Here is startup script for oracle 9i release 2 on centos 4.4
1. Save this script on /etc/init.d/oracle
#!/bin/sh
# 15 September 2008
# Created by Johannes Sitorus
# description: Oracle auto start-stop script.
ORA_HOME=/data/oracle/9.2.0
ORA_OWNER=oracle
if [ ! -f $ORA_HOME/bin/dbstart ]
then
echo "Oracle startup: cannot start"
exit
fi
case "$1" in
'start')
# Start the Oracle databases:
# The following command assumes that the oracle login
# will not prompt the user for any values
su - $ORA_OWNER -c "$ORA_HOME/bin/lsnrctl start"
su - $ORA_OWNER -c $ORA_HOME/bin/dbstart
;;
'stop')
# Stop the Oracle databases:
# The following command assumes that the oracle login
# will not prompt the user for any values
su - $ORA_OWNER -c $ORA_HOME/bin/dbshut
su - $ORA_OWNER -c "$ORA_HOME/bin/lsnrctl stop"
;;
*)
echo $"Usage: $0 {start|stop}"
exit 1
esac
2. chkconfig --level 35 oracle on
P.S Replace the variable as needed
Wednesday, September 17, 2008
Tuesday, August 12, 2008
Apache security
Maybe we need to build up a super secure web server. It's can be done through many steps. There's so many article on Internet, how to secure your web server. One of the step is using modsecurity.
1. Make sure you have
2. Install the latest version of libxml2, if it isn't already installed on the server
3. Stop Apache httpd
4. Unpack modsecurity package if you are using tar.gz or you can install using rpm package (http://www.modsecurity.org/download/)
5. Edit httpd.conf and add these lines
1. Make sure you have
mod_unique_id installed2. Install the latest version of libxml2, if it isn't already installed on the server
3. Stop Apache httpd
4. Unpack modsecurity package if you are using tar.gz or you can install using rpm package (http://www.modsecurity.org/download/)
5. Edit httpd.conf and add these lines
LoadFile /usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
6. Configure ModSecurity
7. Start Apache httpd
Reff: http://www.modsecurity.org/
7. Start Apache httpd
Reff: http://www.modsecurity.org/
Thursday, June 12, 2008
iptables Packet Route
This picture will show how packet processed on firewall
Source :
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
Source :
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables
Thursday, May 22, 2008
[OOT] Speedy
Quiet amaze with speedy, this afternoon my speedy connection was down. Then I log in to router console, disconnect my speedy and then reconnect.
My office using speedy (Office package 384 Kbps). I was shocked seeing download rate on web interface, it show 1029 Kbps. And then I tested the connection through www.speedtest.net and I was amaze to see this ;)
My office using speedy (Office package 384 Kbps). I was shocked seeing download rate on web interface, it show 1029 Kbps. And then I tested the connection through www.speedtest.net and I was amaze to see this ;)
Friday, May 16, 2008
Recompile Kernel on CentOS 4.6
1. Download the latest kernel source from kernel.org
2. Copy kernel source to /usr/src/kernel/ and unpack it
[root@appdev kernels]tar jxvf linux-2.6.25.3.tar.bz2
3. Copy config files from original kernel
[root@appdev kernels]# cd linux-2.6.25.3
[root@appdev linux-2.6.25.3]# cp /boot/config-2.6.9-67.0.15.ELsmp .config
[root@appdev linux-2.6.25.3]# make menuconfig
and then exit
4. Rebuild RPM package
[root@appdev linux-2.6.25.3]# make rpm
5. You will find src rpm and rpm package on /usr/src/redhat/RPMS and /usr/src/redhat/ SRPMS
6. Install the new rpm package
[root@appdev]#rpm -ivh --nodeps /usr/src/redhat/RPMS/i386/kernel-2.6.25.3-1.i386.rpm
7. Make init files
[root@appdev]#mkinitrd /boot/initrd-kernel-2.6.25.3.img 2.6.25.3
8. Edit boot loader and add the new kernel
[root@appdev]#vi /boot/grub/grub.conf
9. Reboot the system
[root@appdev]#shutdown now -r
This article taken from
http://www.howtoforge.com/kernel_compilation_centos
2. Copy kernel source to /usr/src/kernel/ and unpack it
[root@appdev kernels]tar jxvf linux-2.6.25.3.tar.bz2
3. Copy config files from original kernel
[root@appdev kernels]# cd linux-2.6.25.3
[root@appdev linux-2.6.25.3]# cp /boot/config-2.6.9-67.0.15.ELsmp .config
[root@appdev linux-2.6.25.3]# make menuconfig
and then exit
4. Rebuild RPM package
[root@appdev linux-2.6.25.3]# make rpm
5. You will find src rpm and rpm package on /usr/src/redhat/RPMS and /usr/src/redhat/ SRPMS
6. Install the new rpm package
[root@appdev]#rpm -ivh --nodeps /usr/src/redhat/RPMS/i386/kernel-2.6.25.3-1.i386.rpm
7. Make init files
[root@appdev]#mkinitrd /boot/initrd-kernel-2.6.25.3.img 2.6.25.3
8. Edit boot loader and add the new kernel
[root@appdev]#vi /boot/grub/grub.conf
9. Reboot the system
[root@appdev]#shutdown now -r
This article taken from
http://www.howtoforge.com/kernel_compilation_centos
Wednesday, May 7, 2008
Masquerade on sendmail and SMTP Route
add this line to /etc/mail/sendmail.mc for masquerading
# vi /etc/mail/sendmail.mc
MASQUERADE_AS(gudangsms.com)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
MASQUERADE_DOMAIN(gudangsms.com)dnl
add this line to /etc/mail/sendmail.mc for SMTP Routedefine(`SMART_HOST',`smtp.gudangsms.com')
compile configuration files# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
restart sendmail # /etc/init.d/sendmail restart
Tuesday, May 6, 2008
Recreate TEMP tablespace
1. Create another temp tablespace
2. Move default temporary tablespace on every user
3. Drop default tablespace
4. Create default temp tablespace
5. Re-move again default temp tablespace
SQL> CREATE TEMPORARY TABLESPACE temp2
2 TEMPFILE '/u02/oradata/TESTDB/temp2_01.dbf' SIZE 5M REUSE
3 AUTOEXTEND ON NEXT 1M MAXSIZE unlimited
4 EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
2. Move default temporary tablespace on every user
SQL> ALTER DATABASE DEFAULT TEMPORARY TABLESPACE temp2;
3. Drop default tablespace
SQL> DROP TABLESPACE temp INCLUDING CONTENTS AND DATAFILES;
4. Create default temp tablespace
SQL> CREATE TEMPORARY TABLESPACE temp
2 TEMPFILE '/u02/oradata/TESTDB/temp01.dbf' SIZE 500M REUSE
3 AUTOEXTEND ON NEXT 100M MAXSIZE unlimited
4 EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
5. Re-move again default temp tablespace
SQL> ALTER DATABASE DEFAULT TEMPORARY TABLESPACE temp;
6. Drop second temp tablespace
SQL> DROP TABLESPACE temp2 INCLUDING CONTENTS AND DATAFILES;
Monday, April 28, 2008
Installing perl modules using CPAN on Linux
Go to terminal console as root
#perl -MCPAN -e 'shell'
cpan> install Net::DNS
That's all ;)
Wednesday, April 2, 2008
Make Self signed certificate
We can make self signed certificate for development or UAT env:
1. Create server key
umask 77
/usr/bin/openssl genrsa -des3 1024 > server.key
This will ask you passphrase, and this passphrase will be asked each time apache restarted. If you dont want this passphrase being asked, use this command instead.
umask 77
/usr/bin/openssl genrsa 1024 > server.key
2. Create server certificate
/usr/bin/openssl req -new -key server.key -x509 -days 365 -out server.crt
You will be askes some question
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:ID
State or Province Name (full name) [Berkshire]:DKI Jakarta
Locality Name (eg, city) [Newbury]:Jakarta
Organization Name (eg, company) [My Company Ltd]:PT GudangSMS
Organizational Unit Name (eg, section) []:Operation
Common Name (eg, your name or your server's hostname) []:secure.gudangsms.com
Email Address []:admin@gudangsms.com
1. Create server key
umask 77
/usr/bin/openssl genrsa -des3 1024 > server.key
This will ask you passphrase, and this passphrase will be asked each time apache restarted. If you dont want this passphrase being asked, use this command instead.
umask 77
/usr/bin/openssl genrsa 1024 > server.key
2. Create server certificate
/usr/bin/openssl req -new -key server.key -x509 -days 365 -out server.crt
You will be askes some question
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:ID
State or Province Name (full name) [Berkshire]:DKI Jakarta
Locality Name (eg, city) [Newbury]:Jakarta
Organization Name (eg, company) [My Company Ltd]:PT GudangSMS
Organizational Unit Name (eg, section) []:Operation
Common Name (eg, your name or your server's hostname) []:secure.gudangsms.com
Email Address []:admin@gudangsms.com
Monday, March 31, 2008
Showing Spam and Virus graph with qmailmrtg
Maybe some of you already use qmailmrtg to view your mail server statistics, such as spam, virus, queue, etc. But there must be some problem with displaying spam and virus graph.
This is happens because qmailmrtg7 only support multilog log files. To accomodate it, we need to change our spamd and clamav behaviour.
For spamd:
1. Add spamd directory
mkdir -p /var/qmail/supervise/spamd/log
2. Create spamd run files
cd /var/qmail/supervise/spamd
vi run
3. Add the following lines
#!/bin/sh
LANG=en_US; export LANG
exec 2>&1
exec spamd -x -u spamd -H /home/spamd -s /dev/stderr
4. Create log run files and folder
cd /var/qmail/supervise/spamd/log
mkdir -p /var/log/qmail/spamd
vi run
5. Add the following lines
#!/bin/sh
exec multilog t n20 s1048576 /var/log/qmail/spamd
6. Change the file permission
chmod 755 /var/qmail/supervise/spamd/run
chmod 755 /var/qmail/supervise/spamd/log/run
7. Stop spamd and create sym link to /service
/etc/init.d/spamassassin stop
chkconfig --level 3 spamassassin off
ln -s /var/qmail/supervise/spamd/ /service
By adding that line will automatically start spamd service
For Clamav:
Reference: http://tldp.org/HOWTO/text/Qmail-ClamAV-HOWTO
This is happens because qmailmrtg7 only support multilog log files. To accomodate it, we need to change our spamd and clamav behaviour.
For spamd:
1. Add spamd directory
mkdir -p /var/qmail/supervise/spamd/log
2. Create spamd run files
cd /var/qmail/supervise/spamd
vi run
3. Add the following lines
#!/bin/sh
LANG=en_US; export LANG
exec 2>&1
exec spamd -x -u spamd -H /home/spamd -s /dev/stderr
4. Create log run files and folder
cd /var/qmail/supervise/spamd/log
mkdir -p /var/log/qmail/spamd
vi run
5. Add the following lines
#!/bin/sh
exec multilog t n20 s1048576 /var/log/qmail/spamd
6. Change the file permission
chmod 755 /var/qmail/supervise/spamd/run
chmod 755 /var/qmail/supervise/spamd/log/run
7. Stop spamd and create sym link to /service
/etc/init.d/spamassassin stop
chkconfig --level 3 spamassassin off
ln -s /var/qmail/supervise/spamd/ /service
By adding that line will automatically start spamd service
For Clamav:
Create the clamav directory.
#mkdir -p /usr/local/clamav/bin
Now create a startup/shutdown script for clamd. Copy and paste the script
shown below. This script was written by Jesse D. Guardiani.
#vi /usr/local/clamav/bin/clamdctl
#!/bin/sh
# For Red Hat chkconfig
# chkconfig: - 80 30
# description: the ClamAV clamd daemon
PATH=/usr/local/clamav/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
case "$1" in
start)
echo "Starting clamd"
if svok /service/clamd ; then
svc -u /service/clamd
else
echo clamd supervise not running
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/clamd
fi
;;
stop)
echo "Stopping clamd..."
echo " clamd"
svc -d /service/clamd
if [ -f /var/lock/subsys/clamd ]; then
rm /var/lock/subsys/clamd
fi
;;
stat)
svstat /service/clamd
svstat /service/clamd/log
;;
restart)
echo "Restarting clamd:"
echo "* Stopping clamd."
svc -d /service/clamd
echo "* Sending clamd SIGTERM and restarting."
svc -t /service/clamd
echo "* Restarting clamd."
svc -u /service/clamd
;;
hup)
echo "Sending HUP signal to clamd."
svc -h /service/clamd
;;
help)
cat <
stop -- stops clamd service (smtp connections refused, nothing goes out)
start -- starts clamd service (smtp connection accepted, mail can go out)
stat -- displays status of clamd service
restart -- stops and restarts the clamd service
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|stat|restart|hup|help}"
exit 1
;;
esac
exit 0
Make clamdctl an executable and link to path:
#chmod 755 /usr/local/clamav/bin/clamdctl
#chown clamav /usr/local/clamav/bin/clamdctl
#ln -s /usr/local/clamav/bin/clamdctl /usr/local/bin
Create the supervise directories for the clamd service:
#mkdir -p /usr/local/clamav/supervise/clamd/log
Now you must create the /usr/local/clamav/supervise/clamd/run file, or just
copy and paste the script shown below. This script was also created by Jesse
D. Guardiani:
vi /usr/local/clamav/supervise/clamd/run
#!/bin/sh
#
# --------------------------------------------------
# run
#
# Purpose - Start the clamd daemon/service.
#
# Author - Jesse D. Guardiani
# Created - 09/10/03
# Modified - 09/25/03
# --------------------------------------------------
# This script is designed to be run under DJB's
# daemontools package.
#
# ChangeLog
# ---------
#
# 09/25/03 - JDG
# --------------
# - Changed clamd user to qscand in compliance with
# the change to qmail-scanner-1.20rc3
#
# 09/10/03 - JDG
# --------------
# - Created
# --------------------------------------------------
# Copyright (C) 2003 WingNET Internet Services
# Contact: Jesse D. Guardiani (jesse at wingnet dot net)
# --------------------------------------------------
lockfile="/tmp/clamd" # Location of clamd lock file
path_to_clamd="/usr/local/sbin/clamd"
# Location of the clamd binary
BAD_EXIT_CODE=1 # The exit code we use to announce that something bad has happened
# The following pipeline is designed to return the pid of each
# clamd process currently running.
get_clam_pids_pipeline=`ps -ax | grep -E "${path_to_clamd}\$" | grep -v grep | awk '{print $1}'`
# --------------------------------------------------
# Generic helper functions
# --------------------------------------------------
# Basic return code error message function
die_rcode() {
EXIT_CODE=$1
ERROR_MSG=$2
if [ $EXIT_CODE -ne '0' ]; then
echo "$ERROR_MSG" 1>&2
echo "Exiting!" 1>&2
exit "$BAD_EXIT_CODE"
fi
}
# --------------------------------------------------
# Main
# --------------------------------------------------
ps_clamd=""
ps_clamd="$get_clam_pids_pipeline"
if [ -n "$ps_clamd" ]; then
pid_count="0"
for pid in $ps_clamd
do
pid_count=`expr $pid_count + 1`
done
die_rcode $BAD_EXIT_CODE "Error: $pid_count clamd process(es) already running!"
fi
if [ -e "$lockfile" ]; then
rm "$lockfile"
exit_code="$?"
die_rcode $exit_code "Error: 'rm $lockfile' call failed."
fi
exec /usr/local/bin/setuidgid qscand $path_to_clamd
# --
# END /usr/local/clamav/supervise/clamd/run file.
# --
Create the /usr/local/clamav/supervise/clamd/log/run file:
#vi /usr/local/clamav/supervise/clamd/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qscand /usr/local/bin/multilog t /var/log/clamd
Make the run files executable:
#chmod 755 /usr/local/clamav/supervise/clamd/run
#chmod 755 /usr/local/clamav/supervise/clamd/log/run
Now set up the log directories:
#mkdir -p /var/log/clamd
chown qscand /var/log/clamd
Finally, link the supervise directory into /service:
#ln -s /usr/local/clamav/supervise/clamd /service
* Note: The clamd script will start automatically shortly after these links
are created. If you don't want it running, do the following:
#clamdctl stop
To start clamd backup, do the following
#clamdctl start#mkdir -p /usr/local/clamav/bin
Now create a startup/shutdown script for clamd. Copy and paste the script
shown below. This script was written by Jesse D. Guardiani.
#vi /usr/local/clamav/bin/clamdctl
#!/bin/sh
# For Red Hat chkconfig
# chkconfig: - 80 30
# description: the ClamAV clamd daemon
PATH=/usr/local/clamav/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
case "$1" in
start)
echo "Starting clamd"
if svok /service/clamd ; then
svc -u /service/clamd
else
echo clamd supervise not running
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/clamd
fi
;;
stop)
echo "Stopping clamd..."
echo " clamd"
svc -d /service/clamd
if [ -f /var/lock/subsys/clamd ]; then
rm /var/lock/subsys/clamd
fi
;;
stat)
svstat /service/clamd
svstat /service/clamd/log
;;
restart)
echo "Restarting clamd:"
echo "* Stopping clamd."
svc -d /service/clamd
echo "* Sending clamd SIGTERM and restarting."
svc -t /service/clamd
echo "* Restarting clamd."
svc -u /service/clamd
;;
hup)
echo "Sending HUP signal to clamd."
svc -h /service/clamd
;;
help)
cat <
stop -- stops clamd service (smtp connections refused, nothing goes out)
start -- starts clamd service (smtp connection accepted, mail can go out)
stat -- displays status of clamd service
restart -- stops and restarts the clamd service
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|stat|restart|hup|help}"
exit 1
;;
esac
exit 0
Make clamdctl an executable and link to path:
#chmod 755 /usr/local/clamav/bin/clamdctl
#chown clamav /usr/local/clamav/bin/clamdctl
#ln -s /usr/local/clamav/bin/clamdctl /usr/local/bin
Create the supervise directories for the clamd service:
#mkdir -p /usr/local/clamav/supervise/clamd/log
Now you must create the /usr/local/clamav/supervise/clamd/run file, or just
copy and paste the script shown below. This script was also created by Jesse
D. Guardiani:
vi /usr/local/clamav/supervise/clamd/run
#!/bin/sh
#
# --------------------------------------------------
# run
#
# Purpose - Start the clamd daemon/service.
#
# Author - Jesse D. Guardiani
# Created - 09/10/03
# Modified - 09/25/03
# --------------------------------------------------
# This script is designed to be run under DJB's
# daemontools package.
#
# ChangeLog
# ---------
#
# 09/25/03 - JDG
# --------------
# - Changed clamd user to qscand in compliance with
# the change to qmail-scanner-1.20rc3
#
# 09/10/03 - JDG
# --------------
# - Created
# --------------------------------------------------
# Copyright (C) 2003 WingNET Internet Services
# Contact: Jesse D. Guardiani (jesse at wingnet dot net)
# --------------------------------------------------
lockfile="/tmp/clamd" # Location of clamd lock file
path_to_clamd="/usr/local/sbin/clamd"
# Location of the clamd binary
BAD_EXIT_CODE=1 # The exit code we use to announce that something bad has happened
# The following pipeline is designed to return the pid of each
# clamd process currently running.
get_clam_pids_pipeline=`ps -ax | grep -E "${path_to_clamd}\$" | grep -v grep | awk '{print $1}'`
# --------------------------------------------------
# Generic helper functions
# --------------------------------------------------
# Basic return code error message function
die_rcode() {
EXIT_CODE=$1
ERROR_MSG=$2
if [ $EXIT_CODE -ne '0' ]; then
echo "$ERROR_MSG" 1>&2
echo "Exiting!" 1>&2
exit "$BAD_EXIT_CODE"
fi
}
# --------------------------------------------------
# Main
# --------------------------------------------------
ps_clamd=""
ps_clamd="$get_clam_pids_pipeline"
if [ -n "$ps_clamd" ]; then
pid_count="0"
for pid in $ps_clamd
do
pid_count=`expr $pid_count + 1`
done
die_rcode $BAD_EXIT_CODE "Error: $pid_count clamd process(es) already running!"
fi
if [ -e "$lockfile" ]; then
rm "$lockfile"
exit_code="$?"
die_rcode $exit_code "Error: 'rm $lockfile' call failed."
fi
exec /usr/local/bin/setuidgid qscand $path_to_clamd
# --
# END /usr/local/clamav/supervise/clamd/run file.
# --
Create the /usr/local/clamav/supervise/clamd/log/run file:
#vi /usr/local/clamav/supervise/clamd/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qscand /usr/local/bin/multilog t /var/log/clamd
Make the run files executable:
#chmod 755 /usr/local/clamav/supervise/clamd/run
#chmod 755 /usr/local/clamav/supervise/clamd/log/run
Now set up the log directories:
#mkdir -p /var/log/clamd
chown qscand /var/log/clamd
Finally, link the supervise directory into /service:
#ln -s /usr/local/clamav/supervise/clamd /service
* Note: The clamd script will start automatically shortly after these links
are created. If you don't want it running, do the following:
#clamdctl stop
To start clamd backup, do the following
Reference: http://tldp.org/HOWTO/text/Qmail-ClamAV-HOWTO
Wednesday, March 19, 2008
Killing Oracle Session
We can kill user session using 3
1. The SQL Plus approach
1. The SQL Plus approach
SELECT s.sid,
s.serial#,
s.osuser,
s.program
FROM v$session s;
SID SERIAL# OSUSER PROGRAM
---------- ---------- ------------------------------ ---------------
1 1 SYSTEM ORACLE.EXE
2 1 SYSTEM ORACLE.EXE
3 1 SYSTEM ORACLE.EXE
4 1 SYSTEM ORACLE.EXE
5 1 SYSTEM ORACLE.EXE
6 1 SYSTEM ORACLE.EXE
20 60 SYSTEM DBSNMP.EXE
43 11215 USER1 SQLPLUSW.EXE
33 5337 USER2 SQLPLUSW.EXE
SQL> ALTER SYSTEM KILL SESSION 'sid,serial#';
or
SQL> ALTER SYSTEM KILL SESSION 'sid,serial#' IMMEDIATE;
2. Using Windows NT Approach
SELECT s.sid,
p.spid,
s.osuser,
s.program
FROM v$process p,
v$session s
WHERE p.addr = s.paddr;
SID SPID OSUSER PROGRAM
---------- --------- ------------------------------ ---------------
1 310 SYSTEM ORACLE.EXE
2 300 SYSTEM ORACLE.EXE
3 309 SYSTEM ORACLE.EXE
4 299 SYSTEM ORACLE.EXE
5 302 SYSTEM ORACLE.EXE
6 350 SYSTEM ORACLE.EXE
20 412 SYSTEM DBSNMP.EXE
43 410 USER1 SQLPLUSW.EXE
C:> orakill ORACLE_SID spid
3. Using Linux/Unix Approach
That's all needed steps
SELECT s.sid,
p.spid,
s.osuser,
s.program
FROM v$process p,
v$session s
WHERE p.addr = s.paddr;
SID SPID OSUSER PROGRAM
---------- --------- ------------------------------ ---------------
1 310 SYSTEM ORACLE.EXE
2 300 SYSTEM ORACLE.EXE
3 309 SYSTEM ORACLE.EXE
4 299 SYSTEM ORACLE.EXE
5 302 SYSTEM ORACLE.EXE
6 350 SYSTEM ORACLE.EXE
20 412 SYSTEM DBSNMP.EXE
43 410 USER1 SQLPLUSW.EXE
# kill -9 spid
make sure it's worked out with this command
ps -ef | grep ora
33 364 USER2 SQLPLUSW.EXE
33 364 USER2 SQLPLUSW.EXE
Tuesday, March 11, 2008
Default Homepage Settings on Internet Explorer
You can set a registry entry to lock your IE homepage.
1. Go to:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
2. Create an DWORD entry of Homepage with a value of 1
That should lock it up for you (depending on your OS - though it works for Win2K)
You can also create a new Key under
1. HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restriction
2. Then under HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Restrictions, create a DWORD value called "NoBrowserOptions" with a value of 1.
That will disallow opening IE options from within IE. (You'll have to go to the Control Panel to set IE options after that.)
1. Go to:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
2. Create an DWORD entry of Homepage with a value of 1
That should lock it up for you (depending on your OS - though it works for Win2K)
You can also create a new Key under
1. HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restriction
2. Then under HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Restrictions, create a DWORD value called "NoBrowserOptions" with a value of 1.
That will disallow opening IE options from within IE. (You'll have to go to the Control Panel to set IE options after that.)
Thursday, March 6, 2008
Iptables as Linux main Firewall
Some of us maybe already familiar with this tools (iptables) as a firewall machine. Here is post iptables script that I always used on my server.
I always set the default policy to Drop any packet, and then allow any port that i'm using.
Here is the example of iptables script on my oracle database (using port 8550)
#/bin/bash
iptables -Z
iptables -F -t filter
iptables -F -t nat
iptables -F -t mangle
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#Allowing ICMP (ping) for testing reason
iptables -A INPUT -s 0/0 -d 0/0 -p icmp -j ACCEPT
#For Localhost
iptables -A INPUT -s 127.0.0.1 -d 0/0 -j ACCEPT
#For Oracle DB
iptables -A INPUT -s 2.2.2.1 -d 2.2.2.2 -p tcp --dport 8550 -j ACCEPT
#For any established or related (fto) connection
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
You can change those script as you needed.
I always set the default policy to Drop any packet, and then allow any port that i'm using.
Here is the example of iptables script on my oracle database (using port 8550)
#/bin/bash
iptables -Z
iptables -F -t filter
iptables -F -t nat
iptables -F -t mangle
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#Allowing ICMP (ping) for testing reason
iptables -A INPUT -s 0/0 -d 0/0 -p icmp -j ACCEPT
#For Localhost
iptables -A INPUT -s 127.0.0.1 -d 0/0 -j ACCEPT
#For Oracle DB
iptables -A INPUT -s 2.2.2.1 -d 2.2.2.2 -p tcp --dport 8550 -j ACCEPT
#For any established or related (fto) connection
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
You can change those script as you needed.
Update Clamav Antivirus on Fedora Core 3
Here is some steps to update your clamav Antivirus instalation, you can download the latest clamav engine from official site (www.clamav.net)
1. Stop service freshclam dan clamd
#service clamd stop
#service freshclam stop
2. Remove any library used in previous clamav instalation
#rm -f /usr/local/lib/*clam*
3. Install clamav intself, usually i'm using tar ball package and install it on default location. But i've already customize my clamav init script (/etc/init.d/clamd)
#./configure
#make
#make isntall
4. For user using qmail-scanner, follow this step
#setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z or
#setuidgid qscand /var/qmail/bin/qmail-scanner-queue -z
5. For those who is using simscan, follow this step
#/var/qmail/bin/simscanmk
#/var/qmail/bin/simscanmk -g
6. Start clamd and freshclam service again
#service clamd start
#service freshclam start
It's all done, your system is now using the latest clamav core engine
1. Stop service freshclam dan clamd
#service clamd stop
#service freshclam stop
2. Remove any library used in previous clamav instalation
#rm -f /usr/local/lib/*clam*
3. Install clamav intself, usually i'm using tar ball package and install it on default location. But i've already customize my clamav init script (/etc/init.d/clamd)
#./configure
#make
#make isntall
4. For user using qmail-scanner, follow this step
#setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z or
#setuidgid qscand /var/qmail/bin/qmail-scanner-queue -z
5. For those who is using simscan, follow this step
#/var/qmail/bin/simscanmk
#/var/qmail/bin/simscanmk -g
6. Start clamd and freshclam service again
#service clamd start
#service freshclam start
It's all done, your system is now using the latest clamav core engine
Monday, March 3, 2008
Linux Dial in Server Setup
Here is tutorial for build a dial in server with Linux machine:
1. Build you network plan configuration
[dial in server : 192.169.169.1]<-- PSTN Tel Line-->[Client 192.169.169.2]
2. Create an account to in dial in server
Host : 192.169.169.1
Account : dialin
Password/Secret : dialin
3. Setup dial in server as a gateway
[root@server]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@server]# ipchains -A forward -j MASQ
4. Plug in you modem in your dial in server
5. Prepare some need package on server
[root@server]# rpm -qa | grep pppd
[root@server]# rpm -qa | grep mgetty
6. Edit /etc/inittab , add these line (ttyS1 for com1 port):
[root@server]# vi /etc/inittab
##------------------
s1:2345:respawn:/sbin/mgetty ttyS1
##------------------
7. Edit /etc/ppp/options, and add these line
[root@server]# vi /etc/ppp/options
##------------------
auth -chap +pap login modem crtscts debug proxyarp lock
ms-dns 192.169.169.1
##------------------
8. Edit /etc/ppp/options.ttyS1
[root@server]# vi /etc/ppp/options.ttyS1
##------------------
##server:host
192.169.169.1:192.169.169.2
##------------------
9. Edit /etc/mgetty+sendfax/login.config and add these line :
[root@server]# vi /etc/mgetty+sendfax/login.config
##------------------
/AutoPPP/ - a_ppp /usr/sbin/pppd
##------------------
10. edit /etc/ppp/pap-secrets :
[root@server]# vi /etc/ppp/pap-secrets
##------------------
# Secrets for authentication using PAP
# client server secret IP addresses
dialin * dialin 192.169.169.2
##------------------
11. Tell init about the changes
init q
12. You are ready to dial in
1. Build you network plan configuration
[dial in server : 192.169.169.1]<-- PSTN Tel Line-->[Client 192.169.169.2]
2. Create an account to in dial in server
Host : 192.169.169.1
Account : dialin
Password/Secret : dialin
3. Setup dial in server as a gateway
[root@server]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@server]# ipchains -A forward -j MASQ
4. Plug in you modem in your dial in server
5. Prepare some need package on server
[root@server]# rpm -qa | grep pppd
[root@server]# rpm -qa | grep mgetty
6. Edit /etc/inittab , add these line (ttyS1 for com1 port):
[root@server]# vi /etc/inittab
##------------------
s1:2345:respawn:/sbin/mgetty ttyS1
##------------------
7. Edit /etc/ppp/options, and add these line
[root@server]# vi /etc/ppp/options
##------------------
auth -chap +pap login modem crtscts debug proxyarp lock
ms-dns 192.169.169.1
##------------------
8. Edit /etc/ppp/options.ttyS1
[root@server]# vi /etc/ppp/options.ttyS1
##------------------
##server:host
192.169.169.1:192.169.169.2
##------------------
9. Edit /etc/mgetty+sendfax/login.config and add these line :
[root@server]# vi /etc/mgetty+sendfax/login.config
##------------------
/AutoPPP/ - a_ppp /usr/sbin/pppd
##------------------
10. edit /etc/ppp/pap-secrets :
[root@server]# vi /etc/ppp/pap-secrets
##------------------
# Secrets for authentication using PAP
# client server secret IP addresses
dialin * dialin 192.169.169.2
##------------------
11. Tell init about the changes
init q
12. You are ready to dial in
Friday, February 22, 2008
Linux TCP load balancing
Maybe some of us need to balance TCP connection through several server. This is a simple way to do so.
1. Download the package
wget http://www.inlab.de/balance-3.40.tar.gz
2. Extract, compile and install:
tar zxvf balance-3.40.tar.gz
cd balance-3.40
vi Makefile
Change this line of code: MANDIR=${BINDIR}/../man/man1
For Ubuntu users : MANDIR=/usr/share/man/man1
For RedHat users: MANDIR=/usr/local/share/man/man1
make
make install
3 Using the load balancer
Here is the network topology used
balance -f http 192.168.0.1 192.168.0.2 192.168.0.3
For http that requires http session we can use
balance -f http 192.168.0.1 192.168.0.2 192.168.0.3 %
We can also use this balancer to balance another tcp traffic such as ftp, etc
This article is taken from linux2.arinet.org
Tuesday, February 19, 2008
Simscan Instalation on QmailRocks
Here is some steps for installing simscan on Linux with QmailRocks Installed:
1. Edit configuration option based on your machine configuration, here is mine
./configure \
--enable-user=qscand \
--enable-clamav \
--enable-clamdscan=/usr/local/bin/clamdscan \
--enable-custom-smtp-reject=y \
--enable-per-domain=y \
--enable-attach=y \
--enable-dropmsg=n \
--enable-spam=y \
--enable-spam-hits=5 \
--enable-spam-passthru=y \
--enable-qmail-queue=/var/qmail/bin/qmail-queue \
--enable-ripmime=/usr/local/bin/ripmime \
--enable-sigtool-path=/usr/local/bin/sigtool \
--enable-received=y
and then run the above configure script
2. Run make && make install-strip
3. fix permissions on the /var/qmail/simscan/ directory
chmod g+s /var/qmail/simscan/
4. Set all mails to be scanned, machine wide by editing /var/qmail/supervise/qmail-smtpd/run
vi /var/qmail/supervise/qmail-smtpd/run
5. Add the line
QMAILQUEUE="/var/qmail/bin/simscan"; export QMAILQUEUE
6. Alternatively you can have much greater control by stating which actions to be performed on emails coming from different IP addresses: for instance mine is set to scan ALL mails and is probably the simplest setup.
Edit the /var/qmail/control/simcontrol file and place your options in there:
vi /var/qmail/control/simcontrol
As i said above mine scans ALL mails form ALL IP addrresses with:
:clam=yes,trophie=no,spam=no
7. Run /var/qmail/bin/simscanmk to convert the /var/qmail/control/simcontrol into the /var/qmail/control/simcontrol.cdb file
8. Restart qmail with
qmailctl restart
1. Edit configuration option based on your machine configuration, here is mine
./configure \
--enable-user=qscand \
--enable-clamav \
--enable-clamdscan=/usr/local/bin/clamdscan \
--enable-custom-smtp-reject=y \
--enable-per-domain=y \
--enable-attach=y \
--enable-dropmsg=n \
--enable-spam=y \
--enable-spam-hits=5 \
--enable-spam-passthru=y \
--enable-qmail-queue=/var/qmail/bin/qmail-queue \
--enable-ripmime=/usr/local/bin/ripmime \
--enable-sigtool-path=/usr/local/bin/sigtool \
--enable-received=y
and then run the above configure script
2. Run make && make install-strip
3. fix permissions on the /var/qmail/simscan/ directory
chmod g+s /var/qmail/simscan/
4. Set all mails to be scanned, machine wide by editing /var/qmail/supervise/qmail-smtpd/run
vi /var/qmail/supervise/qmail-smtpd/run
5. Add the line
QMAILQUEUE="/var/qmail/bin/simscan"; export QMAILQUEUE
6. Alternatively you can have much greater control by stating which actions to be performed on emails coming from different IP addresses: for instance mine is set to scan ALL mails and is probably the simplest setup.
Edit the /var/qmail/control/simcontrol file and place your options in there:
vi /var/qmail/control/simcontrol
As i said above mine scans ALL mails form ALL IP addrresses with:
:clam=yes,trophie=no,spam=no
7. Run /var/qmail/bin/simscanmk to convert the /var/qmail/control/simcontrol into the /var/qmail/control/simcontrol.cdb file
/var/qmail/bin/simscanmk
/var/qmail/bin/simscanmk -g
8. Restart qmail with
qmailctl restart
Thursday, February 14, 2008
Monitoring Oracle tablespace usage
Maybe some of us need to monitor Oracle tablespace usage on our DB Server. Here is some script that give a report about tablespace usage.
column "Tablespace" format a13
column "Used MB" format 99,999,999
column "Free MB" format 99,999,999
colimn "Total MB" format 99,999,999
select
fs.tablespace_name "Tablespace",
(df.totalspace - fs.freespace) "Used MB",
fs.freespace "Free MB",
df.totalspace "Total MB",
round(100 * (fs.freespace / df.totalspace)) "Pct. Free"
from
(select
tablespace_name,
round(sum(bytes) / 1048576) TotalSpace
from
dba_data_files
group by
tablespace_name
) df,
(select
tablespace_name,
round(sum(bytes) / 1048576) FreeSpace
from
dba_free_space
group by
tablespace_name
) fs
where
df.tablespace_name = fs.tablespace_name;
This script can be set to be run every day (with scheduler or crontab), and the result will be emailed to DBA.
column "Tablespace" format a13
column "Used MB" format 99,999,999
column "Free MB" format 99,999,999
colimn "Total MB" format 99,999,999
select
fs.tablespace_name "Tablespace",
(df.totalspace - fs.freespace) "Used MB",
fs.freespace "Free MB",
df.totalspace "Total MB",
round(100 * (fs.freespace / df.totalspace)) "Pct. Free"
from
(select
tablespace_name,
round(sum(bytes) / 1048576) TotalSpace
from
dba_data_files
group by
tablespace_name
) df,
(select
tablespace_name,
round(sum(bytes) / 1048576) FreeSpace
from
dba_free_space
group by
tablespace_name
) fs
where
df.tablespace_name = fs.tablespace_name;
This script can be set to be run every day (with scheduler or crontab), and the result will be emailed to DBA.
Oracle 9i instalation on CentOS 4.4 Final Release
Here I post a quick tutorial to install Oracle 9i Release 2 on CentOS 4.4 (RHEL 4.4 Clone). You can download oracle 9i from Oracle Website (download.oracle.com) and for the Linux you can download it from official website www.centos.org or from local mirror (centos.cbn.net.id)
Before you can install Oracle, you need to check packets installed on your computer.
- CD 1
xorg-x11-deprecated-libs-6.8.2-1.EL.13.20.i386.rpm
xorg-x11-libs-6.8.2-1.EL.13.20.i386.rpm
xorg-x11-xfs-6.8.2-1.EL.13.20.i386.rpm
- CD 2
alsa-lib-devel-1.0.6-5.RHEL4.i386.rpm
fontconfig-devel-2.2.3-7.i386.rpm
freetype-devel-2.1.9-1.i386.rpm
libjpeg-devel-6b-33.i386.rpm
libtiff-devel-3.6.1-8.i386.rpm
libungif-devel-4.1.3-1.i386.rpm
xorg-x11-6.8.2-1.EL.13.20.i386.rpm
xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.20.i386.rpm
xorg-x11-devel-6.8.2-1.EL.13.20.i386.rpm
- CD 3
audiofile-devel-0.2.6-1.i386.rpm
esound-devel-0.2.35-2.i386.rpm
libaio-0.3.103-3.i386.rpm
libaio-devel-0.3.103-3.i386.rpm
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
- CD 4
glib-devel-1.2.10-15.i386.rpm
gnome-libs-devel-1.4.1.2.90-44.1.i386.rpm
gtk+-devel-1.2.10-33.i386.rpm
imlib-devel-1.9.13-23.i386.rpm
ORBit-devel-0.5.17-14.i386.rpm
-- Additional packets from oracle
compat-libcwait-2.1-1.i386.rpm
compat-oracle-rhel4-1.0-5.i386.rpm
Here is some steps that I've done:
1. Unzip the oracle using gunzip and cpio
- gunzip ship_9204_linux_disk1.cpio.gz
- cpio -idmv < ship_9204_linux_disk1.cpio
2. Create oracle user and group
/usr/sbin/groupadd oinstall
/usr/sbin/groupadd dba
/usr/sbin/useradd -g oinstall -G dba database
passwd database
3. Create folder in which Oracle will be installed
mkdir /data/oracle
mkdir /data/oracle/9.2.0
chown -R database:oinstall /data/oracle
4. Add this user environment variable on file .bashrc on user's home directory
ORACLE_SID=testdb
ORACLE_BASE=/data/oracle
ORACLE_HOME=/data/oracle/9.2.0
PATH=$ORACLE_HOME/bin:$PATH:.
LD_ASSUME_KERNEL=2.4.19
export ORACLE_SID ORACLE_BASE ORACLE_HOME PATH LD_ASSUME_KERNEL
LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
export LD_LIBRARY_PATH
5. Edit /etc/sysctl.conf file and add those line
kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
after adding those line, check the parameter using this command
/sbin/sysctl -p
6. After those step, you can run runInstaller on the file that you have just extracted
./runInstaller
That is the step to install oracle 9i on CentOS 4.4
This tutorial is taken from http://www.puschitz.com/InstallingOracle9i.shtml
Before you can install Oracle, you need to check packets installed on your computer.
- CD 1
xorg-x11-deprecated-libs-6.8.2-1.EL.13.20.i386.rpm
xorg-x11-libs-6.8.2-1.EL.13.20.i386.rpm
xorg-x11-xfs-6.8.2-1.EL.13.20.i386.rpm
- CD 2
alsa-lib-devel-1.0.6-5.RHEL4.i386.rpm
fontconfig-devel-2.2.3-7.i386.rpm
freetype-devel-2.1.9-1.i386.rpm
libjpeg-devel-6b-33.i386.rpm
libtiff-devel-3.6.1-8.i386.rpm
libungif-devel-4.1.3-1.i386.rpm
xorg-x11-6.8.2-1.EL.13.20.i386.rpm
xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.20.i386.rpm
xorg-x11-devel-6.8.2-1.EL.13.20.i386.rpm
- CD 3
audiofile-devel-0.2.6-1.i386.rpm
esound-devel-0.2.35-2.i386.rpm
libaio-0.3.103-3.i386.rpm
libaio-devel-0.3.103-3.i386.rpm
openmotif21-2.1.30-11.RHEL4.4.i386.rpm
- CD 4
glib-devel-1.2.10-15.i386.rpm
gnome-libs-devel-1.4.1.2.90-44.1.i386.rpm
gtk+-devel-1.2.10-33.i386.rpm
imlib-devel-1.9.13-23.i386.rpm
ORBit-devel-0.5.17-14.i386.rpm
-- Additional packets from oracle
compat-libcwait-2.1-1.i386.rpm
compat-oracle-rhel4-1.0-5.i386.rpm
Here is some steps that I've done:
1. Unzip the oracle using gunzip and cpio
- gunzip ship_9204_linux_disk1.cpio.gz
- cpio -idmv < ship_9204_linux_disk1.cpio
2. Create oracle user and group
/usr/sbin/groupadd oinstall
/usr/sbin/groupadd dba
/usr/sbin/useradd -g oinstall -G dba database
passwd database
3. Create folder in which Oracle will be installed
mkdir /data/oracle
mkdir /data/oracle/9.2.0
chown -R database:oinstall /data/oracle
4. Add this user environment variable on file .bashrc on user's home directory
ORACLE_SID=testdb
ORACLE_BASE=/data/oracle
ORACLE_HOME=/data/oracle/9.2.0
PATH=$ORACLE_HOME/bin:$PATH:.
LD_ASSUME_KERNEL=2.4.19
export ORACLE_SID ORACLE_BASE ORACLE_HOME PATH LD_ASSUME_KERNEL
LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
export LD_LIBRARY_PATH
5. Edit /etc/sysctl.conf file and add those line
kernel.shmall = 2097152
kernel.shmmax = 2147483648
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
after adding those line, check the parameter using this command
/sbin/sysctl -p
6. After those step, you can run runInstaller on the file that you have just extracted
./runInstaller
That is the step to install oracle 9i on CentOS 4.4
This tutorial is taken from http://www.puschitz.com/InstallingOracle9i.shtml
Subscribe to:
Posts (Atom)
