From Wikipedia, the free encyclopedia
This article is about business continuity planning. For societal disaster recovery, see emergency management.
For other uses, see DRP.
Disaster Recovery is the process, policies and procedures of restoring operations critical to the resumption of business, including regaining access to data (records, hardware, software, etc.), communications (incoming, outgoing, toll-free, fax, etc.), workspace, and other business processes after a natural or human-induced disaster.
To increase the opportunity for a successful recovery of valuable records, a well-established and thoroughly tested data recovery plan must be developed. This task requires the cooperation of a well-organized committee led by an experienced chairperson. [1]
A disaster recovery plan (DRP) should also include plans for coping with the unexpected or sudden loss of communications and/or key personnel, although these are not covered in this article, the focus of which is data protection. DRP is part of a larger process known as business continuity planning (BCP).
Introduction
With the rise in information technology and the reliance on business-critical information, the importance of protecting irreplaceable data has become a more visible business priority in recent years. This is especially evident in information technology, with most companies relying on their computer systems as critical infrastructure in their business. As a result, most companies are aware that they need to backup their digital information to limit data loss and to aid data recovery.
Most large companies spend between 2% and 4% of their IT budget on disaster recovery planning; this is intended to avoid larger losses. Of companies that had a major loss of computerized data, 43% never reopen, 51% close within two years, and only 6% will survive long-term.[2]
The current data protection market is characterized by:
Rapidly changing customer needs that are driven by data growth, regulatory issues and the growing importance to access data quickly by retaining it online.
An ever-shrinking time frame for backing up data, which is burdening conventional tape backup technologies and leading to an increase in disk-based backup, data mirroring and high-availability systems.
As the disaster recovery market continues to undergo significant structural changes, the shift presents opportunities for companies that specialize in business continuity planning and offsite data protection such as SunGard Availability Services, IBM BCRS, Recall, Switch Communications, Symagio, NetMass, Cygem and Onyx Group Ltd.
Disaster recovery strategies
Prior to selecting a Disaster Recovery strategy, the DR planner should refer to their organizations business continuity plan which should indicate the key metrics of Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for various business processes (such as the process to run payroll, generate an order, etc). The metrics specified for the business processes must then be mapped to the underlying IT systems and infrastructure that support those processes.
Once the RTO and RPO metrics have been mapped to IT infrastructure, the DR planner can determine the most suitable recovery strategy for each system. An important note here however is that the business ultimately sets the IT budget and therefore the RTO and RPO metrics need to fit with the available budget. While most business unit heads would like zero data loss and zero time loss, the cost associated with that level of protection may make the desired high availability solutions unpractical.
The following is a list of the most common strategies for data protection.
Backups made to tape and sent off-site at regular intervals (preferably daily)
Backups made to disk on-site and automatically copied to off-site disk, or made directly to off-site disk
Replication of data to an off-site location, which overcomes the need to restore the data (only the systems then need to be restored or synced). This generally makes use of Storage Area Network (SAN) technology
High availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data
In many cases, an organization may elect to use an outsourced Disaster Recovery provider (such as SunGard Availability Systems or IBM BCRS) to provide a stand-by site and systems rather than using their own remote facilities.
In addition to preparing for the need to recover systems, organizations must also implement precautionary measures with an objective of preventing a disaster situation in the first place. These may include some of the following:
- Local mirrors of systems and/or data and use of disk protection technology such as RAID
- Surge Protectors, to minimize the effect of power surges on delicate electronic equipment
- Uninterruptible Power Supply (UPS) and/or Backup Generator to keep systems going in the event of a power failure
- Fire Preventions — more alarms, accessible fire extinguishers
- Anti-virus software and other security measures
Kamis, 24 Januari 2008
Rabu, 23 Januari 2008
OpenVPN 2.1-rc5 released
I am a member of openvpn-users mailing list, today I get email from James Yonan, he have released OpenVPN 2.1-rc5. Thanks James
Bellow his message.
OpenVPN 2.1-rc5 is available, please test. I would especially like
feedback on the Windows TAP driver. We've made some portability changes
recently to the driver to allow it to run on Win2K through Vista in x86
or x64 modes.
Download:
http://openvpn.net/beta/
File Signatures:
http://openvpn.net/signatures/
Here is the change log:
2008.01.23 -- Version 2.1_rc5
* Fixed Win2K TAP driver bug that was introduced by Vista fixes,
incremented driver version to 9.4.
* Windows build system changes:
Incremented included OpenSSL version to openssl-0.9.7m.
Updated openssl.patch for openssl-0.9.7m and added some
brief usage comments to the head of the patch.
Added build-pkcs11-helper.sh for building the pkcs11-helper
library.
Integrated inclusion of pkcs11-helper into Windows build
system.
Upgraded TAP build scripts to use WDK 6001.17121
(Windows 2008 Server pre-RTM).
* Windows installer changes:
Clean up the start menu folder.
Allow for a site-specific sample configuration file and keys
to be included in a custom installer (see SAMPCONF macros
in settings.in).
New icon (temporary).
* Added "forget-passwords" command to the management interface
(Alon Bar-Lev).
* Added --management-signal option to signal SIGUSR1 when the
management interface disconnects (Alon Bar-Lev).
* Modified command line and config file parser to allow
quoted strings using single quotes ('') (Alon Bar-Lev).
* Use pkcs11-helper as external library, can be downloaded from
https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev).
* Fixed interim memory growth issue in TCP connect loop where
"TCP: connect to %s failed, will try again in %d seconds: %s"
is output.
* Fixed bug in epoll driver in event.c, where the lack of a
handler for EPOLLHUP could cause 99% CPU usage.
* Defined ALLOW_NON_CBC_CIPHERS for people who don't
want to use a CBC cipher for OpenVPN's data channel.
* Added PLUGIN_LIBDIR preprocessor string to prepend a default
plugin directory to the dlopen search list when the user
specifies the basename of the plugin only (Marius Tomaschewski).
* Rewrote extract_x509_field and modified COMMON_NAME_CHAR_CLASS
to allow forward slash characters ("/") in the X509 common name
(Pavel Shramov).
* Allow OpenVPN to run completely unprivileged under Linux
by allowing openvpn --mktun to be used with --user and --group
to set the UID/GID of the tun device node. Also added --iproute
option to allow an alternative command to be executed in place
of the default iproute2 command (Alon Bar-Lev).
* Fixed --disable-iproute2 in ./configure to actually disable
iproute2 usage (Alon Bar-Lev).
* Added --management-forget-disconnect option -- forget
passwords when management session disconnects (Alon Bar-Lev).
Bellow his message.
OpenVPN 2.1-rc5 is available, please test. I would especially like
feedback on the Windows TAP driver. We've made some portability changes
recently to the driver to allow it to run on Win2K through Vista in x86
or x64 modes.
Download:
http://openvpn.net/beta/
File Signatures:
http://openvpn.net/signatures/
Here is the change log:
2008.01.23 -- Version 2.1_rc5
* Fixed Win2K TAP driver bug that was introduced by Vista fixes,
incremented driver version to 9.4.
* Windows build system changes:
Incremented included OpenSSL version to openssl-0.9.7m.
Updated openssl.patch for openssl-0.9.7m and added some
brief usage comments to the head of the patch.
Added build-pkcs11-helper.sh for building the pkcs11-helper
library.
Integrated inclusion of pkcs11-helper into Windows build
system.
Upgraded TAP build scripts to use WDK 6001.17121
(Windows 2008 Server pre-RTM).
* Windows installer changes:
Clean up the start menu folder.
Allow for a site-specific sample configuration file and keys
to be included in a custom installer (see SAMPCONF macros
in settings.in).
New icon (temporary).
* Added "forget-passwords" command to the management interface
(Alon Bar-Lev).
* Added --management-signal option to signal SIGUSR1 when the
management interface disconnects (Alon Bar-Lev).
* Modified command line and config file parser to allow
quoted strings using single quotes ('') (Alon Bar-Lev).
* Use pkcs11-helper as external library, can be downloaded from
https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev).
* Fixed interim memory growth issue in TCP connect loop where
"TCP: connect to %s failed, will try again in %d seconds: %s"
is output.
* Fixed bug in epoll driver in event.c, where the lack of a
handler for EPOLLHUP could cause 99% CPU usage.
* Defined ALLOW_NON_CBC_CIPHERS for people who don't
want to use a CBC cipher for OpenVPN's data channel.
* Added PLUGIN_LIBDIR preprocessor string to prepend a default
plugin directory to the dlopen search list when the user
specifies the basename of the plugin only (Marius Tomaschewski).
* Rewrote extract_x509_field and modified COMMON_NAME_CHAR_CLASS
to allow forward slash characters ("/") in the X509 common name
(Pavel Shramov).
* Allow OpenVPN to run completely unprivileged under Linux
by allowing openvpn --mktun to be used with --user and --group
to set the UID/GID of the tun device node. Also added --iproute
option to allow an alternative command to be executed in place
of the default iproute2 command (Alon Bar-Lev).
* Fixed --disable-iproute2 in ./configure to actually disable
iproute2 usage (Alon Bar-Lev).
* Added --management-forget-disconnect option -- forget
passwords when management session disconnects (Alon Bar-Lev).
Selasa, 22 Januari 2008
intro to trixbox 2.2
trixbox®, spelled with a lowercase 't', is a line of Asterisk®-based IP-PBX products designed to meet the needs of companies from 2 to 500 employees. With two FREE products ranging from the open-source community edition to our hybrid-hosted, commercially-proven solution, you are guaranteed to find a trixbox that is right for you.
Screencast: Open source VoIP: Trixbox 2.0:
What's new in trixbox 2.2:
Screencast: Open source VoIP: Trixbox 2.0:
What's new in trixbox 2.2:
Introducing Cisco Certified Design Expert (CCDE) Certification
Today, I get email message from ciscotraining_email@cisco.com about new Cisco Certification. Here are that messages:
Responding to strong customer demand to assess and recognize Sr. Level Network Architecture skills in the market, Cisco is introducing a new premiere knowledge based certification focused on Network Infrastructure Design. - The Cisco Certified Design Expert (CCDE). The CCDE is an expert-level certification with content emphasis on expertise in network architecture, which is the capstone for Cisco’s design curriculum. In addition, passing the CCDE certification demands competencies of an experienced, seasoned, networking professional with a proven ability to interface with customers at the executive-level to ensure that business requirements are incorporated into successful designs.
What is a CCDE?
The successful CCDE-certified individual must have a demonstrated an ability to analyze and develop solutions which address planning, design, integration, optimization, operations, security and on-going support focused at the infrastructure of large 1000+ node customer networks.
The CCDE certification recognizes those with expert-level knowledge and skills in Infrastructure Design. The CCDE program is parallel to the CCIE program in terms of the expertise required and certification exam difficulty. It emphasizes network design principles and architectural theory of the network infrastructure and recognizes designers with the knowledge to assess network business requirements and translate them into technical specifications for successful designs.
Why Cisco Created the CCDE Program
Cisco created the CCDE program to respond to market demand in recognizing existing senior-level Network Designers and Architects while simultaneously providing senior Operations Engineers and Support Engineers with a validated professional development path into an Architectural role.
Cisco has found that organizations employing strong Network Designers and Architects consistently develop networks that are easier to maintain and troubleshoot. Properly executed, a well-designed network infrastructure aligned with a network-centric corporate business strategy leads to greater levels of efficiency and effectiveness - as well as potential competitive advantages like increased up-time, easier troubleshooting, increased performance, and simpler enhancements.
What are the exam requirements to attain CCDE?
To attain a CCDE certification a candidate will be tasked with passing two exams; a Qualification Exam, and a Practical exam.
Similar to the CCIE program, there are no prerequisites to taking the Qualification exam and it is a 2 hour multiple-choice exam available at any worldwide Pearson VUE testing center. The Qualification exam, (ADVDESIGN) 352-001, assesses fundamental knowledge of networking theories, principles, protocols and technology.
Visit the CCDE program site for more details regarding the Qualification Exam (www.cisco.com/go/ccde)
The second exam, the practical exam, is still currently in development. It will be an eight-hour, practical scenario-based exam available in late 2008. Bookmark the CCDE programs page as more details are expected to follow as the development team progresses.
The qualification exam is now available at Pearson VUE testing facilities worldwide.
More questions? Access the latest information on CCDE at http://sdm3.rm04.net/ctt?kn=3&m=1282369&r=MTAyMjcxNDc3MzQS1&b=0&j=NDMzOTcwNjES1&mt=1.
Responding to strong customer demand to assess and recognize Sr. Level Network Architecture skills in the market, Cisco is introducing a new premiere knowledge based certification focused on Network Infrastructure Design. - The Cisco Certified Design Expert (CCDE). The CCDE is an expert-level certification with content emphasis on expertise in network architecture, which is the capstone for Cisco’s design curriculum. In addition, passing the CCDE certification demands competencies of an experienced, seasoned, networking professional with a proven ability to interface with customers at the executive-level to ensure that business requirements are incorporated into successful designs.
What is a CCDE?
The successful CCDE-certified individual must have a demonstrated an ability to analyze and develop solutions which address planning, design, integration, optimization, operations, security and on-going support focused at the infrastructure of large 1000+ node customer networks.
The CCDE certification recognizes those with expert-level knowledge and skills in Infrastructure Design. The CCDE program is parallel to the CCIE program in terms of the expertise required and certification exam difficulty. It emphasizes network design principles and architectural theory of the network infrastructure and recognizes designers with the knowledge to assess network business requirements and translate them into technical specifications for successful designs.
Why Cisco Created the CCDE Program
Cisco created the CCDE program to respond to market demand in recognizing existing senior-level Network Designers and Architects while simultaneously providing senior Operations Engineers and Support Engineers with a validated professional development path into an Architectural role.
Cisco has found that organizations employing strong Network Designers and Architects consistently develop networks that are easier to maintain and troubleshoot. Properly executed, a well-designed network infrastructure aligned with a network-centric corporate business strategy leads to greater levels of efficiency and effectiveness - as well as potential competitive advantages like increased up-time, easier troubleshooting, increased performance, and simpler enhancements.
What are the exam requirements to attain CCDE?
To attain a CCDE certification a candidate will be tasked with passing two exams; a Qualification Exam, and a Practical exam.
Similar to the CCIE program, there are no prerequisites to taking the Qualification exam and it is a 2 hour multiple-choice exam available at any worldwide Pearson VUE testing center. The Qualification exam, (ADVDESIGN) 352-001, assesses fundamental knowledge of networking theories, principles, protocols and technology.
Visit the CCDE program site for more details regarding the Qualification Exam (www.cisco.com/go/ccde)
The second exam, the practical exam, is still currently in development. It will be an eight-hour, practical scenario-based exam available in late 2008. Bookmark the CCDE programs page as more details are expected to follow as the development team progresses.
The qualification exam is now available at Pearson VUE testing facilities worldwide.
More questions? Access the latest information on CCDE at http://sdm3.rm04.net/ctt?kn=3&m=1282369&r=MTAyMjcxNDc3MzQS1&b=0&j=NDMzOTcwNjES1&mt=1.
Kamis, 17 Januari 2008
Learn English Grammar – Wish (Present)
As we know that people often make wishes when they want reality to be different or opposite of the true situation. We usually use a noun clause wish.
When a speaker expresses a wish about a present situation, she or he uses a past verb form.
Example:
The true situation:
I don't know how to swim
Expressing using a wish:
I wish I knew how to swim
I don't have enough money
I wish I had enough money
I have to study tomorrow
I wish I didn't have to study tomorrow
I can't cook rice
I wish I could cook rice
Belows, were is used for all subjects:
I wish I/you/he/she/it/they/we were .....
I'm not a good student
I wish I were a good student
Doni isn't a good student
Doni wish he were a good student
It's cold today
I wish it weren't cold today
We aren't in Bali
We wish we were in Bali
When a speaker expresses a wish about a present situation, she or he uses a past verb form.
Example:
The true situation:
I don't know how to swim
Expressing using a wish:
I wish I knew how to swim
I don't have enough money
I wish I had enough money
I have to study tomorrow
I wish I didn't have to study tomorrow
I can't cook rice
I wish I could cook rice
Belows, were is used for all subjects:
I wish I/you/he/she/it/they/we were .....
I'm not a good student
I wish I were a good student
Doni isn't a good student
Doni wish he were a good student
It's cold today
I wish it weren't cold today
We aren't in Bali
We wish we were in Bali
Tunneling connections securely with SSH
I copy this tutorial from http://www.debian-administration.org/articles/38
Unfortunetly, it was posted by Anonymous, so I don't know which who I have to say thanks.
Here are the tutorial 'Tunneling connections securely with SSH':
There are many situations where you might want to send traffic over a secure link, and this is exactly what SSH allows you to do. Any form of TCP/IP connection can be sent across a tunnel providing you have access to a remote SSH server at the 'far side'.
One common use of SSH tunnels is for gaining access to facilities which are unreachable from your local machine.
For example if you are at work and you have access to an SSH server upon your home machine, and a proxy server running there too, you can surf the web using the secure tunnel. This keeps all records of your site visits out of the company log files.
Another reason to use a tunnel is to send insecure data over a secure, encrypted, link. This can come in handy when you wish to check email in a hostile environment for example.
To use a SSH tunnel you need to have two things:
- The ability to make outgoing SSH connections.
- A remote SSH server upon a host which can reach the resource you wish to access - it doesn't matter if you can't reach it, so long as the server can reach it and you in turn can reach that.
The most popular SSH client for Windows PuTTY also allows you to establish tunnels, which is worth remembering.
A tunnel is exactly what its name would suggest, a link between a service running on a remote machine and your own local machine.
You can cause all data sent to a local port upon your local machine to be seamlessly sent to a port on a remote machine with the encryption and compression facilities that OpenSSH supports.
Lets pretend we're stuck at work and we have a remote server which is running a POP3 mail server, and also an SSH server.
If we login with our mail client directly the user name and password we use to login to that mail server will go over the network in plain text, as will the contents of your messages. This could allow a user on your network to read them as they are in transit.
Using SSH we can create a tunnel between the remote POP3 server and the local machine
- then when that is up we can point the mail client at the local machine.
Any requests it makes will go out across the tunnel and end up at the mail server on the far side.
We will run the following command:
ssh -C -L 1100:localhost:110 username@host
This will prompt you for a password for the remote machine host, then once you've logged in will create a tunnel. Everything sent to the local machine on port 1100 will be sent to the remote machine localhost on port 110. (Which is the service for POP3)
The '-C' causes all the traffic to be compressed, which is a useful thing to remember :).
Tunneling other ports can be added easily too. If you have access to a remote proxy server from your remote login you can setup a tunnel to that, then point your browser at your local machine.
Assume that you have a login on a gateway machine gateway which can reach a machine called proxy, which is running the Squid proxy server on port 3128.
Run this:
ssh -C -L 8080:proxy:3128 user@gateway
Now you have a tunnel which is listening upon the localhost on port 8080 - so you can setup your browser proxy server to http://localhost:8080/ and enjoy secure browsing.
Unfortunetly, it was posted by Anonymous, so I don't know which who I have to say thanks.
Here are the tutorial 'Tunneling connections securely with SSH':
There are many situations where you might want to send traffic over a secure link, and this is exactly what SSH allows you to do. Any form of TCP/IP connection can be sent across a tunnel providing you have access to a remote SSH server at the 'far side'.
One common use of SSH tunnels is for gaining access to facilities which are unreachable from your local machine.
For example if you are at work and you have access to an SSH server upon your home machine, and a proxy server running there too, you can surf the web using the secure tunnel. This keeps all records of your site visits out of the company log files.
Another reason to use a tunnel is to send insecure data over a secure, encrypted, link. This can come in handy when you wish to check email in a hostile environment for example.
To use a SSH tunnel you need to have two things:
- The ability to make outgoing SSH connections.
- A remote SSH server upon a host which can reach the resource you wish to access - it doesn't matter if you can't reach it, so long as the server can reach it and you in turn can reach that.
The most popular SSH client for Windows PuTTY also allows you to establish tunnels, which is worth remembering.
A tunnel is exactly what its name would suggest, a link between a service running on a remote machine and your own local machine.
You can cause all data sent to a local port upon your local machine to be seamlessly sent to a port on a remote machine with the encryption and compression facilities that OpenSSH supports.
Lets pretend we're stuck at work and we have a remote server which is running a POP3 mail server, and also an SSH server.
If we login with our mail client directly the user name and password we use to login to that mail server will go over the network in plain text, as will the contents of your messages. This could allow a user on your network to read them as they are in transit.
Using SSH we can create a tunnel between the remote POP3 server and the local machine
- then when that is up we can point the mail client at the local machine.
Any requests it makes will go out across the tunnel and end up at the mail server on the far side.
We will run the following command:
ssh -C -L 1100:localhost:110 username@host
This will prompt you for a password for the remote machine host, then once you've logged in will create a tunnel. Everything sent to the local machine on port 1100 will be sent to the remote machine localhost on port 110. (Which is the service for POP3)
The '-C' causes all the traffic to be compressed, which is a useful thing to remember :).
Tunneling other ports can be added easily too. If you have access to a remote proxy server from your remote login you can setup a tunnel to that, then point your browser at your local machine.
Assume that you have a login on a gateway machine gateway which can reach a machine called proxy, which is running the Squid proxy server on port 3128.
Run this:
ssh -C -L 8080:proxy:3128 user@gateway
Now you have a tunnel which is listening upon the localhost on port 8080 - so you can setup your browser proxy server to http://localhost:8080/ and enjoy secure browsing.
Rabu, 16 Januari 2008
Forget Your Root Mysql Password ?
How to create user in mysql?
It’s easy, run this:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'easy'@'localhost'
-> IDENTIFIED BY 'secret' WITH GRANT OPTION;
How if we forget our root password in mysql?
It’s very easy, run this:
- shutdown mysql
- # safe_mysqld --skip-grant-tables &
- # mysql -u root
- update user set password=password('new_password') where user='root';
- start mysql
- # safe_mysqld &
---
easy
It’s easy, run this:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'easy'@'localhost'
-> IDENTIFIED BY 'secret' WITH GRANT OPTION;
How if we forget our root password in mysql?
It’s very easy, run this:
- shutdown mysql
- # safe_mysqld --skip-grant-tables &
- # mysql -u root
- update user set password=password('new_password') where user='root';
- start mysql
- # safe_mysqld &
---
easy
Selasa, 15 Januari 2008
Bridge Firewall (Linux)
I will show example how to configure bridge-firewall using linux.
You can see simple network’s schema below:
202.202.202.x -----------eth1- Bridge Firewall -eth0------ INTERNET
The rule is:
- PC with IP addres 202.202.202.x can access internet without filtering
- Internet can access IP Address 202.2002.202.x only on port 80 (http)
- Internet can not traceroute to IP 2022.202.202.x
Ok, let’s go start, install your linux distro (I’m use Centos 4) to pc that have 2 NIC. Then run command below:
ifdown eth0 -> down interface eth0
ifdown eth1 -> down interface eth1
ifconfig eth0 0.0.0.0 -> create ip 0.0.0.0 at eth0
ifconfig eth1 0.0.0.0 -> create ip 0.0.0.0 at eth1
brctl addbr java_ux -> add bridge java_ux
brctl addif java_ux eth0 -> add int eth0 to java_ux bridge
brctl addif java_ux eth1 -> add int eth1 to java_ux bridge
ifconfig java_ux up -> activate java_ux bridge
Ok, You have installed Bridge to your linux, then create firewall rule use iptables on your bridge:
# Delete all iptables rules
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables --delete-chain
iptables -t nat --delete-chain
# Delete all chain user
iptables -X
# Create chain KEEP_STATE special
iptables -N KEEP_STATE
iptables -F KEEP_STATE
# Drop bad state
iptables -A KEEP_STATE -m state --state INVALID -j DROP
iptables -A KEEP_STATE -m state --state RELATED,ESTABLISHED -j ACCEPT
# Deny bad packet (optional)
#iptables -A FORWARD -p tcp --tcp-flags ALL FIN,URG,PSH -m limit --limit 5/minute -j LOG --log-level notice --log-prefix "NMAP-XMAS: "
#iptables -A FORWARD -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
#iptables -A FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/minute -j LOG --log-level notice --log-prefix "SYN/FIN: "
#iptables -A FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
#iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/minute -j LOG --log-level notice --log-prefix "SYN/RST: "
#iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
# Drop RST/ACKs to limit OS Detection via pinging (optional)
#iptables -A FORWARD -p tcp --tcp-flags RST RST,ACK -m limit --limit 5/minute -j LOG --log-level notice --log-prefix "RST/ACK: "
#iptables -A FORWARD -p tcp --tcp-flags RST RST,ACK -j DROP
# Allow all for chain keep_state
iptables -A FORWARD -j KEEP_STATE
# If you want reject Outgoing traceroute (optional)
#iptables -A FORWARD -p udp -s 202.202.202.x/255.255.255.255 --sport 32769:65535 --dport 33434:33523 -j REJECT
# Reject Incoming traceroute
iptables -A FORWARD -p udp -s 202.202.202.x/255.255.255.255 --dport 32769:65535 --sport 33434:33523 -j REJECT
# Allow Internet access to port 80
iptables -A FORWARD -p tcp -d 202.202.202.x/255.255.255.255 --dport 80 -j ACCEPT
# Allow trafik outgoing
iptables -A FORWARD -s 202.202.202.x/255.255.255.255 -j ACCEPT
# Drop all rule that not allowed
iptables -A FORWARD -j DROP
You can create script file for rule above, example script.sh. Save script in /etc/rc.d/rc.local directory
If you want to disable bridge, you can run:
ifconfig java_ux down
brctl delif java_ux eth1
brctl delif java_ux eth0
brctl delbr java_ux
ifdown eth1
ifdown eth0
To Delete all firewall rules, you can run:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables --delete-chain
iptables -t nat --delete-chain
Don’t forget to activate ip forward on your linux, by running command:
echo "1" > /proc/sys/net/ipv4/ip_forward
You can see simple network’s schema below:
202.202.202.x -----------eth1- Bridge Firewall -eth0------ INTERNET
The rule is:
- PC with IP addres 202.202.202.x can access internet without filtering
- Internet can access IP Address 202.2002.202.x only on port 80 (http)
- Internet can not traceroute to IP 2022.202.202.x
Ok, let’s go start, install your linux distro (I’m use Centos 4) to pc that have 2 NIC. Then run command below:
ifdown eth0 -> down interface eth0
ifdown eth1 -> down interface eth1
ifconfig eth0 0.0.0.0 -> create ip 0.0.0.0 at eth0
ifconfig eth1 0.0.0.0 -> create ip 0.0.0.0 at eth1
brctl addbr java_ux -> add bridge java_ux
brctl addif java_ux eth0 -> add int eth0 to java_ux bridge
brctl addif java_ux eth1 -> add int eth1 to java_ux bridge
ifconfig java_ux up -> activate java_ux bridge
Ok, You have installed Bridge to your linux, then create firewall rule use iptables on your bridge:
# Delete all iptables rules
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables --delete-chain
iptables -t nat --delete-chain
# Delete all chain user
iptables -X
# Create chain KEEP_STATE special
iptables -N KEEP_STATE
iptables -F KEEP_STATE
# Drop bad state
iptables -A KEEP_STATE -m state --state INVALID -j DROP
iptables -A KEEP_STATE -m state --state RELATED,ESTABLISHED -j ACCEPT
# Deny bad packet (optional)
#iptables -A FORWARD -p tcp --tcp-flags ALL FIN,URG,PSH -m limit --limit 5/minute -j LOG --log-level notice --log-prefix "NMAP-XMAS: "
#iptables -A FORWARD -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
#iptables -A FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/minute -j LOG --log-level notice --log-prefix "SYN/FIN: "
#iptables -A FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
#iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/minute -j LOG --log-level notice --log-prefix "SYN/RST: "
#iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
# Drop RST/ACKs to limit OS Detection via pinging (optional)
#iptables -A FORWARD -p tcp --tcp-flags RST RST,ACK -m limit --limit 5/minute -j LOG --log-level notice --log-prefix "RST/ACK: "
#iptables -A FORWARD -p tcp --tcp-flags RST RST,ACK -j DROP
# Allow all for chain keep_state
iptables -A FORWARD -j KEEP_STATE
# If you want reject Outgoing traceroute (optional)
#iptables -A FORWARD -p udp -s 202.202.202.x/255.255.255.255 --sport 32769:65535 --dport 33434:33523 -j REJECT
# Reject Incoming traceroute
iptables -A FORWARD -p udp -s 202.202.202.x/255.255.255.255 --dport 32769:65535 --sport 33434:33523 -j REJECT
# Allow Internet access to port 80
iptables -A FORWARD -p tcp -d 202.202.202.x/255.255.255.255 --dport 80 -j ACCEPT
# Allow trafik outgoing
iptables -A FORWARD -s 202.202.202.x/255.255.255.255 -j ACCEPT
# Drop all rule that not allowed
iptables -A FORWARD -j DROP
You can create script file for rule above, example script.sh. Save script in /etc/rc.d/rc.local directory
If you want to disable bridge, you can run:
ifconfig java_ux down
brctl delif java_ux eth1
brctl delif java_ux eth0
brctl delbr java_ux
ifdown eth1
ifdown eth0
To Delete all firewall rules, you can run:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables --delete-chain
iptables -t nat --delete-chain
Don’t forget to activate ip forward on your linux, by running command:
echo "1" > /proc/sys/net/ipv4/ip_forward
APACHE2-SSL-PHP5
OpenSSL Installation
# wget http://www.openssl.org/source/openssl-0.9.8e.tar.gz
# tar zxvf openssl-0.9.8e.tar.gz
# cd openssl-0.9.8e
# ./config
# make && make install
Apache Installation
# wget http://apache.cbn.net.id/httpd/httpd-2.2.4.tar.bz2
# tar jxvf httpd-2.2.4.tar.bz2
# cd httpd-2.2.
# ./configure --enable-ssl --with-ssl=/usr/local/ssl --enable-suexec --enable-so
# make && make install
# /usr/local/apache2/bin/apachectl start
Generate /usr/local/apache2/ssl.crt/server.crt
# mkdir /usr/local/apache2/ssl.crt
# /usr/local/ssl/bin/openssl genrsa -des3 -passout pass:asecretpassword -out /usr/local/apache2/ssl.crt/server.key.org 1024
# /usr/local/ssl/bin/openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword -key /usr/local/apache2/ssl.crt/server.key.org -out /usr/local/apache2/ssl.crt/server.csr -days 3650
# /usr/local/ssl/bin/openssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword -key /usr/local/apache2/ssl.crt/server.key.org -in /usr/local/apache2/ssl.crt/server.csr -out /usr/local/apache2/ssl.crt/server.crt -days 3650
# /usr/local/ssl/bin/openssl rsa -passin pass:asecretpassword -in /usr/local/apache2/ssl.crt/server.key.org -out /usr/local/apache2/ssl.crt/server.key
# mkdir /usr/local/apache2/ssl.key
# mv /usr/local/apache2/ssl.crt/server.key /usr/local/apache2/ssl.key/server.key
# chmod 400 /usr/local/apache2/ssl.key/server.key
# cp /usr/local/apache2/ssl.crt/server.crt /usr/local/apache2/conf/
# cp /usr/local/apache2/ssl.key/server.key /usr/local/apache2/conf/
PHP Installation
# tar jxvf php-5.2.3.tar.bz2
# cd php-5.2.3
# ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql --enable-track-vars --enable-sockets --enable-ftp --with-zlib --with-openssl=/usr/local/ssl --enable-force-cgi-redirect --enable-exif --with-gd --enable-memory-limit --disable-debug --disable-rpath --disable-static --with-pic --with-layout=GNU --enable-calendar --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-trans-sid --enable-bcmath --with-bz2 --enable-ctype --with-db4 --with-iconv --enable-filepro --with-gettext --enable-mbstring --enable-shmop --enable-wddx --disable-xml --with-xmlrpc --enable-yp --with-zlib --without-pgsql --enable-dbx --enable-experimental-zts --without-mm --enable-gd-native-ttf --with-imap-ssl --enable-soap --enable-dbase --enable-xml
# make && make install
# cp php.ini-dist /usr/local/lib/php.ini
Apache Configuration
# vi /usr/local/apache2/conf/httpd.conf
Add these lines:
LoadModule php5_module modules/libphp5.so
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
Uncomment line below:
# Include conf/extra/httpd-ssl.conf become:
Include conf/extra/httpd-ssl.conf
Then restart Apache:
# /usr/local/apache2/bin/apachetl start
Ceck PHP
# vi /usr/local/apache2/htdocs/info.php
phpinfo()
?>
Open your browser: http://ipaddress/info.php dan https://ipaddress/info.php
# wget http://www.openssl.org/source/openssl-0.9.8e.tar.gz
# tar zxvf openssl-0.9.8e.tar.gz
# cd openssl-0.9.8e
# ./config
# make && make install
Apache Installation
# wget http://apache.cbn.net.id/httpd/httpd-2.2.4.tar.bz2
# tar jxvf httpd-2.2.4.tar.bz2
# cd httpd-2.2.
# ./configure --enable-ssl --with-ssl=/usr/local/ssl --enable-suexec --enable-so
# make && make install
# /usr/local/apache2/bin/apachectl start
Generate /usr/local/apache2/ssl.crt/server.crt
# mkdir /usr/local/apache2/ssl.crt
# /usr/local/ssl/bin/openssl genrsa -des3 -passout pass:asecretpassword -out /usr/local/apache2/ssl.crt/server.key.org 1024
# /usr/local/ssl/bin/openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword -key /usr/local/apache2/ssl.crt/server.key.org -out /usr/local/apache2/ssl.crt/server.csr -days 3650
# /usr/local/ssl/bin/openssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword -key /usr/local/apache2/ssl.crt/server.key.org -in /usr/local/apache2/ssl.crt/server.csr -out /usr/local/apache2/ssl.crt/server.crt -days 3650
# /usr/local/ssl/bin/openssl rsa -passin pass:asecretpassword -in /usr/local/apache2/ssl.crt/server.key.org -out /usr/local/apache2/ssl.crt/server.key
# mkdir /usr/local/apache2/ssl.key
# mv /usr/local/apache2/ssl.crt/server.key /usr/local/apache2/ssl.key/server.key
# chmod 400 /usr/local/apache2/ssl.key/server.key
# cp /usr/local/apache2/ssl.crt/server.crt /usr/local/apache2/conf/
# cp /usr/local/apache2/ssl.key/server.key /usr/local/apache2/conf/
PHP Installation
# tar jxvf php-5.2.3.tar.bz2
# cd php-5.2.3
# ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql=/usr/local/mysql --enable-track-vars --enable-sockets --enable-ftp --with-zlib --with-openssl=/usr/local/ssl --enable-force-cgi-redirect --enable-exif --with-gd --enable-memory-limit --disable-debug --disable-rpath --disable-static --with-pic --with-layout=GNU --enable-calendar --enable-sysvsem --enable-sysvshm --enable-sysvmsg --enable-trans-sid --enable-bcmath --with-bz2 --enable-ctype --with-db4 --with-iconv --enable-filepro --with-gettext --enable-mbstring --enable-shmop --enable-wddx --disable-xml --with-xmlrpc --enable-yp --with-zlib --without-pgsql --enable-dbx --enable-experimental-zts --without-mm --enable-gd-native-ttf --with-imap-ssl --enable-soap --enable-dbase --enable-xml
# make && make install
# cp php.ini-dist /usr/local/lib/php.ini
Apache Configuration
# vi /usr/local/apache2/conf/httpd.conf
Add these lines:
LoadModule php5_module modules/libphp5.so
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
Uncomment line below:
# Include conf/extra/httpd-ssl.conf become:
Include conf/extra/httpd-ssl.conf
Then restart Apache:
# /usr/local/apache2/bin/apachetl start
Ceck PHP
# vi /usr/local/apache2/htdocs/info.php
phpinfo()
?>
Open your browser: http://ipaddress/info.php dan https://ipaddress/info.php
SNMP and MRTG on Linux
1. I use CenTos 3.4 Distribution
2. Paket that must install on the system is:
[root@dell root]# rpm -qa grep snmp
net-snmp-5.0.9-2.30E.12
net-snmp-utils-5.0.9-2.30E.12
net-snmp-devel-5.0.9-2.30E.12
net-snmp-libs-5.0.9-2.30E.12
net-snmp-perl-5.0.9-2.30E.12
3. Dont forget to backup snmp.conf file:
[root@dell root]# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
4. Write new snmp.conf scripts:
com2sec public default public
group public v1 public
group public v2c public
group public usm public
view all included .1
access public "" any noauth exact all none none
5. Run SNMP service:
[root@dell root]# /etc/rc.d/init.d/snmpd start
6. Ceck SNMP service :
[root@dell root]# ps ax grep snmp
24433 ? S 0:00 /usr/sbin/snmpd -s -l /dev/null -P /var/run/snmpd -a
24437 pts/0 S 0:00 grep snmp
7. Ceck SNMP port:
[root@dell root]# netstat -pln grep snmp
tcp 0 0 0.0.0.0:199 0.0.0.0:* LIST EN 24433/snmpd
udp 0 0 0.0.0.0:161 0.0.0.0:* 24433/snmpd
8. Run Web server (I have use apache 2 version):
[root@dell root]# /usr/local/apache2/bin/apachectl start
9. Create directory mrtg on apache's root_directory:
[root@dell root]# mkdir /usr/local/apache2/htdocs/mrtg
10.U msut have mrtg paket on your linux:
[root@dell root]# rpm -qa grep mrtg
mrtg-2.9.29-4.ent
11.Create/run cfgmaker:
(example: snmp server installed on pc with IP address 192.168.100.218)
[root@dell snmp]# cfgmaker --global "WorkDir: /usr/local/apache2/htdocs/mrtg" --
global "Options[_]:growright,bits" public@192.168.100.218 > /etc/mrtg/192.168.10
0.218.cfg
--base: Get Device Info on public@192.168.100.218:
--base: Vendor Id:
--base: Populating confcache
--snpo: confcache public@192.168.100.218: Descr lo --> 1
--snpo: confcache public@192.168.100.218: Descr eth0 --> 2
--snpo: confcache public@192.168.100.218: Ip 127.0.0.1 --> 1
--snpo: confcache public@192.168.100.218: Ip 192.168.100.218 --> 2
--snpo: confcache public@192.168.100.218: Type 24 --> 1
--snpo: confcache public@192.168.100.218: Type 6 --> 2
--snpo: confcache public@192.168.100.218: Eth --> 1
--snpo: confcache public@192.168.100.218: Eth 00-12-3f-2e-83-b0 --> 2
--base: Get Interface Info
--base: Walking ifIndex
--base: Walking ifType
--base: Walking ifAdminStatus
--base: Walking ifOperStatus
--base: Walking ifSpeed
12.Edit 192.168.100.218.cfg file:
[root@dell root]# vi /etc/mrtg/192.168.100.218.cfg
# add this lines
# for UNIX
# WorkDir: /home/http/mrtg
WorkDir: /usr/local/apache2/htdocs/mrtg
# dan tambahkan baris berikut:
RunAsDaemon:Yes
Interval:5
Refresh:300
13. Run on 192.168.100.218.cfg file:
[root@dell snmp]# env LANG=C mrtg /etc/mrtg/192.168.100.218.cfg
Rateup WARNING: /usr/bin/rateup could not read the primary log file for 192.168.
100.218_2
Rateup WARNING: /usr/bin/rateup The backup log file for 192.168.100.218_2 was in
valid as well
Rateup WARNING: /usr/bin/rateup Can't remove 192.168.100.218_2.old updating log
file
Rateup WARNING: /usr/bin/rateup Can't rename 192.168.100.218_2.log to 192.168.10
0.218_2.old updating log file
14. SNMP server and MRTG installed on same machine, so u can open your browser whith url:
http://192.168.100.218/mrtg/
15.Dont forget create schedule with crontab , run mrtg for 5 menit
[root@dell root]# crontab -e
*/5 * * * * /usr/bin/mrtg /etc/mrtg/192.168.100.218.cfg --logging=/var/log/server1.log
' easy ????'
2. Paket that must install on the system is:
[root@dell root]# rpm -qa grep snmp
net-snmp-5.0.9-2.30E.12
net-snmp-utils-5.0.9-2.30E.12
net-snmp-devel-5.0.9-2.30E.12
net-snmp-libs-5.0.9-2.30E.12
net-snmp-perl-5.0.9-2.30E.12
3. Dont forget to backup snmp.conf file:
[root@dell root]# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak
4. Write new snmp.conf scripts:
com2sec public default public
group public v1 public
group public v2c public
group public usm public
view all included .1
access public "" any noauth exact all none none
5. Run SNMP service:
[root@dell root]# /etc/rc.d/init.d/snmpd start
6. Ceck SNMP service :
[root@dell root]# ps ax grep snmp
24433 ? S 0:00 /usr/sbin/snmpd -s -l /dev/null -P /var/run/snmpd -a
24437 pts/0 S 0:00 grep snmp
7. Ceck SNMP port:
[root@dell root]# netstat -pln grep snmp
tcp 0 0 0.0.0.0:199 0.0.0.0:* LIST EN 24433/snmpd
udp 0 0 0.0.0.0:161 0.0.0.0:* 24433/snmpd
8. Run Web server (I have use apache 2 version):
[root@dell root]# /usr/local/apache2/bin/apachectl start
9. Create directory mrtg on apache's root_directory:
[root@dell root]# mkdir /usr/local/apache2/htdocs/mrtg
10.U msut have mrtg paket on your linux:
[root@dell root]# rpm -qa grep mrtg
mrtg-2.9.29-4.ent
11.Create/run cfgmaker:
(example: snmp server installed on pc with IP address 192.168.100.218)
[root@dell snmp]# cfgmaker --global "WorkDir: /usr/local/apache2/htdocs/mrtg" --
global "Options[_]:growright,bits" public@192.168.100.218 > /etc/mrtg/192.168.10
0.218.cfg
--base: Get Device Info on public@192.168.100.218:
--base: Vendor Id:
--base: Populating confcache
--snpo: confcache public@192.168.100.218: Descr lo --> 1
--snpo: confcache public@192.168.100.218: Descr eth0 --> 2
--snpo: confcache public@192.168.100.218: Ip 127.0.0.1 --> 1
--snpo: confcache public@192.168.100.218: Ip 192.168.100.218 --> 2
--snpo: confcache public@192.168.100.218: Type 24 --> 1
--snpo: confcache public@192.168.100.218: Type 6 --> 2
--snpo: confcache public@192.168.100.218: Eth --> 1
--snpo: confcache public@192.168.100.218: Eth 00-12-3f-2e-83-b0 --> 2
--base: Get Interface Info
--base: Walking ifIndex
--base: Walking ifType
--base: Walking ifAdminStatus
--base: Walking ifOperStatus
--base: Walking ifSpeed
12.Edit 192.168.100.218.cfg file:
[root@dell root]# vi /etc/mrtg/192.168.100.218.cfg
# add this lines
# for UNIX
# WorkDir: /home/http/mrtg
WorkDir: /usr/local/apache2/htdocs/mrtg
# dan tambahkan baris berikut:
RunAsDaemon:Yes
Interval:5
Refresh:300
13. Run on 192.168.100.218.cfg file:
[root@dell snmp]# env LANG=C mrtg /etc/mrtg/192.168.100.218.cfg
Rateup WARNING: /usr/bin/rateup could not read the primary log file for 192.168.
100.218_2
Rateup WARNING: /usr/bin/rateup The backup log file for 192.168.100.218_2 was in
valid as well
Rateup WARNING: /usr/bin/rateup Can't remove 192.168.100.218_2.old updating log
file
Rateup WARNING: /usr/bin/rateup Can't rename 192.168.100.218_2.log to 192.168.10
0.218_2.old updating log file
14. SNMP server and MRTG installed on same machine, so u can open your browser whith url:
http://192.168.100.218/mrtg/
15.Dont forget create schedule with crontab , run mrtg for 5 menit
[root@dell root]# crontab -e
*/5 * * * * /usr/bin/mrtg /etc/mrtg/192.168.100.218.cfg --logging=/var/log/server1.log
' easy ????'
Fetchmail and Getmail
Now, I will give example script on fetchmail and getmail
1. GETMAIL
I use getmail with version 3.2.4
create directory.getmail
# mkdir .getmail
create getmailrc file
# touch getmailrc
Script getmailrc :
(let's say we will put inbox on maildir (I use qmail))
[default]
verbose = 1
readall = 0
delete = 1
message_log = /var/log/getmail.log
timeout = 240
max_message_size = 1048576
[java_ux's Mail]
server = geocities.com
username = java_ux@geocities.com
password = n64ntuk
postmaster = /home/vpopmail/domains/geocities.com/java_ux/Maildir/
[user1's Mail]
server = geocities.com
username = user1@geocities.com
password = t1du12
postmaster = /home/vpopmail/domains/geocities.com/user1/Maildir/
2. FETCHMAIL
create .fetchmailrc file
# touch .fetchmailrc
Contoh .fetchmailrc:
(let's say, we will put inbox to home user (I use sendmail))
poll geocities.com with proto pop3:
no envelope no dns
username java_ux%takaful.com password n64ntuk
to java_ux
poll geocities.com with proto pop3:
no envelope no dns
username user1%takaful.com password t1du12
to user1
'yeah , easy, U just copy then paste thats script, right? '
1. GETMAIL
I use getmail with version 3.2.4
create directory.getmail
# mkdir .getmail
create getmailrc file
# touch getmailrc
Script getmailrc :
(let's say we will put inbox on maildir (I use qmail))
[default]
verbose = 1
readall = 0
delete = 1
message_log = /var/log/getmail.log
timeout = 240
max_message_size = 1048576
[java_ux's Mail]
server = geocities.com
username = java_ux@geocities.com
password = n64ntuk
postmaster = /home/vpopmail/domains/geocities.com/java_ux/Maildir/
[user1's Mail]
server = geocities.com
username = user1@geocities.com
password = t1du12
postmaster = /home/vpopmail/domains/geocities.com/user1/Maildir/
2. FETCHMAIL
create .fetchmailrc file
# touch .fetchmailrc
Contoh .fetchmailrc:
(let's say, we will put inbox to home user (I use sendmail))
poll geocities.com with proto pop3:
no envelope no dns
username java_ux%takaful.com password n64ntuk
to java_ux
poll geocities.com with proto pop3:
no envelope no dns
username user1%takaful.com password t1du12
to user1
'yeah , easy, U just copy then paste thats script, right? '
Relay setting on sendmail
For relay setting, you have to add some scripts on sendmail.cf file.
I show you that's script:
#########################################
Ruleset 0 -- Parse Address
#########################################
S0
# Complex routing is appended here, followed by normal remote routing
Rjava_ux<@geocities.com> $#esmtp $@smtp.ngantuk.net.id $: java_ux < @ geocities.com>
Rjava_ux<@geocities.com.> $#esmtp $@smtp.ngantuk.net.id $: java_ux < @ geocities.com>
# Complex user routing end here
# Complex user routing end here
# Virtual domain routing
Ok, I have showed u the script, now I will explain rule of the script:
Example, email address that will be relay is java_ux@geocities.com via mail server named smtp.ngantuk.net.id
Remember, that script are 'tab sensitive' and 'spacebar sensitive'
Rjava_ux<@geocities.com>[tab 1x]$#esmtp[spacebar 1x]$@smtp.ngantuk.net.id[spacebar 1x]$:[spacebar 1x]java_ux[spacebar 1x]< [spacebar 1x]@ [spacebar 1x]geocities.com>
Rjava_ux<@geocities.com.>[tab 1x]$#esmtp[spacebar 1x]$@smtp.ngantuk.net.id[spacebar 1x]$:[spacebar 1x]java_ux[spacebar 1x]< [spacebar 1x]@ [spacebar 1x]geocities.com>
Don't forget restart your sendmail
'easy...easy...do you have the easiest way?'
I show you that's script:
#########################################
Ruleset 0 -- Parse Address
#########################################
S0
# Complex routing is appended here, followed by normal remote routing
Rjava_ux<@geocities.com> $#esmtp $@smtp.ngantuk.net.id $: java_ux < @ geocities.com>
Rjava_ux<@geocities.com.> $#esmtp $@smtp.ngantuk.net.id $: java_ux < @ geocities.com>
# Complex user routing end here
# Complex user routing end here
# Virtual domain routing
Ok, I have showed u the script, now I will explain rule of the script:
Example, email address that will be relay is java_ux@geocities.com via mail server named smtp.ngantuk.net.id
Remember, that script are 'tab sensitive' and 'spacebar sensitive'
Rjava_ux<@geocities.com>[tab 1x]$#esmtp[spacebar 1x]$@smtp.ngantuk.net.id[spacebar 1x]$:[spacebar 1x]java_ux[spacebar 1x]< [spacebar 1x]@ [spacebar 1x]geocities.com>
Rjava_ux<@geocities.com.>[tab 1x]$#esmtp[spacebar 1x]$@smtp.ngantuk.net.id[spacebar 1x]$:[spacebar 1x]java_ux[spacebar 1x]< [spacebar 1x]@ [spacebar 1x]geocities.com>
Don't forget restart your sendmail
'easy...easy...do you have the easiest way?'
I Love PCMAV Antivirus
I from Indonesia, I love Indonesia
But I hate computer virus
I hate virus from other country and I hate virus from Indonesia
Thanks, finally I found Indonesia PCMedia Antivirus
We call it PCMAV, it's free, I like it, 'cause I don't have enough money
If you want use it, U all can download on
rapidshare
easy-share.com
divshare
But I hate computer virus
I hate virus from other country and I hate virus from Indonesia
Thanks, finally I found Indonesia PCMedia Antivirus
We call it PCMAV, it's free, I like it, 'cause I don't have enough money
If you want use it, U all can download on
rapidshare
easy-share.com
divshare
Changing the MAC address (Windows)
I will show you how to changin MAC address on Windows without tools:
- Clic Start->Settings->Control Panel and double click on Network and Dial-up Connections.
- Right click on the NIC you want to change the MAC address and click on properties.
- Under “General” tab, click on the “Configure” button
- Click on “Advanced” tab
- Under “Property section”, you should see an item called “Network Address” or "Locally Administered Address", click on it.
- On the right side, under “Value”, type in the New MAC address you want to assign to your NIC. Usually this value is entered without the “-“ between the MAC address numbers.
- Goto command prompt and type in “ipconfig /all” or “net config rdr” to verify the changes. If the changes are not materialized, then use the second method.
- Then reboot your systems.
Thanks to KLC Consulting, Inc.
- Clic Start->Settings->Control Panel and double click on Network and Dial-up Connections.
- Right click on the NIC you want to change the MAC address and click on properties.
- Under “General” tab, click on the “Configure” button
- Click on “Advanced” tab
- Under “Property section”, you should see an item called “Network Address” or "Locally Administered Address", click on it.
- On the right side, under “Value”, type in the New MAC address you want to assign to your NIC. Usually this value is entered without the “-“ between the MAC address numbers.
- Goto command prompt and type in “ipconfig /all” or “net config rdr” to verify the changes. If the changes are not materialized, then use the second method.
- Then reboot your systems.
Thanks to KLC Consulting, Inc.
How to disconnect people use dialup connection (---ath0)
I am not a hacker, I am not a cracker
I am just human that always forget what all I have done
So, why I create this blog,
this blog for I remember what I have done
This time tutorial abount hacking, exploitation +++ath0
When people use dial-up, U have to now their/she/he IP Address
then u disconnect them use ping command:
ping -p 2b2b2b415448300d 'their IP Address'
When they use ftp application, u can run:
c:\>ftp 'their IP Address'
connected to 'theri IP Address' 220
inetd Microsoft FTP Service(Version 3.0)
User(.....) : user +++ath0 Connection lost
'yeah it's easy'
I am just human that always forget what all I have done
So, why I create this blog,
this blog for I remember what I have done
This time tutorial abount hacking, exploitation +++ath0
When people use dial-up, U have to now their/she/he IP Address
then u disconnect them use ping command:
ping -p 2b2b2b415448300d 'their IP Address'
When they use ftp application, u can run:
c:\>ftp 'their IP Address'
connected to 'theri IP Address' 220
inetd Microsoft FTP Service(Version 3.0)
User(.....) : user +++ath0 Connection lost
'yeah it's easy'
NFS on HP-UX
I am familiar configuring on linux system, but I really confuse when I implemented NFS on HP-UX.
Until I find the easy way, and it's really very easy
First:
Running "sam" (system administration manager) command.
All I have to do was:
Type sam > Networking and Communications > Networked File Systems > Exported Local > File Systems
Then I activate the NFS Services (of course still using sam):
Actions > Enable NFS Server
Then Add local directory for export:
Actions > Add Exported File System
'Just it, very easy ...'
Until I find the easy way, and it's really very easy
First:
Running "sam" (system administration manager) command.
All I have to do was:
Type sam > Networking and Communications > Networked File Systems > Exported Local > File Systems
Then I activate the NFS Services (of course still using sam):
Actions > Enable NFS Server
Then Add local directory for export:
Actions > Add Exported File System
'Just it, very easy ...'
Segregate Logical Log and Physical Log from rootdb (Informix)
One of how tuning the informix database is segregate Logical Log and Physical Log from rootdbs space. Following below my steps to segregate it:
Segregate Logical log from rootdbs:
1. Change current logical to the bottom by running command 'onmode -l'
2. Create new dbspace for logical log, example 'log_space' then add 'chunk'
3. Setting dbpace for logical log
'onmonitor > Parameters > Add-Log'
4. Example we want to create six logical log
We have to create new logical log by running command:
$ onparams -a -d logspace -s 100000 Run this command six times
5. Delete old Logical Log by running:
$ onparams -d -l 1 -----> where '1' is 'uniqid'
do that untill sixth uniqid
Segregate Physical log from rootdbs:
1. Create new dbspace for Physical log, example 'phy_space' then add 'chunk'
2. Create new space by running:
$ onparams -p -s 1000000 -d phy_space
3. Check it with 'onstat -d'
'you know.... it's very easy'
Segregate Logical log from rootdbs:
1. Change current logical to the bottom by running command 'onmode -l'
2. Create new dbspace for logical log, example 'log_space' then add 'chunk'
3. Setting dbpace for logical log
'onmonitor > Parameters > Add-Log'
4. Example we want to create six logical log
We have to create new logical log by running command:
$ onparams -a -d logspace -s 100000 Run this command six times
5. Delete old Logical Log by running:
$ onparams -d -l 1 -----> where '1' is 'uniqid'
do that untill sixth uniqid
Segregate Physical log from rootdbs:
1. Create new dbspace for Physical log, example 'phy_space' then add 'chunk'
2. Create new space by running:
$ onparams -p -s 1000000 -d phy_space
3. Check it with 'onstat -d'
'you know.... it's very easy'
Load command on Informix
Do you know how to using unload command,
This one again my experience using unload:
- Type dbaccess
- Query-language
- SELECT DATABASE
- Then type
unload to '/nama_direktori/nama_file' select * from nama_tabel
This one again my experience using unload:
- Type dbaccess
- Query-language
- SELECT DATABASE
- Then type
unload to '/nama_direktori/nama_file' select * from nama_tabel
Load command on Informix
Do you know how to using load command,
This is my experience using load:
- Type dbaccess
- Query-language
- SELECT DATABASE
- Then type
load from '/nama_direktori/nama_file' insert into nama_tabel
This is my experience using load:
- Type dbaccess
- Query-language
- SELECT DATABASE
- Then type
load from '/nama_direktori/nama_file' insert into nama_tabel
dbschema on informix
I will show you how to use dbschema on informix
To create database schema file, you have to run this command
dbschema -d nama_database fileoutput.sql
And to craete table schme file, run this:
dbschema -d nama_database -t nama_table > nama_table.sql
Mmhh....very easy !
To create database schema file, you have to run this command
dbschema -d nama_database fileoutput.sql
And to craete table schme file, run this:
dbschema -d nama_database -t nama_table > nama_table.sql
Mmhh....very easy !
Onunload dan Onload (informix)
This tutorial show you how to move table from one machine to another machine
1. create file that informix could read and access it$ touch file.onunload
2. Run "onunload" to take data form the database
let's say:
file name = file.onunload
database name = wahyudb
table name = customer
$ onunload -t file.onunload wahyudb:customer
3. Then it will create binary file named file.onunload
4. Move file.onunload to onother machine (I was using ftp program)
5. Remember, before you run onload, you have to shutdown down your database
6. Then run onload
let's say:
file name = file.onunload
dbspace name = space1
database name = wahyudb
table name = customer
$ onload -t file.ounlload -d space1 wahyudb:customer
1. create file that informix could read and access it$ touch file.onunload
2. Run "onunload" to take data form the database
let's say:
file name = file.onunload
database name = wahyudb
table name = customer
$ onunload -t file.onunload wahyudb:customer
3. Then it will create binary file named file.onunload
4. Move file.onunload to onother machine (I was using ftp program)
5. Remember, before you run onload, you have to shutdown down your database
6. Then run onload
let's say:
file name = file.onunload
dbspace name = space1
database name = wahyudb
table name = customer
$ onload -t file.ounlload -d space1 wahyudb:customer
Senin, 14 Januari 2008
dbexport and dbimport
dbexport is a program for backup all data and database schema
This an example of dbexport command:
$ dbexport -o /data wahyudb
-o /data : the directory where dbexport inside it
wahyudb : database name
Until you finish your dbexport, you will find wahyudb.exp directory on /data
dbimport is a program for recovery your informix database
This an example of dbexport command:
$ dbimport -c -i /data wahyudb -d wahyudb_space
-i /data : the directory where dbexport wahyudb.exp inside it
wahyudb : database name-d wahyudb_space : dbspace name
"This tutorial dedicated to me, I always forget to use those command"
This an example of dbexport command:
$ dbexport -o /data wahyudb
-o /data : the directory where dbexport inside it
wahyudb : database name
Until you finish your dbexport, you will find wahyudb.exp directory on /data
dbimport is a program for recovery your informix database
This an example of dbexport command:
$ dbimport -c -i /data wahyudb -d wahyudb_space
-i /data : the directory where dbexport wahyudb.exp inside it
wahyudb : database name-d wahyudb_space : dbspace name
"This tutorial dedicated to me, I always forget to use those command"
Create another user like informix user (Linux)
We usually access informix database using informix user
The question is, how we access the database using another user?
Can we access the database with another user?
FYI, You can access the database although you use 'root'
You can access it with other user but you have to create that user
The following below is tutorial how create that user:
Let's say we create user 'wahyu':
# useradd -g informix wahyu
Don't forget to give the password:
# passwd wahyu
Login with new user:
# su - wahyu
Add script on .bash_profile
$ vi .bash_profile
#---Add this script----#
# ex: INFORMIXDIR at /opt/informix
export INFORMIXDIR=/opt/informix
export PATH=$PATH:/opt/informix/bin
export INFORMIXSERVER=wahyudb
bexport TERM=vt100
Login as informix:
$ su – Informix
Run dbaccess:$ dbacessClick Query-Language > "your database name",
then run this:
grant dba to wahyu
Wow... U already give 'wahyu' with dba access... be carreful !!!
It's very easy, is not it ?
The question is, how we access the database using another user?
Can we access the database with another user?
FYI, You can access the database although you use 'root'
You can access it with other user but you have to create that user
The following below is tutorial how create that user:
Let's say we create user 'wahyu':
# useradd -g informix wahyu
Don't forget to give the password:
# passwd wahyu
Login with new user:
# su - wahyu
Add script on .bash_profile
$ vi .bash_profile
#---Add this script----#
# ex: INFORMIXDIR at /opt/informix
export INFORMIXDIR=/opt/informix
export PATH=$PATH:/opt/informix/bin
export INFORMIXSERVER=wahyudb
bexport TERM=vt100
Login as informix:
$ su – Informix
Run dbaccess:$ dbacessClick Query-Language > "your database name",
then run this:
grant dba to wahyu
Wow... U already give 'wahyu' with dba access... be carreful !!!
It's very easy, is not it ?
Version Of Informix
I've ever confused how to find the version of my informix db
My Informix CD Installer has gone and I want to know it's version
I have solution how to find the version:
1. Login as informix user
2. Dont't forget to export your INFORMIXDIR
3. Change your direktori --> cd $INFORMIXDIR/etc
4. Find the file with "-cr" extension --> ls -al grep cr
On my machine I have IIF-cr file
5. Then open your *.cr file --> more IIF-cr
It's really very very easy, is'n it ?
My Informix CD Installer has gone and I want to know it's version
I have solution how to find the version:
1. Login as informix user
2. Dont't forget to export your INFORMIXDIR
3. Change your direktori --> cd $INFORMIXDIR/etc
4. Find the file with "-cr" extension --> ls -al grep cr
On my machine I have IIF-cr file
5. Then open your *.cr file --> more IIF-cr
It's really very very easy, is'n it ?
Langganan:
Postingan (Atom)