Thursday, 25 September 2014

(bash vulnerability) Bash software bug could be bigger threat than Heartbleed, experts warn

Secure your Linux , apple pc, servers
Try the vulnerability test (in Terminal): 

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
if you are vulnerable, you get back:
if get it "vulnerable" please immediate update bash shell at linux.

for Centos\RHEL linux :
yum update bash

For ubuntu :

apt-get update aptapt-get install --only-upgrade bash or
mkdir srccd srcwget
#download all patchesfor i in $(seq -f "%03g" 0 25); do wget$i; donetar zxvf bash-4.3.tar.gz cd bashcd bash-4.3#apply all patchesfor i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done#build and install./configure && make && make install cd
cd .. cd
cd ..rm -r src
Verify patch
export VULNCHECK='() { :; }; echo You are still vulnerable'; bash
You are still vulnerable

You can see if you’re vulnerable by running the following command:
In a vulnerable environment, it’ll say:

And again check vulnerability if look like its fine.
$ env X="() { :;} ; echo busted" /bin/sh -c "echo hello"
otherwise you get:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

Tuesday, 23 September 2014

Install and configure atlassian jira and atlassian confluence for mysql on Linux\Centos\RHEL

Download jira and confluence package
cd /opt



Make executable jira/confluence bin file
chmod +x *.bin

tar -xvzf mysql-connector-java-5.1.26.tar.gz

Installing mysql server

yum install mysql-server mysql
service mysqld start
chkconfig mysqld on   (auto start service on system reboot)

Setup jira database 
mysql -u root -p


Configure atlassian jira for mysql
cd mysql-connector-java-5.1.26
cp *.jar /opt/atlassian/jira/lib/
service jira stop
service jira start
chkconfig jira on    (auto start service on system reboot)

Open jira on web browser and complete setup

Setup confluence for mysql

mysql -u root -p
GRANT ALL PRIVILEGES ON confluence.* TO 'confluenceuser'@'localhost' IDENTIFIED BY 'confluence';

cd mysql-connector-java-5.1.26
cp *.jar /opt/atlassian/confluence/lib/
service confluence restart
chkconfig confluence on

Open confluence on web browser and complete setup

Wednesday, 17 September 2014

OpenVPN Server and Client common issue

1. How to automatically log in to OpenVPN on Windows :

The following launch string is needed for either method:

For 32 bit Windows - "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --connect client.ovpn

For 64 bit Windows - "C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe" --connect client.ovpn

The client is replaced with the name of the OpenVPN configuration file you wish to start. Your list of available .ovpn files can be found in the 'OpenVPN/config' folder on your computer.

You now need to add this to your WIndows registry start settings. Open regedit on your computer and go to:


Add a new string entry. Give it a name you can identify later such as "openvpn" then add the above string.

OpenVPN auto start

2.  TLS related Error :

Wed Aug 27 16:05:18 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 27 16:05:18 2014 TLS Error: TLS handshake failed

Solution  :
1. may be openvpn server was not start
2. Check firewall - may respected port is not opened or try with disabled windows or third party firewall

3. Error: 

VERIFY ERROR: depth=1, error=certificate is not yet valid:  in openvpn

Solution :

It may be date/time is not correct server and client machine.

4. Error: 

No server certificate verification method has been enabled.

Solution :
make entry in client.ovpn  file
ns-cert-type server

Install and configure latest OpenVPN Server and Client on Windows machine


1. On windows machine Enabling TCP/IP Forwarding

    Use Registry Editor (Regedt32.exe) to view the following registry key:
    Set the following registry value:
    Value Name: IPEnableRouter
    Value type: REG_DWORD
    Value Data: 1
    NOTE: A value of 1 enables TCP/IP forwarding for all network connections installed and used by this computer.

2. Install openvpn (openvpn-install-2.3.4-I603-x86_64) with full packages, you will get easy-rsa tools
3. Create certificate for server and client
cd cd "Program Files\OpenVPN\easy-rsa"
C:\Program Files\OpenVPN\easy-rsa>init-config.bat  ( it's simply copy vars.bat.sample to vars.bat )
C:\Program Files\OpenVPN\easy-rsa>vars.bat         ( open vars and modify according to our requirement , like
set PKCS11_MODULE_PATH=changeme
set PKCS11_PIN=1234
C:\Program Files\OpenVPN\easy-rsa>clean-all.bat
C:\Program Files\OpenVPN\easy-rsa>build-ca.bat
C:\Program Files\OpenVPN\easy-rsa>build-key-server server
C:\Program Files\OpenVPN\easy-rsa>build-key client
note : please be sure Common Name value and Name value should be change
C:\Program Files\OpenVPN\easy-rsa>build-dh.bat

4. All keys files are stored in keys folder (C:\Program Files\OpenVPN\easy-rsa\keys) copy ca.crt, server.crt, server.key,dh1024.pem and
past in C:\Program Files\OpenVPN\config folder
5. copy server.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past in (C:\Program Files\OpenVPN\config) folder

6. open server.ovpn and make below changes and save it.

Server config :

local    (OpenVPN Server ip)
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
push "route"   (OpenVPN server network ips)
push "dhcp-option DOMAIN"    (if you are using domain)
keepalive 10 120
cipher AES-256-CBC
status openvpn-status.log
verb 3

7. Go to services.msc and make openVpn to start automatic on system start.

8. Be sure udp 1194 port should be open on firewall.

DONE................... server configuration

openVPN client configuration :

1. Install openvpn (openvpn-install-2.3.4-I603-x86_64) on default mode.
2. copy copy ca.crt, client.crt, client.key from server and past in client machine C:\Program Files\OpenVPN\config
3. copy client.ovpn from server (C:\Program Files\OpenVPN\sample-config\) and past it on client machine (C:\Program Files\OpenVPN\config)

4. open client.ovpn and make below changes
client config :
dev tun
proto udp
remote openvpn server ip 1194
resolv-retry infinite
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
cipher AES-256-CBC
verb 3

5. Click on OpenVPN GUI and connect to OpenVPN SERVER


OpenVPN GUI connect command line

cd C:\Program Files\OpenVPN\bin
openvpn-gui.exe --config client.ovpn or openvpn.exe --config client.ovpn


Friday, 12 September 2014

XEN SERVER 6.2- apply hotfixes,install client, xentools

XenServer 6.2

Download latest all hotfixes from below link :

Apply hotfixes on XENSERVER 

[root@xenserver ~]#
    5  xe patch-upload file-name=XS62ESP1008.xsupdate
    7  xe patch-list | more                         ( find patch uuid )
    8  xe host-list                                  (find host uuid)
   12  xe patch-apply uuid=0850b186-4d47-11e3-a720-001b2151a503 host-uuid=b079bb9c-ab15-499b-90ad-93fd8142fde5
   15  xe-toolstack-restart
Error when applying Update 3: The upload update already exist. Check your settings and try again

Clean hotfix first then apply again :

type the command xe patch-list end press Enter.
Write down the Universally unique Identifier (UUID) of the Update 3 which is 1244e029-4f48-4503-82c7-db4e2ec8f70d.

Type the command xe patch-clean uuid=1244e029-4f48-4503-82c7-db4e2ec8f70d and press Enter.

Create NFS ISO library :

NFS ISO Library []

Installing XenServer Tools on Windows VMs

Important: Note that installing XenServer Tools will cause any media in the virtual machine's CD/DVD-drive to be ejected. Do not attempt to install XenServer Tools if the virtual machine's CD/DVD-drive is in use, for example, during OS install from CD.
Select the VM in the Resources pane, right-click, and then click Install XenServer Tools on the shortcut menu. Alternatively, on the VM menu, click Install XenServer Tools.
Click Install XenServer Tools on the message dialog to go to the VM's console and begin the installation.
If Autoplay is enabled for the VM's CD drive, installation will be started automatically after a few moments. If Autoplay is not enabled, double-click on the CD drive to begin installing XenServer Tools.
Follow the on-screen instructions, and reboot the VM when prompted.

Installing XenServer Tools on Linux VMs 

Select the VM in the Resources pane, right-click, and then click Install XenServer Tools on the shortcut menu. Alternatively, on the VM menu, click Install XenServer Tools.
Click Install XenServer Tools on the message dialog to go to the VM's console.
As the root user, mount the image into the VM:
mount /dev/xvdd /mntExecute the installation script as the root user:


Download and Install xencenter client on windows:

Install openxenmanager( xencenter client) on linux/centos :

 1008 cd /opt
 1009 wget
 1010  tar -xvzf openxenmanager_rev48.tar.gz
 1012  cd openxenmanager
 1014  vi /usr/bin/xenmanager
 1015  chmod 755 /usr/bin/xenmanager
 1019  yum install rrdtool
 1023  yum search python|grep gtk
 1024  yum install gtk-vnc-python.x86_64

 1025  yum install pygtk2.x86_64

Create template :

Change DNS SERVER IP in xen server :
 1. login shell prompt
 2.  Now you'll want to run xe pif-list
Take note of the uuid of your management interface.
3.  Now you'll want to run the xe pif-reconfigure-ip uuid=youruuid mode=static IP= netmask= gateway= DNS=,

Press enter and you're set :)
Comman error:


Solution :

Change clone machine name

Error on clone machine :


[root@localhost ~]# yum install php ( installing any package )
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist error was
14: PYCURL ERROR 22 - "The requested URL returned error: 403 Forbidden"
Error: Cannot find a valid baseurl for repo: base
[root@localhost ~]#

Solution :
network issue related to internet

Wednesday, 18 June 2014

Upgrading Redmine old version to new version

                                    Easy way to Redmine upgrade

Activity done on old installation:

1.            #/opt/redmine/ stop
      2.            #/opt/redmine/ start mysql
      3.            #/opt/redmine/mysql/bin/mysqldump –u bitnami -p bitnami_redmine >
4.            Backup uploaded files :
                 #cd /opt/redmine/apps/redmine/htdocs
                 # cp –rvf files files.bak ( and take it in safe place)
      5.            Uninstall old redmine :
                #cd /opt/redmine
                #./uninstall    - press enter
                #rm –rf /opt/redmine

Activity done on new installation:

1.            Download latest redmine stack and install it.
    2.            Then check the database details in database.yml , where you have define the
             installation path using vi /opt/redmine/apps/redmine/htdocs/config/database.yml

3.            Login in database using root user

#/opt/redmine/mysql/bin/mysql -u root –p

    Password: ****

    mysql> drop database bitnami_redmine;

    mysql> create database bitnami_redmine;

    mysql> grant all privileges on bitnami_redmine.* to 'bitnami'@'localhost'

    identified by 'DATABASE_PASSWORD';

4.                  Restore the new database:
        #mysql -u bitnami -p bitnami_redmine < bitnami_redmine06162014.sql

5.            Restore file backup :

         #cp files.bak/* /opt/redmine/apps/redmine/htdocs/files/

7.            Support this new version and run the following command:
              #cd /opt/redmine/apps/redmine/htdocs/

  #/opt/redmine/ruby/bin/ruby bin/rake db:migrate RAILS_ENV=production
    8.                  Finally you should clean the cache and the sessions:

   # ruby bin/rake tmp:cache:clear
             # ruby bin/rake tmp:sessions:clear
   9.                Restart the servers and you can access to your new Redmine.
             #/opt/redmine/ restart
               Index file location:

Enjoy with latest Redmine............! 

Wednesday, 23 April 2014

Remove remi php5.4 package and install php5.3 on Centos linux machine

# Remove the Remi packages. Note the reversed command order

yum remove php-pecl-apc php-cli php-pear php-pdo php-mysql php-pgsql php-pecl-mongo php-sqlite php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml
yum  remove httpd php php-common

# Install the CentOS packages.

yum install httpd php php-common
yum install php-pecl-apc php-cli php-pear php-pdo php-mysql php-pgsql php-pecl-mongo php-sqlite php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml

Directory index forbidden by Options directive

Solution :

open httpd.conf file and make entry

vi /etc/httpd/conf/httpd.conf

<Directory "/var/www/html">
   Options -Indexes FollowSymLinks +ExecCGI
    AllowOverride AuthConfig FileInfo
    DirectoryIndex index.php index.html
    Order allow,deny
    Allow from all

If using fastcgi then make entry below mentioned.

<Directory "/var/www/html">
   Options -Indexes FollowSymLinks +ExecCGI
    AllowOverride AuthConfig FileInfo
    AddHandler php5-fastcgi .php
    Action php5-fastcgi /cgi-bin/php.fcgi
    DirectoryIndex index.php index.html
    Order allow,deny
    Allow from all

then restart httpd service.
#/etc/init.d/httpd restart

Saturday, 29 March 2014

How to Install and configure mysql multi instance in ubuntu 12.04/13.04 server

Create multi MySQL slave on single Ubuntu server

Step-1:Login to your server as root user

Step-2:Login to your mysql server as root and execute the following command

mysql>GRANT SHUTDOWN ON *.* TO 'multi_admin'@'localhost' IDENTIFIED BY 'password';


Step-3:come out of mysql prompt and stop mysql server.To stop you can execute
[root@localhost ~]# service mysql stop

#cd /etc/mysql
#vi my.cnf    
mysqld     = /usr/bin/mysqld_safe
mysqladmin = /usr/bin/mysqladmin
log        = /var/log/mysqld_multi.log
user       = multi_admin
password   = password

port       = 3306
datadir    = /var/lib/mysql
pid-file   = /var/lib/mysql/
socket     = /var/lib/mysql/mysql.sock
user       = mysql
log-error  = /var/log/mysqlerp.err
server-id = 4
relay-log= /var/lib/mysql/relay-bin.log
log-bin = /var/lib/mysql/mysql-bin.log
binlog_do_db = dbname

port       = 3307
datadir    = /var/lib/mysql2
pid-file   = /var/lib/mysql2/
socket     = /var/lib/mysql2/mysql.sock
user       = mysql
server-id = 3
relay-log= /var/lib/mysql2/relay-bin.log
log-bin = /var/lib/mysql2/mysql-bin.log
binlog_do_db = dbname
log-error  = /var/log/mysqlcrm.err

vi /etc/apparmor.d/usr.sbin.mysqld
# vim:syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30 2007
#include <tunables/global>
/usr/sbin/mysqld {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/user-tmp>
  #include <abstractions/mysql>
  #include <abstractions/winbind>
  capability dac_override,
  capability sys_resource,
  capability setgid,
  capability setuid,
  network tcp,
  /etc/hosts.allow r,
  /etc/hosts.deny r,
  /etc/mysql/*.pem r,
  /etc/mysql/conf.d/ r,
  /etc/mysql/conf.d/* r,
  /etc/mysql/*.cnf r,
  /usr/lib/mysql/plugin/ r,
  /usr/lib/mysql/plugin/*.so* mr,
  /usr/sbin/mysqld mr,
  /usr/share/mysql/** r,
  /var/log/mysql.log rw,
  /var/log/mysql.err rw,
+ /var/log/mysql[1-9].log rw,
+ /var/log/mysql[1-9].err rw,
  /var/lib/mysql/ r,
  /var/lib/mysql/** rwk,
+ /var/lib/mysql[1-9]/ r,
+ /var/lib/mysql[1-9]/** rwk,
  /var/log/mysql/ r,
  /var/log/mysql/* rw,
+ /var/log/mysql[1-9]/ r,
+ /var/log/mysql[1-9]/* rw,
+ /var/run/mysqld/ rw,
+ /var/run/mysqld/mysqld.sock w,
  /run/mysqld/ rw,
  /run/mysqld/mysqld.sock w,
  /sys/devices/system/cpu/ r,
  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.mysqld>

#/etc/init.d/apparmor restart

#mkdir -p /var/lib/mysql2
cp -r /var/lib/mysql/ /var/lib/mysql2/
chown -R mysql:mysql /var/lib/mysql2

mysqld_multi command
check status :
mysqld_multi report
Start All Mysql Instance
mysqld_multi start
Stop All Mysql Instance
mysqld_multi stop
Start specific Mysql Instance
mysqld_multi start 1 , 2 , 3.... and so on
Stop specific Mysql Instance
mysqld_multi stop 1 , 2 ,3.... and so on

Check MySQL service :
ps -aux | grep mysql | grep -v grep

Access mysql instance :
mysql -uroot -h127.0.0.1 -P3306 -p
mysql -uroot -h127.0.0.1 -P3307 -p


Friday, 28 March 2014

MySQL server is not starting

Error massage :
[ERROR] /usr/sbin/mysqld: Can't find file: './mysql/host.frm' (errno: 13)
140329  5:47:35
[ERROR] Fatal error: Can't open and lock privilege tables: Can't find file: './mysql/host.frm' (errno: 13)

Solution:  Please change ownership of MySQL root folder

chown -R mysql:mysql /var/lib/MySQL

and restart MySQL service

Thursday, 27 March 2014

How to Install and configure sendmail for Windows Task Scheduler

Easy way to install and configure sendmail on windows machine.

If you want using send mail on windows without installing  smtp server
you can done it, fallow below step and done process.

Requirement :

1. Windows 7/vista , 2003/2008 server
2. or above ( download to this link )

Put the zip file where you want like C:\
extract this  and rename folder name : sendEmail-v156-notls to sendmail


Add event :
Got o Event Viewer > Task Scheduler > Operational > right click on alert massage and attached task to this event

Program/script: click on browse and select sendEmail.exe
Add arguments(optional) :
-f -t -u Subject -m Task start Failed! -s -xu -xp password
Send multiple mail :
-f -t  -t -u Subject -m Task start Failed! -s -xu -xp password

click next and finish configuration!


Monday, 24 March 2014

How to fix : The Recycle Bin C:\ is corrupted. Do you want to empty the Recycle Bin for this drive.

Error massage :

Solution :

1.   Login with Administrator > Click Start button and type cmd
2.    At the command prompt enter the following line and press Enter:
 rd /s c:\$recycle.bin

3.    When prompted to confirm the deletion type Y and press Enter to confirm.
4.    Close the command prompt window and restart the PC.
A new recycle directory will have been created.

Install XRDP in Centos 7

rpm -Uvh yum update yum groupinstall "GNOME Desktop" ...