Just add the following without the quotes after the youtube film URL and use something like FlashGot (or grab the full URL with Firebug) to download it:
"&fmt=18" for HQ MP4 format
or
"&fmt=6" for HQ FLV format.
The "Flash Video Resources Downloader" Firefox addon seems to get this right and is able to download FLV, HQ FLV and HQ MP4 format movies from Youtube and can also handle similar sites. The downside is reliance on a web hosted php script (it means visiting this site every time you want to download something to grab the URL).
Wednesday, December 31, 2008
Download HQ MP4 or FLV movies from youtube
Posted by cmihai at 10:33 AM 2 comments
Labels: Internet
Thursday, December 11, 2008
Export VIM syntax highlighting to HTML
You can export the colorscheme based syntax highlighting in used in your VIM instance to a HTML file.
Just set a colorscheme and enable syntax highligting in VIM"
colorscheme torte
syntax on
Then you can export the same color scheme to a HTML file:
:runtime! syntax/2html.vim
This works for any file type supported by VIM. Just make sure you save the file before using the right extention.
Posted by cmihai at 12:04 PM 2 comments
Labels: Open Source, Scripting
Script for automating hardlink creation
::
:: Linking script
:: Usage: ln "source\REGEXP" destination
@echo off
set sourcedir=%1
set destdir=%2
if "%1" == "" goto usage
echo "Linking" %sourcedir% "\*" to %destdir% "\*"
if not exist %destdir% mkdir %destdir%
:: Create the destination directory if it does not exist
shift
if "%1" == "" goto end
for %%i in (%sourcedir%) do fsutil hardlink create %destdir%\%%~nxi %%~fi
goto iterate
:usage
color 4f
echo "Usage: ln.bat source-directory\REGEXP destination-directory
echo "If the destination directory does not exist it will be created."
echo "If a fully qualified path is not used, current directory will be used"
pause
color
:end
set sourcedir=
Posted by cmihai at 11:34 AM 0 comments
Tuesday, December 09, 2008
Scripting VMware Infrastructure with PowerShell
You can script VMware Server and VMware Infrastructure using Microsoft PowerShell CmdLets and the VMware VI Toolkit. It's really great for scheduling and automating tasks, since the scheduler in VMware Infrastructure Client is severely limited
You need to install the .NET Framework (2.0 at least), PowerShell 1.0 and the VMware VI Toolkit. All are freely available.
Get-VICommand to list available cmdlets and read the VI Toolkit Cmdlets Reference for documentation.
Posted by cmihai at 12:06 PM 0 comments
Labels: Microsoft, Scripting, Virtualization
Monday, December 08, 2008
Creating hardlinks on Windows
You can use fsutil on Windows XP and Windows 2003 or mklink on Windows Vista and 2008 to create hardlinks in a Windows environment. This requires a NTFS filesystem.
Posted by cmihai at 10:26 AM 0 comments
Labels: Microsoft
Friday, November 21, 2008
Windows - Delayed Write Failed when copying to USB disks
Trouble transfering large files to USB devices? I've had quite some problems with Delayed Write Failed even after caching disabled, increasing the system page size, etc. when transfering large files to Western Digital USB 2.0 500MB and 2TB MyBook Devices (though this looks like an issue with USB storage devices in general).
Messages like these turn up in Even Viewer:
{Delayed Write Failed} Windows was unable to save all the data for the file . The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
or
Application popup: Windows - Delayed Write Failed : Windows was unable to save all the data for the file. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
To fix this enabled SoftRetry for USB transfers:
Start - run - cmd. Type:
- reg add HKLM\SYSTEM\CurrentControlSet\Services\USB\EnSoftRetry /v Data /t REG_DWORD /d 1
Other hacks to get around this issue:
Look into HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management at LargeSystemCache and SystemPages.
Disable write caching on the disk (Right click the drive letter - Properties - Hardware - Select the Disk - Properties - Policies - Optimize for quick removal).
Make sure you monitor errors under Start - Run - eventvwr.msc -> System.
Posted by cmihai at 11:39 PM 2 comments
Thursday, November 13, 2008
DHCP Server on AIX
# vi /etc/dhcpsd.cnf
leaseTimeDefault 30 minutes
leaseExpireInterval 3 minutes
supportBOOTP yes
supportUnlistedClients yes
network 192.168.0.1 255.255.255.0
{
subnet 192.168.0.0 192.168.0.11-192.168.0.16
}
# startsrc -s dhcpsd
0513-059 The dhcpsd Subsystem has been started. Subsystem PID is 335890.
# lssrc -ls dhcpsd
Log file: /usr/tmp/dhcpsd.log
Log Level: 0x16
Client Expire Interval: 3600
Reserve Expire Interval: 900
Bad Addr Reclaim Interval: 4394967295
Database Save Interval: 3600
IP Address Status Duration Time Stamp Client ID
---------- ------ -------- ----- ------- ---------
192.168.0.11 Leased Infinite Nov 13 12:22 1-deadbeefcafe
192.168.0.12 Leased Infinite Nov 13 12:24 1-abadcafebabe
192.168.0.13 Free
192.168.0.14 Free
192.168.0.15 Free
192.168.0.16 Free
Posted by cmihai at 1:31 PM 0 comments
Labels: AIX, IBM, Internet, Networking
Friday, November 07, 2008
Bitlbee - Yahoo and IM console client on AIX
Bitlbee supports XMPP/Jabber (including Google Talk), MSN Messenger, Yahoo! Messenger, AIM and ICQ and creates a localhost IRC server you can connect to with say EMACS ERC irc client. Great for the whole ssh -> screen -> EMACS -> ERC deal.
It's quite nice for consolidating all your communication inside of Emacs (IRC via ERC, mail and news via GNUS, IM via bitlbee), etc.
Luckily, Bitlbee compiles out of the box on AIX, and you don't even need root permissions to use it.
Simply download it and compile it with say gcc:
% gunzip -c bitlbee-1.2.3.tar.gz| tar xf -Now connect your IRC client to localhost port 12345 and create your account.
% cd bitlbee-1.2.3
% ./configure --ssl=openssl
% gmake
% ./bitlbee -D -n -v -i 127.0.0.1 -p 12345 -c ./bitlbee.conf
register password
account add yahoo username password
account on
Posted by cmihai at 12:29 PM 0 comments
Friday, September 26, 2008
Thursday, September 11, 2008
Adding more speeddial boxes to Opera.
By default, Opera uses a 3x3 grid for the speeddial. You can change this to whatever you want by editing the speeddial.ini file.
Open a new opera tab and type in opera:config and search for "speeddial" in the Quick Find bar.
You now have the location of speeddial.ini from User Prefs - Speed Dial File. Edit this file.
Make sure you close Opera, and edit this file.
Add the following lines to the top of the speeddial.ini file:
[Size]
Rows=4
Columns=4
This should give you a solid 16 speeddial boxes.
Posted by cmihai at 11:24 AM 2 comments
Labels: Internet
Sunday, September 07, 2008
Making VMware Console work with Firefox 3.0.1
If you're running VMware Server 2 and require the console plugin to work with Firefox, you can use this trick to make it work once you update to Mozilla Firefox 3.0.1:
Just edit the VMware Console plugin install.rdf and change the:
to
or
and restart Firefox. Now update Firefox and all should work fine.
The install.rdf should be located in the plugin folder (~/.mozilla or similar on UNIX and Document and Settings or User/username/Application Data on Windows. Example:
C:\Documents and Settings\cmihai\Application Data\Mozilla\Firefox\Profiles\eqz4a1i8.default\extensions\VMwareVMRC@vmware.com
Just search for VMwareVMRC.
Posted by cmihai at 12:09 AM 0 comments
Labels: Internet, Virtualization
Thursday, September 04, 2008
VirtualBox 2.0 Released.
The 2.0 release of VirtualBox is now available.
http://www.virtualbox.org/
Posted by cmihai at 4:46 PM 0 comments
Labels: Virtualization
Monday, August 04, 2008
IRC-ing on AIX with EMACS ERC
Emacs ERC (M-x erc) is a IRC client built into newer releases of EMACS.
To build this you need the bos.adt sets and a compiler (gcc or xlc will do just fine).
Remember to set TERM=dtterm for colors :-).
Posted by cmihai at 1:12 PM 0 comments
Labels: AIX, Networking, Open Source
Tuesday, July 29, 2008
VMware ESXi Hypervisor Now Free
After making VMware Player and VMware Server available for free and the VMware toolkit open source under a GPL license, VMware now makes VMware ESXi Hypervisor available at no cost.
Posted by cmihai at 9:55 AM 0 comments
Labels: Virtualization
Thursday, July 24, 2008
SedTris - a Tetris game written in sed.
I've seen irc clients written in sed and I've seen a lot of sed magic in my time, but this is just ridiculous...
A Tetris game written in sed.
http://uuner.doslash.org/forfun/sedtris.sed
Posted by cmihai at 12:58 AM 7 comments
Labels: Scripting
Sun announced intentions to release SunWebServer under BSD license
Sun will opensource part of their web stack under a BSD license.
"Sun announced that it is open sourcing the core components of the Sun Java(TM) System Web Server 7.0 and Sun Java(TM) System Web Proxy technologies under a BSD (Berkeley Software Distribution) license in the Web Stack sub-project of the OpenSolaris community. The Web and Proxy source code will be available in CY08Q3."
http://www.opensolaris.org/os/project/webstack/
"We're pleased to announce that the Web Stack project will be taking on the Open Source releases of the Sun Web and Proxy Server.... under a BSD license. Read about this and other plans in the Sun press release"
Posted by cmihai at 12:17 AM 0 comments
Labels: Internet, Open Source, Solaris, Sun
Saturday, July 12, 2008
Microsoft Reaserch Singularity Project - Open Source on Codeplex
You can grab the source code of the Singularity OS RDK - a Microsoft Research project from codeplex (Microsoft's version of SourceForge for Open Source Projects Hosting). It's basically an OS written mostly in managed code. It also uses a microkernel.
Running the thing is pretty simple. Just build world and run the ISO in VirtualPC.
Posted by cmihai at 2:00 PM 0 comments
Labels: Microsoft, Open Source
Sunday, July 06, 2008
Puttycyg, screen, zsh and irssi on Windows
Remeber PowerShell + PowerTab + PCSX + Console + Terminus?
Here's something even nicer: Puttycyg + Terminus + GNU Screen + ZSH + irssi:
Posted by cmihai at 9:54 PM 0 comments
Labels: Microsoft, Open Source
Friday, July 04, 2008
AWK tricks - clearing the screen and scrollback buffer.
You can put this in your logout profile to fill up the screen buffer (clear just won't do on some systems with a multiple page console scroll-back buffer).
Filling the screen buffer with new lines:awk -F 'BEGIN{ for (i = 1; i <= 3000; i++) printf "\n"; exit}'
See also:
http://www.openbsd.org/faq/faq7.html#ConsoleClear
Posted by cmihai at 12:17 AM 1 comments
Labels: Scripting
Wednesday, June 25, 2008
D-Light DTrace script for Sun Studio 12 in Solaris
Here's a pretty cool tool for developers, similar to the DTrace GUI from XCode in OS X 10.5 Leopard (Instruments):
It's part of Sun Studio 12.
It's still in development, but it can be pretty useful.
Posted by cmihai at 12:13 AM 0 comments
Labels: Debugging, Software Development, Solaris
Tuesday, June 24, 2008
Using AWK to convert UNIX passwords from HP-UX to Solaris
Converting password hashes from HP-UX 11.11 to Solaris is pretty simple if you are using UNIX crypt passwords (if HP-UX isn't a Trusted System. If it is, it will use bigcrypt passwords, > 8 characters, converting them to Solaris UNIX crypt could be problematic).
Here's the gest of it:
On the HP-UX System, we create a test user:
# useradd testNow we convert the passwd file to generate passwd entries for Solaris:
# passwd test
test
- # awk ' BEGIN { FS = ":" } { print $1":x:" $3 ":" $4 "::/export/home/" $1 ":/usr/bin/sh" }' /etc/passwd
- test:x:107:20::/export/home/test:/usr/bin/sh
And we create the shadow file entries, including the password hash:
Just add them using /usr/ucb/vipw to the password file, edit the shadow file for consistency and test. Be sure to backup the files and to test using a few users at first.
- # awk ' BEGIN { FS = ":" } { print $1":"$2"::::::" }' /etc/passwd
- test:lsDWJo7M.iAhY::::::
Mix with some shell scripting and mkdir's and you're set :-). Next time, use LDAP :P.
- $ su test
- Password:
- $ id
- uid=127(test) gid=120
- $ whoami
- test
- $ echo $HOME
- /export/home/test
- $ echo $SHELL
- /usr/bin/sh
Posted by cmihai at 10:49 PM 1 comments
Monday, June 23, 2008
Tru64 UNIX AdvFS open sourced
HP Tru64 UNIX's filesystem has been open sourced under a GPLv2 license.
http://advfs.sourceforge.net/
Press release here.
Documentation here.
What is it with UNIX giants making filesystems open source?
Posted by cmihai at 8:28 PM 1 comments
Labels: Open Source, Tru64
Sunday, June 22, 2008
Making NetBSD 4.0 and OpenBSD 4.3 install in VirtualBox
Installing NetBSD 4.0 in VirtualBox fails with:
Failed to write to file. /usr/bin/dig (or whatever) (Bad address).
To make it work disable ACPI, enable VT-x and set the IDE controller type to PIIX4.
VT-x makes all the difference for NetBSD also. Without VT-x, unpacking install sets is very slow (200kb/s). With VT-x, I get 6.42 MB/s.
Plus, it won't fail writing to files.
The same thing happens with OpenBSD, and can be fixed by using VT-x.
Posted by cmihai at 7:07 PM 0 comments
Labels: BSD, Virtualization
Fixing Java WebConsole ZFS Administration on Solaris Express Community Edition build 90, 91
Application Error
com.iplanet.jato.NavigationException: Exception encountered during forward
Root cause = [java.lang.IllegalArgumentException: No enum const class com.sun.zfs.common.model.AclInheritProperty$AclInherit.restricted]
Notes for application developers:
- To prevent users from seeing this error message, override the
onUncaughtException()
method in the module servlet and take action specific to the application - To see a stack trace from this error, see the source for this page
Generated Sun Jun 22 14:22:44 EEST 2008
If this happens to you, you need to set acl inherit to passthrough:
# zfs set aclinherit=passthrough rpool
Now WebConsole ZFS Admin will work.
You also need to make sure the webconsole serivce is enabled before you can use it:
# svcs -a | grep webconsole
disabled 15:32:25 svc:/system/webconsole:console
# svcadm enable webconsole
# svcs -xv webconsole
svc:/system/webconsole:console (java web console)
State: online since Sun Jun 22 15:34:40 2008
See: man -M /usr/share/man -s 1M smcwebserver
See: /var/svc/log/system-webconsole:console.log
Impact: None.
When you're done using it, you should probably disable the service, as Java will eat up 100MB of memory :-). Besides, you don't really need a GUI for ZFS admin. It's just nice to show to your friends.
# svcadm disable webconsole
You should also make sure to disable webconsole in your Zones, as it serves no purpose what so ever (and it will bloat your zones by about 100MB memory usage).
Posted by cmihai at 2:25 PM 0 comments
Labels: OpenSolaris, Solaris
Friday, June 20, 2008
Compiling 64 bit OpenSSL and OpenSSH on Solaris with Sun Studio 12; SSH ASCII fingerprints
For building OpenSSL.
% ./config
Replace -xarch=amd64 with -m64 in the Makefile.
% gmake
# gmake install
Now build OpenSSH:
export CFLAGS=-m64
export LDFLAGS=-m64
% ./configure --with-ssl-dir=/usr/local/ssl
% make
% su
# make package
The following packages are available:
1 OpenSSH OpenSSH Portable for Solaris
(i386) OpenSSH_5.0p1
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: Transferring
# pkgadd -d OpenSSH-OpenSSH_5.0p1-Solaris-i386.pkg
If you're using OpenSSH portable from CVS you can also enjoy the ASCII art fingerprint funtion:
ibmsolaris% ./ssh -F /etc/ssh/ssh_config 192.168.21.168
Host key fingerprint is ...
+--[ RSA]----------+
| |
| = . |
| . = F |
| + * + |
| S * . |
| o + . |
| . = o . . |
| o + . o |
| . .oo . |
+----------------------+
Just add CheckHostIP fingerprint to ssh_config.
To compile OpenSSH from CVS:
% export CVSROOT=anoncvs@anoncvs.mindrot.org:/cvs
% export CVS_RSH=/usr/bin/ssh
% cvs get openssh
# ln -s /usr/bin/automake-1.10 /usr/bin/automake
% make
% su
# make package
Posted by cmihai at 7:13 PM 0 comments
Labels: Open Source, OpenSolaris, Solaris
Solaris ZFS to ZFS LiveUpgrade
Regular UFS to UFS LiveUpgrade used to take a while to create the boot environment, etc. Complicated :-).
As of Solaris Express Community Edition 90, you can use LiveUpgrade with ZFS. You can also LU a UFS system to ZFS.
One of the benefits of ZFS root is the ZFS clone command (lucreate -n happens in a second):
# lucreate -n sxce91
Checking GRUB menu...
Analyzing system configuration.
No name for current boot environment.
INFORMATION: The current boot environment is not named - assigning name
Current boot environment is named
Creating initial configuration for primary boot environment
The device
PBE configuration successful: PBE name
Comparing source boot environment
system(s) you specified for the new boot environment. Determining which
file systems should be in the new boot environment.
Updating boot environment description database on all BEs.
Updating system configuration files.
Creating configuration for boot environment
Source boot environment is
Creating boot environment
Cloning file systems from boot environment
Creating snapshot for
Creating clone for
Setting canmount=noauto for
Creating snapshot for
Creating clone for
No entry for BE
Population of boot environment
Creation of boot environment
Mount the DVD image loopback:
# mkdir /mnt/iso
# lofiadm -a /export/home/cmihai/Desktop/SunDownloads/sol-nv-b91-x86-dvd.iso
/dev/lofi/1
# mount -F hsfs /dev/lofi/1 /mnt/iso
Liveupgrade:
# luupgrade -u -n sxce91 -s /mnt/iso/
No entry for BE
Copying failsafe kernel from media.
Uncompressing miniroot
Uncompressing miniroot archive (Part2)
13371 blocks
Creating miniroot device
miniroot filesystem is
Mounting miniroot at
Mounting miniroot Part 2 at
Validating the contents of the media
The media is a standard Solaris media.
The media contains an operating system upgrade image.
The media contains
Constructing upgrade profile to use.
Locating the operating system upgrade program.
Checking for existence of previously scheduled Live Upgrade requests.
Creating upgrade profile for BE
Checking for GRUB menu on ABE
Saving GRUB menu on ABE
Checking for x86 boot partition on ABE.
Determining packages to install or upgrade for BE
Performing the operating system upgrade of the BE
CAUTION: Interrupting this process may leave the boot environment unstable
or unbootable.
Upgrading Solaris: 100% completed
Installation of the packages from this media is complete.
Restoring GRUB menu on ABE
Adding operating system patches to the BE
The operating system patch installation is complete.
ABE boot partition backing deleted.
Configuring failsafe for system.
Failsafe configuration is complete.
INFORMATION: The file on boot
environment
INFORMATION: The file on boot
environment
INFORMATION: Review the files listed above. Remember that all of the files
are located on boot environment
environment
required or if additional media of the software distribution must be
installed.
The Solaris upgrade of the boot environment
Installing failsafe
Failsafe install is complete.
# luactivate sxce91
System has findroot enabled GRUB
Generating boot-sign, partition and slice information for PBE
Saving existing file in top level dataset for BE
Generating boot-sign for ABE
Saving existing file in top level dataset for BE
Generating partition and slice information for ABE
Boot menu exists.
Generating direct boot menu entries for PBE.
Generating xVM menu entries for PBE.
Generating direct boot menu entries for ABE.
Generating xVM menu entries for ABE.
GRUB menu has no default setting
No more bootadm entries. Deletion of bootadm entries is complete.
GRUB menu default setting is unchanged
Done eliding bootadm entries.
**********************************************************************
The target boot environment has been activated. It will be used when you
reboot. NOTE: You MUST NOT USE the reboot, halt, or uadmin commands. You
MUST USE either the init or the shutdown command when you reboot. If you
do not use either init or shutdown, the system will not boot using the
target BE.
**********************************************************************
In case of a failure while booting to the target BE, the following process
needs to be followed to fallback to the currently working boot environment:
1. Boot from Solaris failsafe or boot in single user mode from the Solaris
Install CD or Network.
2. Mount the Parent boot environment root slice to some directory (like
/mnt). You can use the following command to mount:
mount -Fzfs /dev/dsk/c1t0d0s0 /mnt
3. Run
environment root slice, as shown below:
/mnt/sbin/luactivate
4. luactivate, activates the previous working boot environment and
indicates the result.
5. Exit Single User mode and reboot the machine.
**********************************************************************
Modifying boot archive service
Activation of boot environment
# init 6
Posted by cmihai at 9:45 AM 8 comments
Labels: OpenSolaris, Solaris
Wednesday, June 18, 2008
Sun Solaris DTrace - counting page-ins
Need more details than:
% kstat -n vm | grep pgin
anonpgin 727
execpgin 0
fspgin 1012885
pgin 999385
pgpgin 1013612
anonpgin 1347
execpgin 0
fspgin 187550
pgin 46875
pgpgin 188897
22:41 <> hello, is there a way to see what processes could be causing a page-in excess?
22:43 <> dtrace pgin
As always, DTrace to the rescue :-).
cthulhu# dtrace -n pgin'{@[pid, execname] = count();}'
dtrace: description 'pgin' matched 1 probe
^C
27462 gnome-keyring-da 1
27495 wnck-applet 1
430 dbus-daemon 2
27446 gnome-session 2
27483 nautilus 4
27319 Xorg 11
Posted by cmihai at 10:49 PM 0 comments
Labels: OpenSolaris, Software Development, Solaris
Installing CentOS 5.1 in textmode
Need the old textmode installer? No time to kickstart?
Type
linux mem=192M noprobe
at the GRUB install prompt ;-). A system needs > 128MB RAM to install with Anaconda, but will default to the textmode installer if it has < 256MB RAM.
Posted by cmihai at 1:33 AM 1 comments
Labels: Linux, Open Source
Making VirtualBox work in headless mode on Solaris
If you've ran VirtualBox 1.6.2 on Solaris or OpenSolaris (SXCE anyway) you'll see something interesting happen when you run VBoxHeadless (let's say in GNU screen) and kill X :-). It will die.
cthulhu% ./VBoxHeadless -s CentOS51
VirtualBox Headless Interface 1.6.2
(C) 2008 Sun Microsystems, Inc.
All rights reserved
Listening on port 3389
X connection to :0.0 broken (explicit kill or server shutdown).
Which is kind of silly for something called "headless"...
Here's the fix:
env DISPLAY=buggerthis /opt/VirtualBox/VBoxHeadless -s SomeMachine
Now you can kill X happily.
It basically dies when :0.0 dies. Make it look for another DISPLAY, and it's fine.
Posted by cmihai at 1:09 AM 0 comments
Labels: OpenSolaris, Solaris, Virtualization
Sunday, June 15, 2008
Mortal Kombat 4 on Solaris - Wine
Using Wine, DosBOX, DosEMU, GSNEX, GBA, ePSX and various other Windows, DOS and game console emulators you can get a fair amount of fun old games running on Solaris (like StarCraft, Mortal Kombat Series, Final Fantasy 1-8, etc). Not to mention the whole Doom, Quake 1,2,3 series using the open sourced engines.
Add a Windows XP in VirtualBox to the mix and you're set :-). You can also use SeamlessRDP to run remote Windows app on your desktop.
Posted by cmihai at 1:17 PM 2 comments
Labels: OpenSolaris, Solaris, Virtualization
Saturday, June 14, 2008
Installing TeX Live 2008 LaTeX distribution on Solaris
If you're installing TeXLive on Solaris you'll run into some issues with tar / GNUtar (gtar).
I've used the small bootstrap installer available on CTAN.
# ./install-tl
...
Installing: 12many
tar: /dev/rmt/0: No such file or directory
It basically sends UNIX tar GNU tar flags. Just copy /usr/bin/gtar to ~/bin/tar (or some other PATH) and put that in PATH first. TeX Live will install just fine.
# copy /usr/bin/gtar /root/bin/tar
# export PATH=/root/bin
# ./install-tl
Posted by cmihai at 6:33 PM 0 comments
Labels: Open Source, OpenSolaris, Solaris
Wednesday, June 11, 2008
Deploying IBM DB2 inside a Solaris 10 Container
1. Creating the ZFS filesystem:
# zfs create rpool/export/zones
2. Configuring the DB2 zone:
# zonecfg -z db2
db2: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:db2> create
zonecfg:db2> set zonepath=/export/zones/db2
zonecfg:db2> set autoboot=true
zonecfg:db2> add net
zonecfg:db2:net> set address=192.168.1.100/24
zonecfg:db2:net> set physical=iwk0
zonecfg:db2:net> end
zonecfg:db2> verify
zonecfg:db2> commit
zonecfg:db2> exit
3. Installing the DB2 zone:
# zoneadm -z db2 install
A ZFS file system has been created for this zone.
Preparing to install zone
Creating list of files to copy from the global zone.
Copying <9648> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <1319> packages on the zone.
Initialized <1319> packages on zone.
Zone
Installation of these packages generated errors:
Installation of these packages generated warnings:
The file
4. Listing the zones:
# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
- db2 installed /export/zones/db2 native shared
5. Booting the DB2 zone:
# zoneadm -z db2 boot
6. Logging into the zone:
# zlogin -C db2
[Connected to zone 'db2' console]
Configure the initial system (locale, etc).
7. Install IBM DB2 Database 9:
db2# gunzip db2_v9fp1_ese_solaris_x64.tar.gz
db2# tar xvf db2_v9fp1_ese_solaris_x64.tar
db2# cd ese/disk1/
db2# ./db2_install
Default directory for installation of products - /opt/IBM/db2/V9.1
***********************************************************
Do you want to choose a different directory to install [yes/no] ?
no
Specify one or more of the following keywords,
separated by spaces, to install DB2 products.
CLIENT
RTCL
ESE
Enter "help" to redisplay product names.
Enter "quit" to exit.
***********************************************************
CLIENT RTCL ESE
DB2 installation is being initialized.
Total number of tasks to be performed: 41
Total estimated time for all tasks to be performed: 915
Task #1 start
Description: Checking license agreement acceptance
Estimated time 1 second(s)
Task #1 end
Task #2 start
Description: GSKit support
Estimated time 19 second(s)
...
8. Add a regular user account to your DB2 zone:
db2# mkdir -p /export/home/cmihai
db2# useradd -s /usr/bin/zsh -d /export/home/cmihai cmihai
db2# chown cmihai /export/home/cmihai
db2# passwd cmihai
New Password:
Re-enter new Password:
passwd: password successfully changed for cmihai
db2# su - cmihai
db2% cd /opt/IBM/db2/V9.1/bin
Check locale(1) and export LC_ALL=C if needed or db2 will complain:
db2% ./db2fs
couldn't set locale correctly
Make sure you read the install log in /tmp.
Here's a tip though: if you can, use the Graphical installer (ssh -X and run db2setup instead of db2_install).
All you need now is add various tuning, limitations and zfs quotas, etc.
If you need to start over, there's always ZFS snapshots or db2_deinstall.
Either way, if you need to create an instance:
# ./db2icrt -s wse -u db2fenc1 db2inst1
Sun Microsystems Inc. SunOS 5.11 snv_90 January 2008
Sun Microsystems Inc. SunOS 5.11 snv_90 January 2008
DBI1070I Program db2icrt completed successfully.
You can now use db2 to create a database and connect to it.
# db2
db2=> CREATE DATABASE test
db2 => CONNECT TO test
Database Connection Information
Database server = DB2/SUN64 9.1.1
SQL authorization ID = DB2INST1
Local database alias = TEST
db2 => CREATE TABLE clients (name char(25), surname char(50))
DB20000I The SQL command completed successfully.
db2 => LIST TABLES
Table/View Schema Type Creation time
------------------------------- --------------- ----- --------------------------
CLIENTS DB2INST1 T 2008-06-11-05.39.58.167896
1 record(s) selected.
db2 => INSERT INTO clients VALUES ('Some','Guy')
DB20000I The SQL command completed successfully.
db2 => SELECT * FROM clients
NAME SURNAME
------------------------- --------------------------------------------------
Some Guy
1 record(s) selected.
Posted by cmihai at 3:15 AM 0 comments
Labels: Databases, DB2, IBM, OpenSolaris, Solaris
Building xpdf on Solaris
Building xpdf on SXCE 90:
xpdf has some issues building with Sun Studio, so I suggest you use gcc. Make sure you export CC=g++ or linking will fail.
export PATH=/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ucb:/usr/sbin:/opt/SUNWspro/bin:/usr/local/bin:/usr/sfw/bin:/usr/sfw/sbin
export CC=/usr/sfw/bin/g++
./configure --with-freetype2-library=/usr/lib --with-freetype2-includes=/usr/include/freetype2 && gmake
su
gmake install
Posted by cmihai at 2:37 AM 0 comments
Labels: OpenSolaris, Solaris
Reading Microsoft Office 2007 formats with OpenOffice
You can rename the .docx or whatever to .zip and look at the .xml files, or you can use this:
OpenOffice plugin for Microsoft XML document format:
http://www.novell.com/documentation/openwg/esd/di_ooo_openxml_translator.html
Posted by cmihai at 2:01 AM 0 comments
Labels: Microsoft, Open Source
Staring SQL Developer or JDeveloper fails due to hidden messagebox
Can you spot why Oracle SQL Developer and JDeveloper aren't starting in this scenario?
You can't even see it on a white background (and there is no window in the taskbar) but there is a question box right behind the slash screen :-). Pay attention to the right edge of the splash...
Still, I love the new Java look.
Posted by cmihai at 12:13 AM 0 comments
Labels: Databases, Oracle, Software Development
Tuesday, June 10, 2008
Compiling GNU Screen, irssi and Emacs on Solaris with Sun Studio 12
Screen, Emacs and irssi aren't included in Solaris, and the Sun Freeware versions tend to be out of date. Blastwave usually pulls in too many depends. You can compile screen, irssi and emacs without any additional depends on SXCE 90 and you get to use SS12.
Here's how you compile them on SXCE 90 using Sun Studio 12.
- Install Sun Studio 12. If you have SXCE, just use the Developer Tools installer from the DVD.
- Export a PATH that includes Sun Studio (you can also just export CC):
PATH=/usr/bin:/usr/dt/bin:/usr/openwin/bin:/usr/ucb:/usr/sbin:/opt/SUNWspro/bin
export PATH - Download and untar the sources
- ./configure --prefix=/usr/local; gmake; su; gmake install
Look for the offending line:
# if defined(linux) || defined(__convex__) || (BSD >= 199103)
setenv(var, value, 1);
# else
setenv(var, value);
# endif /* linux || convex || BSD >= 199103 */
#endif /* USESETENV */
Better yet (pkgsrc):
- Index: misc.c
- --- misc.c.orig 2003-12-05 14:45:41 +0100
- +++ misc.c 2006-07-13 18:00:46 +0200
- @@ -613,7 +613,7 @@
- */
- # endif /* NEEDSETENV */
- #else /* USESETENV */
- -# if defined(linux) || defined(__convex__) || (BSD >= 199103)
- +# if defined(linux) || defined(__convex__) || (BSD >= 199103) || defined(__sun)
- setenv(var, value, 1);
- # else
- setenv(var, value);
Now screen will compile. You can also make packages.
Other software such as top, smartctl (smartmontools) and so on all compiles cleanly without the need for 3rd party depends.
Posted by cmihai at 10:12 PM 1 comments
Labels: Open Source, OpenSolaris, Solaris
Monday, June 09, 2008
GStreamer plugins to decode MP3 files in SXCE 90
Solaris Express no longer provides a GStreamer MP3 decoder plugin, so you'll need to install a 3rd party plugin (or the plugin from an older SXCE release).
Basically, when you plug in your iPod or run Rythmbox and add some mp3 song, you'll get something like:
"The GStreamer plugins to decode "MP3" files cannot be found.
You can download the MP3 decoder plugin for free from Fluendo (you still need to register and use the webshop interface to "buy" it for 0$).
http://www.fluendo.com/resources/fluendo_mp3.php
Select "Fluendo MP3 Decoder".
Read the documentation, and make sure the plugin is set to executable and all dependencies are resolved.
cthulhu% gst-inspect flump3dec
(gst-inspect:7948): GStreamer-WARNING **: Failed to load plugin '/export/home/cmihai/.gstreamer-0.10/plugins/libgstflump3dec.so': ld.so.1: gst-inspect-0.10: fatal: libgcc_s.so.1: open failed: No such file or directory
No such element or plugin 'flump3dec'
cthulhu% ldd ~/.gstreamer-0.10/plugins/libgstflump3dec.so
warning: ldd: /export/home/cmihai/.gstreamer-0.10/plugins/libgstflump3dec.so: is not executable
libgstreamer-0.10.so.0 => /usr/lib/libgstreamer-0.10.so.0
cthulhu% chmod +x ~/.gstreamer-0.10/plugins/libgstflump3dec.so
cthulhu% grep libgcc /var/sadm/install/contents
/usr/sfw/lib/amd64/libgcc_s.so=libgcc_s.so.1 s none SUNWgccruntime
cthulhu% export LD_LIBRARY_PATH=/usr/sfw/lib
cthulhu% gst-inspect flump3dec
Factory Details:
Long name: Fluendo MP3 Decoder (C build)
Class: Codec/Decoder/Audio
Description: Decodes MPEG-1 Layer 1, 2 and 3 streams to raw audio frames
Author(s): Fluendo Support
Rank: primary (256)
cthulhu% rhythmbox
Now you can play MP3 files in Rhythmbox, Totem, etc.
Posted by cmihai at 11:55 PM 5 comments
Labels: Media, Open Source, OpenSolaris
ZFS Root in Solaris Express Community Edition - SXCE 90
Solaris Express Community Edition now supports ZFS root. Pick Solaris Express Developer in the grub menu, exit the X gui installer (Ctrl - Alt - Backspace) and use the text mode installer (install-solaris from the console). Now select "ZFS root" :-).
You should now have a default ZFS rpool.
It also supports JumpStart:
http://opensolaris.org/os/community/zfs/boot/zfsbootFAQ/
Posted by cmihai at 10:19 AM 0 comments
Labels: Open Source, Solaris, Sun
Saturday, May 24, 2008
Disable OpenSolaris Network Auto-Magic (NWAM)
NWAM is now enabled by default, but it has some limitations (only one NIC is enabled, etc). Personally, I like to configure the network interfaces myself.
To disable Network Auto-Magic on SXCE (Solaris Express Community
Edition) or Indiana (OpenSolaris):
# svcadm disable svc:/network/physical:nwam
Posted by cmihai at 1:05 PM 0 comments
Labels: Open Source, Solaris, Sun, UNIX
Monday, May 19, 2008
Disk Cleanup Wizzard in Windows Server 2008
If you want to run the Disk Cleanup Wizzard (cleanmgr) on Windows 2008 Server you need to install the "Desktop Experience" Role and restart your computer.
So basically, start the Server Manager (CompMgmtLauncher.exe) - Features - Add Feature - Desktop Experience and restart your machine. IT doesn't mention this also adds the Cleanup Wizzard though, heh.
It's a bit counter-intuitive, but that's how it is. This also adds themes, Media Player, photo management and a few other useless things.
Posted by cmihai at 8:08 PM 0 comments
Labels: Microsoft
Thursday, May 15, 2008
Digg down, suggests you watch some p0rn while they restart the servers
Digg was down for a couple of minutes. Check the highlighted links :-). I'm wondering if that's a bug or a feature...
Doesn't look like anything was hacked though, google indexed it and all.
Either way, some of the links aren't exactly "Safe for Work" and it seems pretty irresponsible to put them on the front page like that, heh.
Posted by cmihai at 11:47 PM 0 comments
Custom df (diskfree) column output in Solaris using nawk
Let's say you want to combine some features of "df -h" with "df -n" to show filesystem type and some other custom modifications to the output. This is where awk/nakw/gawk/whatever come in handy:
% df -g | nawk '{if (NR % 5 == 1) printf "%-22s", $1 ; if (NR % 5 == 4) printf "%-10s", "fstype " $1 "\n"; if (NR % 5 == 2) printf "%-30s",$1/2/1024/1024 " GB"; if (NR % 5 == 2) printf "%-30s", $4/2/1024/1024 " GB free "}'
/ | 33.6627 GB | 18.4351 GB free | fstype ufs |
/devices | 0 GB | 0 GB free | fstype devfs |
/system/contract | 0 GB | 0 GB free | fstype ctfs |
/proc | 0 GB | 0 GB free | fstype proc |
/etc/mnttab | 0 GB | 0 GB free | fstype mntfs |
/etc/svc/volatile | 7.88214 GB | 7.8813 GB free | fstype tmpfs |
/system/object | 0 GB | 0 GB free | fstype objfs |
/lib/libc.so.1 | 33.6627 GB | 18.4351 GB free | fstype ufs |
/dev/fd | 0 GB | 0 GB free | fstype fd |
/tmp | 7.88142 GB | 7.8813 GB free | fstype tmpfs |
/var/run | 7.88134 GB | 7.8813 GB free | fstype tmpfs |
/export/home | 74.4858 GB | 1.87458 GB free | fstype ufs |
/storage | 108.639 GB | 66.9259 GB free | fstype nfs |
You can also add a comma (,) to the separators and output > csv (you can open the comma separated values table in Excel or OpenOffice or any other Spreadsheet application) :-).
Posted by cmihai at 9:06 PM 3 comments
Labels: Open Source, Scripting, Solaris, UNIX
OpenBSD Web Portal server (Drupal)
Final goal: Drupal Web portal with TinyMCE JavaScript editor, Unicode and Locales support running on OpenBSD 4.3.
a. You can install OpenBSD via cdrom (install43.iso or cd43.iso for netinstall) or netboot via TFTP / BOOTP / DHCPD. Read diskless(8) for details. On Windows, you can use TFTPD32 for DHCP/TFTP.
b. Partition the disk (read the FAQ on partitioning). Example partitioning scheme:
Partition | Mount location | Filesystem | Mount options | |
/dev/sd0a | / | ffs | rw,softdep | 1 1 |
/dev/sd0b | swap | swap | | |
/dev/sd0c | Whole disk | | | |
/dev/sd0d | /tmp | ffs | rw,softdep,nodev,nosuid | 1 2 |
/dev/sd0e | /var | ffs | rw,softdep,nodev,nosuid | 1 2 |
/dev/sd0f | /usr | ffs | rw,softdep,nodev | 1 2 |
/dev/sd0g | /home | ffs | rw,softdep,nodev,nosuid | 1 2 |
c. Disable non-critical services (like ident, time, daytime, etc.) from /etc/inetd.conf. Just comment out the lines you don’t want with a #.
d. Make sure you enable Soft Updates (softdep) mounts – they increase the Filesystem performance tenfold when it comes to writing a lot of small files. This is done by adding “softdep” to mount options in /etc/fstab.
e. Add a regular user account. You can use the useradd(8) script. Make sure you add the user to the wheel group to allow su – root.
f. For added security configure „sudo” by running visudo(8). You can permit all users in the wheel group to sudo root: %wheel ALL=(ALL) NOPASSWD: SETENV: ALL
i. It’s usually best to disable root logins and use “sudo” for root access (sudo –i or su – if you need a root sheel). Edit /etc/ssh/sshd_config. You can also change the default ssh port from 22 to some random port to mitigate against brute force attacks. Keeps them from filling out your logs with junk. Consider using ssh keys also.
ii. Port 6969
iii. PermitRootLogin no
iv. Restart the OpenSSH daemon: „pkill –HUP sshd”
g. Configure your user profile to use a ftp mirror. Add the following to your ~/.profile: (or whatever shell you’re using, eg: .bashrc, .zshrc): PKG_PATH=ftp://ftp.su.se/pub/OpenBSD/4.3/packages/i386/; export PKG_PATH
h. Restart the system (to mount softdep, etc.).
i. Install some “critical” packages:
i. pkg_add -vi mc zsh screen elinks zip unzip bzip2
j. Install ports
i. cd /usr
sudo ftp ftp://ftp.su.se/pub/OpenBSD/4.3/ports.tar.gz
sudo tar zxf ports.tar.gz
k. Unpack the OpenBSD source code (src and kernel – sys) – these are required for patching OpenBSD:
i. cd /usr/src
sudo ftp ftp://ftp.su.se/pub/OpenBSD/4.3/src.tar.gz
sudo ftp ftp://ftp.su.se/pub/OpenBSD/4.3/sys.tar.gz
sudo tar zxvf src.tar.gz
sudo tar zxvf sys.tar.gz
l. Apply OpenBSD security patches. You download patches from http://www.openbsd.org/errata43.html and you apply them using the instructions in the patch headers:
i. ftp ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3.tar.gz
You can put 001_openssh.patch, 002_openssh2.patch and the following patches in /usr/src and apply them. Read the header for the patches for instructions.
% head -11 001_openssh.patch
Apply by doing:
cd /usr/src
patch -p0 < install ="="> lib
===> ssh
install -c -s -o root -g bin -m 555 ssh /usr/bin/ssh
install -c -o root -g bin -m 444 ssh.cat1 /usr/share/man/cat1/ssh.0
install -c -o root -g bin -m 444 ssh_config.cat5 /usr/share/man/cat5/ssh_config.0
/usr/share/man/cat1/slogin.0 -> /usr/share/man/cat1/ssh.0
/usr/bin/slogin -> /usr/bin/ssh
===> sshd
install -c -s -o root -g bin -m 555 sshd /usr/sbin/sshd
install -c -o root -g bin -m 444 sshd.cat8 /usr/share/man/cat8/sshd.0
install -c -o root -g bin -m 444 sshd_config.cat5 /usr/share/man/cat5/sshd_config.0
===> ssh-add
install -c -s -o root -g bin -m 555 ssh-add /usr/bin/ssh-add
install -c -o root -g bin -m 444 ssh-add.cat1 /usr/share/man/cat1/ssh-add.0
===> ssh-keygen
install -c -s -o root -g bin -m 555 ssh-keygen /usr/bin/ssh-keygen
install -c -o root -g bin -m 444 ssh-keygen.cat1 /usr/share/man/cat1/ssh-keygen.0
===> ssh-agent
install -c -s -o root -g _sshagnt -m 2555 ssh-agent /usr/bin/ssh-agent
install -c -o root -g bin -m 444 ssh-agent.cat1 /usr/share/man/cat1/ssh-agent.0
===> scp
install -c -s -o root -g bin -m 555 scp /usr/bin/scp
install -c -o root -g bin -m 444 scp.cat1 /usr/share/man/cat1/scp.0
===> sftp-server
install -c -s -o root -g bin -m 555 sftp-server /usr/libexec/sftp-server
install -c -o root -g bin -m 444 sftp-server.cat8 /usr/share/man/cat8/sftp-server.0
===> ssh-keysign
install -c -s -o root -g bin -m 4555 ssh-keysign /usr/libexec/ssh-keysign
install -c -o root -g bin -m 444 ssh-keysign.cat8 /usr/share/man/cat8/ssh-keysign.0
===> ssh-keyscan
install -c -s -o root -g bin -m 555 ssh-keyscan /usr/bin/ssh-keyscan
install -c -o root -g bin -m 444 ssh-keyscan.cat1 /usr/share/man/cat1/ssh-keyscan.0
===> sftp
install -c -s -o root -g bin -m 555 sftp /usr/bin/sftp
install -c -o root -g bin -m 444 sftp.cat1 /usr/share/man/cat1/sftp.0
===> scard
install -c -m 444 -o root -g bin Ssh.bin /usr/libdata/ssh
- 2. Restart the system to apply patches (or just the affected services by using pkill –HUP for example if you didn’t patch the kernel).
a. % cd / && sudo ftp ftp://ftp.su.se/pub/OpenBSD/4.3/i386/xbase43.tgz
% sudo tar xzvphf xbase43.tgz
a. % sudo pkg_add -vi php5-core php5-mysql php5-curl php5-mbstring php5-gd
Ambiguous: choose package for php5-gd
0:
1: php5-gd-5.2.5
2: php5-gd-5.2.5-no_x11
Your choice: 1
parsing php5-gd-5.2.5
b. Activate PHP modules by creating the various symbolic links:
i. % sudo ln -s /var/www/conf/modules.sample/php5.conf /var/www/conf/modules
ii. % sudo ln -fs /var/www/conf/php5.sample/curl.ini /var/www/conf/php5/curl.ini
iii. % sudo ln -fs /var/www/conf/php5.sample/gd.ini /var/www/conf/php5/gd.ini
iv. % sudo ln -fs /var/www/conf/php5.sample/mbstring.ini /var/www/conf/php5/mbstring.ini
v. % sudo ln -fs /var/www/conf/php5.sample/mysql.ini /var/www/conf/php5/mysql.ini
5. Install, configure and secure the MySQL database:a. % sudo pkg_add -vi mysql-server
b. Installing the default database
i. % sudo /usr/local/bin/mysql_install_db
c. Starting the MySQL service:
i. % sudo /usr/local/bin/mysqld_safe&
[1] 32390
% Starting mysqld daemon with databases from /var/mysql
d. Secure the installation (delete anonymous users, the test database and set a root password). PS: don’t use # in your password, there’s a bug in the script. Set that manually if you want.
i. % sudo /usr/local/bin/mysql_secure_installation
e. Tune some sysctl parameters for MySQL:
i. Edit /etc/sysctl.conf:
kern.shminfo.shmall=32768
kern.maxfiles=8192
ii. Apply the changes
% sudo sysctl kern.shminfo.shmall=32768
kern.shminfo.shmall: 8192 -> 32768
% sudo sysctl kern.maxfiles=8192
kern.maxfiles: 3580 -> 8192
iii. Add a mysql login in /etc/login.conf:
mysql:\
:openfiles-cur=1536:\
:openfiles-max=3096:\
:tc=daemon:
iv. % sudo cap_mkdb /etc/login.conf
6. Configure SSL (Secure Sockets Layer) for Apache mod_ssl (https). Generate a self signed certificate (or sign one) by reading ssl(8).a. % sudo openssl genrsa -out /etc/ssl/private/server.key 1024
% sudo openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr
% sudo openssl x509 -req -days 365 -in /etc/ssl/private/server.csr -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt
b. Test SSL support (lynx is ssl enabled):
% sudo apachectl startssl
% lynx https://localhost
a. Edit the Apache configuration file and setup PHP and server details /var/www/conf/httpd.conf
AddType application/x-httpd-php .php
ServerAdmin cmihai@website
DirectoryIndex index.html index.php
ServerName hostname(fqdn)
b. Configure PHP:
i. Edit the PHP config /var/www/conf/php.ini
upload_max_filesize = 12M
c. Test PHP:
ed /var/www/htdocs/index.php
a
Test PHP:
.
w
q
% lynx http://localhost/index.php
d. Configure Sendmail for supporting the Apache chroot[1]
% sudo pkg_add -vi mini_sendmail-chroot
parsing mini_sendmail-chroot-1.3.6p0
mini_sendmail-chroot-1.3.6p0: complete
% sudo mkdir -p /var/www/usr/sbin/
% sudo ln /var/www/bin/mini_sendmail /var/www/usr/sbin/sendmail
% sudo cp /bin/sh /var/www/bin
a. % sudo ed /etc/rc.conf
httpd_flags="-DSSL"
b. % sudo ed /etc/rc.local
if [ -x /usr/local/bin/mysqld_safe ] ; then
su -c mysql root -c '/usr/local/bin/mysqld_safe >/dev/null 2>&1 &'
echo -n ' mysql'
fi
# Crearea unui link pentru socketul MySQL in chrootul Apache
mkdir -p /var/www/var/run/mysql
sleep 5
ln -f /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock
c. Reboot to test changes.
9. Crate a database for Drupal and a user. Grand permissions:a. % sudo mysql -u root -p
CREATE USER drupal IDENTIFIED BY 'password';
CREATE DATABASE drupal CHARACTER SET utf8;
GRANT ALL PRIVILEGES ON drupal.* to USER drupal@localhost IDENTIFIED BY 'password';
a. % sudo pkg_add -vi drupal5-tinymce drupal5-link-to-content drupal5-imce drupal5-image drupal5-backup-migrate drupal5-autolocale drupal5-token drupal5-securelogin ImageMagick
11.Optionally configure .httauth for security:a. % cd /var/www
% sudo htpasswd -c htpasswd username
Add .htaccess to /var/www/htdocs
AuthName "Nu este permis accesul"
AuthType Basic
AuthUserFile ../htpasswd
require valid-user
b. Add “Add AllowOverride All” în /var/www/conf/httpd.conf.
c. Restart Apache (apachectl stop && apachectl startssl).
You can now configure Drupal and the various modules. Be sure to setup a backup schedule. You can use the Drupal database backup and restore module.
You can also install Apache mod_security for additional security:
% sudo pkg_add -vi modsecurity-apache
% sudo /usr/local/sbin/mod_security-enable
% sudo apachectl stop && sudo apachectl startssl
Make sure you read /usr/local/share/doc/mod_security/modsecurity-manual.pdf
You should also keep an eye on your webserver. For monitoring, I recommend top(1), vmstat, (8), sysctl hw, pftop and mytop.
% sudo pkg_add -vi mytop pftop
% sudo /usr/local/sbin/pftop
To use mytop you'll need a ~/.mytop file (and set proper permissions on it). You can add something like:
prompt=1
pass=
user=drupal
db=drupal
delay=5
port=3306
socket=
batchmode=0
header=1
color=1
idle=1
% mytop
MyTOP in Action
You'll also want to setup Packet Filter. Read the PF User's Guide, pf.conf(5) and the example rulesets in /usr/share/pf/examples. Enable pf in /etc/rc.conf (pf=YES).
[1] Read chroot(2) ssl(8) afterboot(8), etc.
Posted by cmihai at 5:15 PM 3 comments
Labels: BSD, Databases, Networking, Open Source, Security, UNIX