Linux

HOW TO : Modify iptables rules

Quick how to for my personal records. iptables is an open source firewall (and it does a lot more) included with most linux distributions.

Steps to add new rule to existing configuration

  • Check the list of rules and their corresponding sequence

[code]sudo iptables -vL –line-numbers [/code]

  • Add the new rule at the required location/sequence

[code] sudo iptables -I INPUT LINE_NUMBER RULE [/code]

Example :

[code]iptables -I INPUT 8 -s X.X.X.X/24 -p tcp -m state –state NEW -m tcp –dport 3128 -j ACCEPT[/code]

  • Save the configuration

[code] sudo serivce iptables save [/code]

Thx to Sijis for helping with the commands.

December 12, 2011 by HOWTO Linux Networking security Uncategorized 0

HOW TO : Fix Jboss startup script for CentOS

Quick note for myself on fixing the default startup script provided by Jboss to work on CentOS. Thx to Shankar to finding the solution.

The default startup script (/$JBOSS_HOME/bin/jboss_init_redhat.sh) that Jboss provides does not work properly in CentOS. The start option works fine, but when you try to stop Jboss, it gives you a “No JBossas is currently running” message and quits.

Here’s a quick way to fix it. Edit the jboss_init_redhat.sh file and replace

[code]JBOSSSCRIPT=$(echo $JBOSSSH | awk ‘{print $1}’ | sed ‘s/\//\\\//g’) [/code]

with

[code]JBOSSSCRIPT=$(echo $JBOSSSH | awk ‘{print $1}’)[/code]

November 28, 2011 by HOWTO Linux Technology Uncategorized 1

HOW TO : Configure Oracle data source in Jboss

Here are some quick notes on configuring a data source for an Oracle database in Jboss. Data Source are common access points to different sources of data, provided by the application server framework to the applications running in it. These instructions are very specific to the 5.x EAP version.  Jboss SOA has a pretty easy ant based script to configure data sources. I am not sure why Redhat didn’t think it would be good to include it as part of the EAP package too.

  1. Download the latest version of the JDBC driver from Oracle at http://www.oracle.com/technetwork/database/features/jdbc/index-091264.html . You can also get to this link by searching for “download ojdbc jar” in Google. In fact, I would recommend that, given that Oracle might change the link for future editions. You will need an Oracle account to download the driver file.
  2. Copy the driver file to $JBOSS_HOME/server/$JBOSSS_PROFILE/lib
  3. Disable the default hsqldb datasource provided by Jboss. This is good for development purposes, but for any application server you want to deploy into a production environment, you need to replace it with a more robust DBMS. It will have a major impact on performance. There are two places hsqldb is referred to in the default install
    • $JBOSS_HOME/server/$JBOSSS_PROFILE/deploy/hsqldb-ds.xml
    • $JBOSS_HOME/server/$JBOSSS_PROFILE/deploy/messaging/hsqldb-persistence-service.xml
    • I usually rename these files with a DO_NOT_USE prefix. You can delete them too, but I leave them around just in case.
  4. Configure the Oracle data source by copying from the sample files and configuring them
    • $JBOSS_HOME/server/$JBOSSS_PROFILE/deploy/oracle-ds.xml (you can find the sample file at $JBOSS_HOME/docs/examples/oracle-ds.xml)
    • $JBOSS_HOME/server/$JBOSSS_PROFILE/deploy/messaging/oracle-persistence-service.xml (you can find the sample file at $JBOSS_HOME/docs/examples/oracle-persistence-service.xml)
      • Comment out the following line in the file if you are not using clustering in the application server [code] <attribute name="ChannelFactoryName">jboss.jgroups:service=ChannelFactory</attribute> [/code]
Restart Jboss and it will create all the required tables and objects in the schema provided in the connect string. It is implied that you have created a schema in Oracle with the required privileges.
November 8, 2011 by Linux Technology Uncategorized Web 0

HOW TO : Check web services using curl

Quick note for myself to check web services using curl ([L/U]nix utility to play with http(s) traffic)

[code] curl https://URL_TO_TEST –insecure –trace-ascii debug.txt [/code]

Comments on options :
–insecure is used if you are testing web services served over SSL using self signed certs
–trace-ascii dumps all traffic between the client (curl in this case) and the server in human readable format

October 31, 2011 by HOWTO Linux Networking security Uncategorized Web 0

HOW TO : Search ownership of files in Linux

Say you have a directory with a bunch of sub directories and files and you want to see if all the files are owned by a particular user, you can use the following set of commands

[code]ls DIRECTORY_PATH -l -R | awk {‘print $3’} | grep -v USER_NAME[/code]

The set of commands do the following

  • ls -l -R shows the list of files and directories
  • awk prints the name of the owner of the file (it is the third column)
  • grep shows only the lines where the owner name doesn’t match

And yeah.. this works in most variants of Linux :).

September 1, 2011 by HOWTO Linux Technology Uncategorized 2

HOW TO : Apache and SELinux

Quick note for future reference..

If you ever run into errors like this

[code]
<pre>Starting httpd: Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
(13)Permission denied: httpd: could not open error log file /etc/httpd/logs/error_log.
Unable to open logs
[FAILED]
[/code]
And you are scratching your head why Apache is throwing these errors, even when the said directory and files exist. And you have the right permissions!! Check if you have SELinux running and being enforced.
On RHEL, you can check if SELinux is running by
[code]cat /selinux/enforce [/code]
The two values are 0 and 1. 0 means, SELinux is not being enforced and 1 means it is.
You can quickly disable SELinux temporarily by
[code]echo 0 >/selinux/enforce [/code]
If you want to disable it permanently (i.e. survive reboots), you have to edit the file /etc/selinux/config and change the SELINUX line from enabled to disabled.

August 22, 2011 by HOWTO Linux Networking Technology Uncategorized Web 4

Overheard : Random comments about technology

Here are some interesting titbits from a executive summary event hosted by Redhat/Intel that I attended yesterday.

We decreased the execution times for our orders from 1.5 seconds to 5 milliseconds

This from an executive managing the technology organization for a large trading company. Imagine the geekiness in accomplishing this :).

For every 450 smartphones that get activated a server is added to support them

This from an Intel executive. So if there are 500000 android phones being activated every day.. that’s around 1111 servers being added just to serve the android fans :).

1 in 4 servers currently runs Linux

This from a Redhat executive. If anyone doubts that Linux is mainstream.. they are living under a rock 🙂

August 19, 2011 by Linux OverHeard Technology Uncategorized Web 0

HOW TO : Use grep to search for credit card numbers

I was looking for a quick way to search for credit card numbers in a file and ran across this excellent post by Adrian Rollett. I tweaked his suggestion a bit to show some additional data.

Original suggestion

[code] grep ‘\(^\|[^0-9]\)\{1\}\([345]\{1\}[0-9]\{3\}\|6011\)\{1\}[-]\?[0-9]\{4\}[-]\?\[0-9]\{2\}[-]\?[0-9]\{2\}-\?[0-9]\{1,4\}\($\|[^0-9]\)\{1\}’ FILE_TO_SEARCH [/code]

My modification

[code] grep ‘\([345]\{1\}[0-9]\{3\}\|6011\)\{1\}[ -]\?[0-9]\{4\}[ -]\?[0-9]\{2\}[-]\?[0-9]\{2\}[ -]\?[0-9]\{1,4\}’ –color -H -n FILE_TO_SEARCH [/code]

The modified command will show the name of the file the number was found and at which line. You can tweak it further using additional options for grep. A good reference guide can be found here.

August 17, 2011 by HOWTO Linux Technology Uncategorized 0

HOW TO : for loop in bash

Quick post for my own reference down the road. the “for” loop comes in very handy, when you want to perform the same task on multiple items in a bash shell.

For example, I wanted to query the DNS results of a couple of sub domains (blog.gogoair.com, pr.gogoair.com, tracker.gogoair.com), I can do it the normal way (that 99% of us do 🙂 )

[code] dig blog.gogoair.com

dig pr.gogoair.com

dig tracker.gogoair.com [/code]

Or, I can use the for loop function and do this

[code] for i in {blog,pr,tracker}.gogoair.com; do echo "$i" ; dig +short "$i"; done [/code]

Got to love technology :).. Makes you lazy!!..err I meant to say productive.

Thx to Cliff for the inspiration.

June 23, 2011 by Linux Programming Uncategorized 1