opt/redmine/apps/redmine/htdocs/files/

7.            Support this new version and run the following command:
              #cd /opt/redmine/apps/redmine/htdocs/

  #/opt/redmine/ruby/bin/ruby bin/rake db:migrate RAILS_ENV=production
    8.                  Finally you should clean the cache and the sessions:

   # ruby bin/rake tmp:cache:clear
             # ruby bin/rake tmp:sessions:clear
   9.                Restart the servers and you can access to your new Redmine.
             #/opt/redmine/ctlscript.sh restart
              
               Index file location:
                /opt/redmine/apache2/htdocs/index.html

Enjoy with latest Redmine............! 

Wednesday 23 April 2014

Remove remi php5.4 package and install php5.3 on Centos linux machine


# Remove the Remi packages. Note the reversed command order

yum remove php-pecl-apc php-cli php-pear php-pdo php-mysql php-pgsql php-pecl-mongo php-sqlite php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml
yum  remove httpd php php-common

# Install the CentOS packages.

yum install httpd php php-common
yum install php-pecl-apc php-cli php-pear php-pdo php-mysql php-pgsql php-pecl-mongo php-sqlite php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml

Directory index forbidden by Options directive

Solution :

open httpd.conf file and make entry

vi /etc/httpd/conf/httpd.conf

<Directory "/var/www/html">
   Options -Indexes FollowSymLinks +ExecCGI
    AllowOverride AuthConfig FileInfo
    DirectoryIndex index.php index.html
    Order allow,deny
    Allow from all
</Directory>


If using fastcgi then make entry below mentioned.

<Directory "/var/www/html">
   Options -Indexes FollowSymLinks +ExecCGI
    AllowOverride AuthConfig FileInfo
    AddHandler php5-fastcgi .php
    Action php5-fastcgi /cgi-bin/php.fcgi
    DirectoryIndex index.php index.html
    Order allow,deny
    Allow from all
</Directory>

then restart httpd service.
#/etc/init.d/httpd restart
 

Saturday 29 March 2014

How to Install and configure mysql multi instance in ubuntu 12.04/13.04 server

Create multi MySQL slave on single Ubuntu server

Step-1:Login to your server as root user

Step-2:Login to your mysql server as root and execute the following command

mysql>GRANT SHUTDOWN ON *.* TO 'multi_admin'@'localhost' IDENTIFIED BY 'password';

mysql>FLUSH PRIVILEGES;

Step-3:come out of mysql prompt and stop mysql server.To stop you can execute
[root@localhost ~]# service mysql stop

#cd /etc/mysql
#vi my.cnf    
[mysqld_safe]
#log-error=/var/log/mysqld.log
#pid-file=/var/run/mysqld/mysqld.pid
[mysqld_multi]
mysqld     = /usr/bin/mysqld_safe
mysqladmin = /usr/bin/mysqladmin
log        = /var/log/mysqld_multi.log
user       = multi_admin
password   = password

[mysqld1]
port       = 3306
datadir    = /var/lib/mysql
pid-file   = /var/lib/mysql/mysqld.pid
socket     = /var/lib/mysql/mysql.sock
user       = mysql
log-error  = /var/log/mysqlerp.err
server-id = 4
relay-log= /var/lib/mysql/relay-bin.log
log-bin = /var/lib/mysql/mysql-bin.log
binlog_do_db = dbname
binlog-format=mixed

[mysqld2]
port       = 3307
datadir    = /var/lib/mysql2
pid-file   = /var/lib/mysql2/mysql.pid
socket     = /var/lib/mysql2/mysql.sock
user       = mysql
server-id = 3
relay-log= /var/lib/mysql2/relay-bin.log
log-bin = /var/lib/mysql2/mysql-bin.log
binlog_do_db = dbname
binlog-format=mixed
log-error  = /var/log/mysqlcrm.err

vi /etc/apparmor.d/usr.sbin.mysqld
# vim:syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30 2007
#include <tunables/global>
/usr/sbin/mysqld {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/user-tmp>
  #include <abstractions/mysql>
  #include <abstractions/winbind>
  capability dac_override,
  capability sys_resource,
  capability setgid,
  capability setuid,
  network tcp,
  /etc/hosts.allow r,
  /etc/hosts.deny r,
  /etc/mysql/*.pem r,
  /etc/mysql/conf.d/ r,
  /etc/mysql/conf.d/* r,
  /etc/mysql/*.cnf r,
  /usr/lib/mysql/plugin/ r,
  /usr/lib/mysql/plugin/*.so* mr,
  /usr/sbin/mysqld mr,
  /usr/share/mysql/** r,
  /var/log/mysql.log rw,
  /var/log/mysql.err rw,
+ /var/log/mysql[1-9].log rw,
+ /var/log/mysql[1-9].err rw,
  /var/lib/mysql/ r,
  /var/lib/mysql/** rwk,
+ /var/lib/mysql[1-9]/ r,
+ /var/lib/mysql[1-9]/** rwk,
  /var/log/mysql/ r,
  /var/log/mysql/* rw,
+ /var/log/mysql[1-9]/ r,
+ /var/log/mysql[1-9]/* rw,
+ /var/run/mysqld/mysqld.pid rw,
+ /var/run/mysqld/mysqld.sock w,
  /run/mysqld/mysqld.pid rw,
  /run/mysqld/mysqld.sock w,
  /sys/devices/system/cpu/ r,
  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.mysqld>
}


#/etc/init.d/apparmor restart

#mkdir -p /var/lib/mysql2
cp -r /var/lib/mysql/ /var/lib/mysql2/
chown -R mysql:mysql /var/lib/mysql2

mysqld_multi command
check status :
mysqld_multi report
Start All Mysql Instance
mysqld_multi start
Stop All Mysql Instance
mysqld_multi stop
Start specific Mysql Instance
mysqld_multi start 1 , 2 , 3.... and so on
Stop specific Mysql Instance
mysqld_multi stop 1 , 2 ,3.... and so on

Check MySQL service :
ps -aux | grep mysql | grep -v grep

Access mysql instance :
mysql -uroot -h127.0.0.1 -P3306 -p
mysql -uroot -h127.0.0.1 -P3307 -p

 

Friday 28 March 2014

MySQL server is not starting

Error massage :
[ERROR] /usr/sbin/mysqld: Can't find file: './mysql/host.frm' (errno: 13)
140329  5:47:35
[ERROR] Fatal error: Can't open and lock privilege tables: Can't find file: './mysql/host.frm' (errno: 13)

Solution:  Please change ownership of MySQL root folder

chown -R mysql:mysql /var/lib/MySQL

and restart MySQL service

Thursday 27 March 2014

How to Install and configure sendmail for Windows Task Scheduler

Easy way to install and configure sendmail on windows machine.

If you want using send mail on windows without installing  smtp server
you can done it, fallow below step and done process.

Requirement :

1. Windows 7/vista , 2003/2008 server
2. sendEmail-v156-notls.zip or above ( download to this link
    http://caspian.dotconf.net/menu/Software/SendEmail/ )

Put the zip file where you want like C:\sendEmail-v156-notls.zip
extract this  and rename folder name : sendEmail-v156-notls to sendmail

c:\sendmail

Add event :
Got o Event Viewer > Task Scheduler > Operational > right click on alert massage and attached task to this event



 
Program/script: click on browse and select sendEmail.exe
C:\sendmail\sendEmail.exe
Add arguments(optional) :
-f abc@zyx.com -t abc@xyz.com -u Subject -m Task start Failed! -s mail.abc.com:25 -xu abc@xyz.com -xp password
Send multiple mail :
-f abc@zyx.com -t abc@xyz.com  -t alina@xyz.com -u Subject -m Task start Failed! -s mail.abc.com:25 -xu abc@xyz.com -xp password

 
click next and finish configuration!























 

Monday 24 March 2014

How to fix : The Recycle Bin C:\ is corrupted. Do you want to empty the Recycle Bin for this drive.

Error massage :


Solution :

1.   Login with Administrator > Click Start button and type cmd
2.    At the command prompt enter the following line and press Enter:
 rd /s c:\$recycle.bin

3.    When prompted to confirm the deletion type Y and press Enter to confirm.
4.    Close the command prompt window and restart the PC.
A new recycle directory will have been created.

Install XRDP in Centos 7

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum update yum groupinstall "GNOME Desktop" ...