Erinevus lehekülje "Kasutaja:Jj" redaktsioonide vahel

Allikas: Kuutõrvaja
(NB Mitte puududa)
 
(ei näidata sama kasutaja 132 vahepealset redaktsiooni)
9. rida: 9. rida:
 
* [[:terminal server]] FreeBSD näitel
 
* [[:terminal server]] FreeBSD näitel
 
* [[atacontrol]]
 
* [[atacontrol]]
* [[:apache ssl]] täiendust vajav
 
 
* [[:vinum gvinum ja geom]]
 
* [[:vinum gvinum ja geom]]
* [[:rrdool]] snmp ja süsteemse info alusel graafikute joonistamine
 
  
Ainult ühe kausta piires
+
DVD kaust iso failiks
 +
 
 +
genisoimage -dvd-video -v -o DVD.iso DVD
  
for file in *
+
This will create an iso named DVD.iso from the DVD folder.
do
 
      iconv -f iso-8859-4 -t UTF-8 "$file" > "$file.new"
 
      sleep 1
 
      mv -f "$file.new" "$file"
 
      echo $file
 
done
 
  
Rekursiivselt kõik
+
Alternatiivne ruuting
  
  find * -type f -exec /home/konvert2.sh "{}" \;
+
  # Build my alternate routing tables
 +
/usr/sbin/setfib 0 /sbin/route add default 10.1.9.58
 +
/usr/sbin/setfib 1 /sbin/route add default 10.1.9.59
 +
/usr/sbin/setfib 2 /sbin/route add default 10.1.9.60
 +
/usr/sbin/setfib 3 /sbin/route add default 10.1.9.61
 +
 +
# Start SSH daemons for each interface
 +
/usr/sbin/setfib 0 /usr/sbin/sshd -f /etc/ssh/sshd_config
 +
/usr/sbin/setfib 1 /usr/sbin/sshd -f /etc/ssh/sshd_config.tap0
 +
/usr/sbin/setfib 2 /usr/sbin/sshd -f /etc/ssh/sshd_config.tap1
 +
/usr/sbin/setfib 3 /usr/sbin/sshd -f /etc/ssh/sshd_config.tap2
  
või aja järgi
+
The qemu-img program can be used to convert images from one format to another. For example:
  
  find * -mtime +100 -exec /home/konvert.sh "{}" \;
+
  qemu-img convert -O qcow2 MyVmwareImage.vmdk MyProxmoxImage.qcow2
  
Skript ise
+
Saab kiirelt luua nt wifikaardiga läppariga wifi wõrgu.
  
  iconv -f iso-8859-4 -t UTF-8 "$1" > "$file.new"
+
  # apt-get install hostapd
sleep 1
 
mv -f "$file.new" "$1"
 
echo $1
 
  
----
 
  
Turvaserveri juhendist pärit õpetussõnad
+
http://freebsd.so14k.com/ifstated_apache.shtml
  
Tugevate paroolide kehtestamine
+
Paljudel sellega küsimusi, seega vaja vormistada kenaks juhendiks:
Anna käsk:
 
sudo apt-get install libpam-cracklib
 
Sätteid saab muuta failist /etc/pam.d/common-password. Vaikimisi kehtestatab see paroolide
 
panekul reeglid, et parooli miinimumpikkus on 8 märki (minlen=8) ja uus parool peab vanast
 
erinema 3 märgi võrra (difok=3).
 
  
Apticron
+
ssh-keygen käskküsib parooli ja tekitab ~/.ssh/id_rsa faili
Paigalda pakk "apticron", mis saadab meili teel teavitusi saadaolevatest turvauuendutest, mida
+
 
saab konkreetsele serverile paigaldada. Anna käsk:
+
Kopeerimiseks teise masinasse on hea käsk (võib ka käsitsi)
sudo apt-get install apticron
 
Vaikimisi saadetakse teavitused kasutajale "root". Muutmiseks anna käsk:
 
sudo dpkg-reconfigure apticron
 
  
LUBA SSH JUURDEPÄÄS AINULT VOLITATUD KASUTAJATELE
+
ssh-copy-id -i .ssh/id_rsa.pub kautaja@zoo.tartu.ee
1. Tekita grupp "sshusers", kuhu kuuluvad ainult need kasutajad, kellel peaks olema
 
juurdepääs üle SSH
 
2. Lisa SSH konfiguratsioonifaili rida "AllowGroups sshusers"
 
3. Lisa faili /etc/group sektsioon "sshusers" ja pane sinna volitatud kasutajad
 
  
KEELA JUURKASUTAJANA SISSELOGIMINE
+
Või siis käsitsi tuleb paigaldada tekitatud key teises masinas .ssh/authorized_keys alla ja
Asenda rida "PermitRootLogin yes" reaga "PermitRootLogin no".
+
chmod 700 .ssh
NB! Kui varundamise vm jaoks on vaja root-juurdepääsu, siis kasuta direktiivi "PermitRootLogin
+
chmod 600 .ssh/authorized_keys
forced-commands-only".
 
  
Suid- ja sgid-bitiga binaarfailid
+
Kasutaja konto lukustamine, et parooliga enam autentida ei saaks
Failide leidmiseks anna käsk:
 
sudo find / -perm 4000 -o -perm 2000
 
Suid/sgid biti eemaldamiseks anna käsk:
 
sudo chmod -s <fail>
 
Eemaldamisel tuleb lähtuda igast failist eraldi. Selleks, et paki uuendamisel suid-bitt tagasi ei
 
tuleks, tuleb deb-põhistes distributsioonides need bitid eemaldada permanentselt, kasutades
 
utiliiti deb-statoverride. Näiteks kui käsku "at" ei kasutata, saab selle eemaldada järgmiselt:
 
  
  sudo dpkg-statoverride --add root root 755 /usr/bin/at
+
  passwd -l kasutaja
sudo chown root:root /usr/bin/at
 
sudo chmod 755 /usr/bin/at
 
  
Teavitused juurkasutaja sisselogimisest
+
...
Konfigureeri süsteem nii, et ta saadaks meili iga kord, kui keegi logib root-kasutajana sisse. Selleks
+
 
redigeeri faili /root/.bashrc (kui on kasutusel Bash) ja lisa sinna järgmine rida:
+
http://www.marcofolio.net/tips/22_tips_on_how_to_speed_up_windows_xp.html
echo -e "Serverisse `hostname` on loginud (`date`)\n`who`" | mail -s "Root
 
logis serverisse `date`" kasutaja@server.ee
 
  
Portide konfigureerimine
+
FreeBSD kerneli paanika järel rebootima /etc/sysctl.conf
Kõikide kuulavate TCP- ja UDP-portide kuvamiseks anna käsk:
 
sudo lsof -i -n | egrep 'COMMAND|LISTEN|TCP|UDP'
 
Portide sulgemiseks eemalda pordinumbrile vastavat võrguteenust pakkuv pakk või keela võrgus
 
kuulamine muul viisil. Sulgeda ei tohi järgmisi deemoneid või protsesse, mis on vajalikud X-tee
 
tööks:
 
Andmekogu turvaserver (xtee-producerproxy): TCP 5555
 
Infosüsteemi (consumer) Apache: TCP 80 või 443
 
Infosüsteemi või andmekogu turvaserveri veebiliides: TCP 3000
 
SSH: nagu ülalpool konfigureeritud
 
ntpd: UDP *:123
 
named: localhost, oma port
 
postfix: localhost, oma port
 
  
 +
debug.debugger_on_panic=0
  
 +
BSDs apachele olulised moodulid, enne ei anna kernel apachele päringut kätte kui see pole täielik
  
 +
kldload accf_http
  
----
+
Permanentseks laadimiseks
  
Videokonverents on
+
accf_data_load="YES" # Wait for data accept filter
 +
accf_http_load="YES" # Wait for full HTTP request accept filter
  
...süsteem, mis lubab teatud tehnoloogia vahendusel üle audio-video
+
https://www.crc.id.au/configuring-dnssec-on-el6-and-bind-9/ dnssecist
silla suhelda samaaegselt erinevates geograafilises puktides viibivatel inimestel.
 
  
Videokonverentsi ajalugu
+
inet6 2001:bb8:2001::5 prefixlen 64 tentative
  
1956 aastal demonstreeris AT&T ideed ühendada hääl ja pilt – üks kaader iga kahe sekundi tagant.
+
tentative tähendab, et ei saa ipv6 aadressi kätte. mingi bsd jama. täpsemalt et süsteem ei tohi kasutada kuni otsib kollisioone.
1964 aastal loodi esimene pilti ja heli edastav toode nimega Picturephone.
 
1980-ndatel digitaalse telefoni (ISDN) tulekuga said videokonverentsi süsteemide arendus tuule tiibadesse.
 
  
Eesti akadeemilistesse ringkondadesse jõudis videokonverents 1996 aasta septembris kui Sidetehnika messil toimus esimene videokonverents Tallinna Pedagoogika Ülikooli ja Tallinna Tehnikaülikooli vahel. Videokonverents toimus üle ISDN ühenduse.
+
Apache käsna seadistus sisult harva muutuvale, kuid samas aeglaste andmebaasi päringutega veebile
Tartusse jõudsid videokonverentsi võimalused 1998 aastal.
 
  
Videokonverentsi võimalikud süsteemid
+
<source lang=apache>
 +
Timeout 60
 +
Header merge Cache-Control max-age=900
 +
Header unset Expires
 +
CacheEnable disk /
 +
CacheDisable /administrator
 +
CacheDefaultExpire 900
 +
CacheMaxExpire 3600
 +
CacheIgnoreCacheControl On
 +
CacheIgnoreNoLastMod On
 +
CacheIgnoreHeaders Set-Cookie
 +
CacheDirLevels 1
 +
CacheDirLength 1
 +
CacheMaxFileSize 64000
 +
CacheRoot /run/zoo/cache
 +
</source>
  
Tarkvarapõhised (desktop videoconferences)  
+
Selle mõjud on järgmised
VK toimub tarkvara vahendusel.
+
1) kord veerand tunni jooksul saab üks vaataja Sirbi veebilehe ette aeglaselt, järgmised vaatajad näevad sisu peaaegu hetkeliselt,
Spetsiaaltarkvara – Polycom, PVX, MS Netmeeting, EVO.
+
2) veebis tehtavad muudatused ilmuvad vaatajatele viivitusega kuni 15 minutit.
Tavaline audio-video suhtlemiseks mõeldud tarkvara – Skype, MSN, Google talk jms.
 
(Sõltuvalt VK-st, on vaja lisaks veebikaamerat, mikrofoni, kõrvaklappe.)
 
  
Veebipõhised
+
Puhvrist välja jäävad kaust /administrator, lehed suurusega alla 2KB (s.h. veateated) ja materjalid mahuga üle 64KB.
Tarkvara asub keskses serveris kust kasutajad saavad teda kodulehe vahendusel kasutada.
 
(Näiteks Codian, mida kasutavad ka Eesti haridusasutused)
 
  
Täpilised domeeninimed
+
https://wiki.archlinux.org/index.php/prosody jabberi server
  
ACE kodeering:
+
http://prosody.im/doc/configure
xn--(ASCII märgid)-(kodeeritud Unicode märgid)
 
  
jäääär.ee xn--jr-viaaaa.ee
+
https://wiki.debian.org/InstallingProsody
  
jüriöö.ee xn--jri-unaa6a.ee
+
Linuxi poolne iscsi loogika:
  
ženja.saša.ee xn--enja-kbb.xn--saa-1za.ee
+
> Oct 31 12:16:30 se kernel: connection39:0: ping timeout of 5 secs
 +
> expired, recv timeout 5, last rx 22326623071, last ping 22326621840, now
 +
> 22326633071
 +
> Oct 31 12:16:30 se kernel: connection39:0: detected conn error (1011)
  
  
 +
The iscsi initiator will send a iscsi nop/ping every
 +
node.conn[0].timeo.noop_out_interval seconds if there is no traffic on a
 +
session. If it does not get a response in
 +
node.conn[0].timeo.noop_out_timeout seconds, it drops the connection
 +
thinking the connection is bad. It then tries to create a new tcp/ip
 +
connection and relogin to the target and restart IO.
  
PMC-64/66 PMC-SCI Adapter Card
+
Mul on need mõlemad numbrid 5 sekundit, seega kui 5 sekundi jooksul traffic puudub, saadab masin iscsi nop/pingi ja kui sellele 5 sekundi jooksul vastust ei tule, resetib ühenduse.
  
http://dev.mysql.com/doc/refman/5.0/en/mysql-cluster-interconnects.html
+
Teiseks väidetakse, et koormatud storage korral "Decrease the queue_depth and increase the nop setting"
  
http://docs.oracle.com/cd/E17952_01/refman-5.1-en/mysql-cluster-sci-sockets.html
+
queue_depth on mul 32 ja timeo.noop_out_timeout on 5  
  
http://www.linuxtopia.org/online_books/database_guides/mysql_5.1_database_reference_guide/sci-sockets.html
+
/usr/local/etc/mail/spamassassin/local.cf
  
http://ww.dolphinics.no/download/D_3_4_0_LINUX_DOC/ Linuxi manual.
+
# whitelist everyone at sparkingwire.com:
 +
whitelist_from  *@sparkingwire.com
  
----
+
http://acksyn.org/?p=796 iscsi deemon ja fiiberkaardid
  
 +
http://community.zenoss.org/docs/DOC-9132 freebsd snmpd deemon mis distroga kaasas. Parem kui net-snmpd
  
muidu kui kasutada softi raidi jne ning ei ole suurt vajadust linuxi järgi ilmtingimata, siis soe soovitus on OpenIndiana, RAID-Z ja ZFS. Kui iSCSI peamine meetod, siis tõesti OpenIndiana kuna ZFS eelis on see, et sa saad mega mõnsalt jagada kohe iSCSI targetitena välja või win mount või nfs või ...
+
http://www.jlsnet.co.uk/index.php?page=ccna_1a_switching switchi ehk lüliti töö seletus. Cam tabel jms.
  
aga solarises on zfs optsioonid sharemise jaoks FreeBSDs pole sama implementatsiooni. see jah solarise enda osa mis bindib servicetega
+
tcp and host <ip>
 +
src port 80 and dst host 10.30.1.3
 +
src port > 1024 and dst host 10.10.X.Y
 +
src host 10.10.X.Y – meaning look for fows for this host
 +
src port 22 – meaning fows where the source port is 22
 +
src port 22 or src port 80 – meaning fows of either port 22 or 80
 +
src port 80 and in if 1 – meaning fows of src port 80 that passed via interface 1
 +
dst net 10.10.0.0/16 – meaning all fows where the destnaton network is 10.10.0.0/16
 +
src port > 5000 – meaning all fows where the source port is greater than 5000
  
osol ja solaris jooksid paralleelis siis kui solarise kood kinni löödi Oracle poolt
+
*MariaDB Galera Cluster
siis tehti OI kui kloon OSOL-st ja jätkati sõltumatut arendust
+
 
nagu aru saan, siis Oracle teeb putbacke peale igat full reliisi aga mitte vahepeal,
+
Millegipärast käivitades usb pulga kontrolli andis # fsck.vfat -r -f -v /dev/sdb1 paljude võtmetega annab teateks
need siis integreeritakse tõenäoliselt ka OI-sse
+
Unable to create unique name
  
niiet osol edasi ei arene afaik, areneb OI mida nad teha tahavad on aja jooksul vahetada kõik kinnised tükid (illumos kernel asenduseks jne) iSCSI on suht integraalne osa Solarisest kuna selle peal töötavad nii Suni NAS kastid kui ka Nexenta jne http://openindiana.org/
+
Paistab, et kõige paremini töötas lahendus, kus fsck.vfat jaoks ei anna mitte ühtegi muud parameetrit kui -r ja toimib.
  
ainuke osa mis mulle solarise ja derivaatide puhul ei meeldinud on installimine linuxi puhul suht triviaalne pxe püsti panna ja unattended install teha solarise puhul on see automated installer aga see on paras porr, et seda käima saada. ma lõpuks loobusin ja tegin käsi installid üle remote connectioni ISO imagete kaudu
+
badblocks -v /dev/hda1 > bad-blocks
 +
The above command will generate the file bad-blocks in the current directory from where you are running this command.
  
http://goodingredients.org/ingredients/index.html headest komponentidest valmib maitsev toit!
 
  
http://blog.doylenet.net/?p=46
+
http://frenzy.org.ua/en/download.shtml Asjalik FreeBSD live cd mitmete töövahenditega.
  
[[Pilt:Soraburg.png]]
+
Okular, üks asjalikumaid pdfi ja cbr-cbz koomiksite lugemise tarkvarasid linuxile. Võimaldab
 +
nt kerida koomikseid mugavamalt, ilma, et peaks eraldi lehevahetamiseks mingit nuppu klõksima.
  
graafiline bootloader burg
+
[[Pilt:70965 619x590.jpg]]
  
Jan 8 16:07:52 vwclub imap[16435]: SQUAT failed to open index file Jan 8 16:07:52 vwclub imap[16435]: SQUAT failed
+
http://spritesmods.com/?art=hddhack&page=2 kõvaketta ehitusest.
  
It means that a client did a SEARCH on the mailbox and a SQUAT index file (created by squatter which accelerates SEARCH) wasn't found, so the SEARCH proceeded by scanning the messages themselves.
+
<source lang=bash>
 +
#!/bin/bash
 +
createTunnel() {
 +
  /usr/bin/ssh -N -R 2222:localhost:22 serverUser@25.25.25.25
 +
  if [[ $? -eq 0 ]]; then
 +
    echo Tunnel to jumpbox created successfully
 +
  else
 +
    echo An error occurred creating a tunnel to jumpbox. RC was $?
 +
  fi
 +
}
 +
/bin/pidof ssh
 +
if [[ $? -ne 0 ]]; then
 +
  echo Creating new tunnel connection
 +
  createTunnel
 +
fi
 +
</source>
  
If you want to get rid of the message, either stop logging at th debug level, or create a squat index for mailboxes that get frequently searched.
+
Place this in as your cron job (every minute check if the ssh connection is up, if not, attempt to bring it up)
  
saslauthd
+
  */1 * * * * ~/create_ssh_tunnel.sh > tunnel.log 2>&1
  -c            Enable credential caching.
 
  
The caching layer caches the username, realm, service, and an md5 hash of the
+
To troubleshoot any problems in this you can view the tunnel.log file.
> passwords for all authentication mechanisms (LDAP, rimap, PAM, etc). It's
 
> been tested it on RedHat 7.2 Alpha and RedHat 7.3 Intel. I've also only been
 
> able to compile the modifications using the unix IPC option
 
  
with appropriate values for the username and password should do the trick.
+
Now let’s take a step back and look at what we’ve done. When the Raspberri Pi is on, it will check every minute to see if an ssh connection to your linux server exists. If it doesn’t it will create one. The tunnel it creates is really a reverse remote tunnel. Once the tunnel is up, anyone who ssh’s into port 2222 of the linux server will then be redirected to the Pi.  
  
# testsaslauthd -u test -p parool1
+
Kantsulgude vahel olevate asjade otsimise regexp.
0: OK "Success."
 
  
Luckily the PAM stack has a way to cache the password information through the use of the PAM module libpam-ccreds. In short terms this module stores the password hash if a user has correctly authenticated through the PAM LDAP module. If the LDAP server is later unavailable to PAM, it uses ccred's locally cached credentials to authenticate the user.
+
\[.*\]
  
http://blog.doylenet.net/?p=236
+
Then concatenate the .vob files that make up the part of the dvd you wish to convert (they will be split into 1gb files for compatibility)
  
KQEMU was a Linux kernel module, also written by Fabrice Bellard, which notably sped up emulation of x86 or x86-64 guests on platforms with the same CPU architecture. This was accomplished by running user mode code (and optionally some kernel code) directly on the host computer's CPU, and by using processor and peripheral emulation only for kernel mode and real mode code.
+
cat VTS_xx_xx.VOB VTS_xx_xx.VOB ... > intermediate.VOB
Unlike KVM, for example, KQEMU could execute code from many guest OSes even if the host CPU did not support hardware virtualization.
+
Then, use ffmpeg to convert the file to mkv with no loss of quality
 +
 
 +
ffmpeg -i intermediate.VOB output.mkv
 +
 
 +
Ati kaartidel
 +
 
 +
# aticonfig --odgc
 +
 +
Default Adapter - AMD Radeon HD 7900 Series
 +
                            Core (MHz)    Memory (MHz)
 +
            Current Clocks :    500          1400
 +
              Current Peak :    1000          1400
 +
  Configurable Peak Range : [300-1125]    [150-1575]
 +
                  GPU load :    0%
 +
 
 +
Nvidia kaartidel
 +
 +
  # nvclock ?
 +
 
 +
ATI videokaardi seadistamise menüü linuxis
  
http://www.linux-kvm.org/page/BSD
+
# gksu amdcccle
  
Peudograafiline mailisaba haldur pfqueue http://pfqueue.sourceforge.net/
+
Nvidia kaartidel, nt Geforce GTX 550 Ti
  
[[Pilt:Pfqueue.JPG]]
+
# apt-get install nvidia-settings nvidia-current
  
Programming Without Coding Technology (PWCT) http://radicalbreeze.com/
+
ja
  
http://www.aboutdebian.com/compile.htm kompileerimisest
+
# sudo nvidia-settings
 +
----
  
LibreOffice
 
  
Tobedad mustad raamid teksti ümber
+
Lihtne proxy: tcpproxy
view->text boundaries
 
linnuke eest ära lihtsalt
 
  
Muudatuste näitamise sise või välja lülitamiseks
 
edit -> changes -> show
 
  
http://en.wikipedia.org/wiki/Entity%E2%80%93attribute%E2%80%93value_model
+
https://code.google.com/p/sigil/downloads/list vabavaraline epubi editor
http://www.magentocommerce.com/knowledge-base/entry/magento-for-dev-part-7-advanced-orm-entity-attribute-value
 
  
<source lang=apache>
+
Mis helisüsteemid meil on
ClamavTmpdir /var/tmp/  
+
 
ClamavDbdir /usr/share/clamav
+
# cat /proc/asound/cards
ClamavSafetypes image/jpg
+
  0 [HDMI          ]: HDA-Intel - HDA ATI HDMI
ClamavMode daemon
+
                      HDA ATI HDMI at 0xe0240000 irq 86
ClamavSocket /var/clamd
+
 
ClamavTrickleInterval 10
+
Heli väljundid
ClamavTrickleSize 1024
+
 
ClamavSizelimit 1000000
+
<source lang=bash>
ClamavShm /var/log/clam/clamav.shm
+
# aplay -l
ClamavMutex /var/log/clam/clamav.lock
+
**** List of PLAYBACK Hardware Devices ****
ClamavAcceptDaemonproblem on
+
card 0: HDMI [HDA ATI HDMI], device 3: HDMI 0 [HDMI 0]
ClamavExtendedLogging on
+
  Subdevices: 1/1
LogFormat "%t %!304{clamav:status}n %{clamav:details}n %{clamav:virusname}n
+
  Subdevice #0: subdevice #0
request=\"%r\", status=%>s, sent=%!304b, delay=%!304D" clamav_stats
+
card 0: HDMI [HDA ATI HDMI], device 7: HDMI 1 [HDMI 1]
CustomLog logs/scan_log clamav_stats
+
  Subdevices: 1/1
# make sure proxy data is filtered
+
  Subdevice #0: subdevice #0
<Proxy *>
+
card 0: HDMI [HDA ATI HDMI], device 8: HDMI 2 [HDMI 2]
SetOutputFilter CLAMAV
+
  Subdevices: 1/1
</Proxy>
+
  Subdevice #0: subdevice #0
# define the location for status information
+
card 0: HDMI [HDA ATI HDMI], device 9: HDMI 3 [HDMI 3]
<Location /clamav>
+
  Subdevices: 1/1
SetHandler clamav
+
  Subdevice #0: subdevice #0
allow from all
+
card 0: HDMI [HDA ATI HDMI], device 10: HDMI 4 [HDMI 4]
</Location>
+
  Subdevices: 1/1
 +
  Subdevice #0: subdevice #0
 +
card 0: HDMI [HDA ATI HDMI], device 11: HDMI 5 [HDMI 5]
 +
  Subdevices: 1/1
 +
  Subdevice #0: subdevice #0
 
</source>
 
</source>
  
<source lang=php>
+
Alsa seadistus
ClamavMessage "\
+
 
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">\
+
# sudo alsamixer -c 0
<html>\
+
 
<head>\
+
The sound card you are looking at is for output over HDMI, such as on an HDTV. Select your other sound device with F6, to get sound from your built-in speakers.
<title>%i found virus</title>\
+
 
</head>\
+
# lspci | egrep -i audio
<body text=\"#000000\" bgcolor=\"#ffffff\">\
+
03:00.1 Audio device: Advanced Micro Devices [AMD] nee ATI Tahiti XT HDMI Audio [Radeon HD 7970 Series]
<basefont size=\"4\">\
 
<h1><center>%i found virus</center></h1>\
 
<p>The virus <b>%v</b> was found while downloading <i>%u</i>.\
 
The transfer has been aborted.</p>\
 
</basefont>\
 
</body>\
 
</html>\
 
"
 
</source>
 
  
Täpitähtedega domeenid Apache konfis idna formaadis http://idna-converter.com/ Näiteks:
+
Test
  
Põhimõtted
+
# speaker-test
*DNS-ga tagasiühilduv
 
*ei mõjuta alumisi protokolle
 
*uued märgid Unicode kooditabelist
 
  
ACE kodeering:
+
http://en.wikibooks.org/wiki/Configuring_Sound_on_Linux/HW_Address rohkelt juttu.
  
xn--(ASCII märgid)-(kodeeritud Unicode märgid)
+
Emaplaadi info vaatamine
  
 +
<source lang=bash>
 +
# sudo dmidecode -t 2
 +
Handle 0x0011, DMI type 2, 20 bytes
 +
Base Board Information
 +
Manufacturer: Intel Corporation
 +
Product Name: DX79SI
 +
Version: AAG28808-600
 +
Serial Number: BTSI210000EE
 +
Asset Tag: Base Board Asset Tag
 +
Features:
 +
Board is a hosting board
 +
Board is replaceable
 +
Location In Chassis: Base Board Chassis Location
 +
Chassis Handle: 0x0012
 +
Type: Unknown
 +
Contained Object Handles: 0
 +
</source>
  
*õpetaja -> xn--petaja-oxa
+
Kui skännitud tekstis on sisse jäänud ka leheküljenumbrid
 +
stiilis number+reavahetus saab neid otsida libreoffices järgiste regexpiga
  
Virtualhost näeb välja selline:
+
^[:digit:]{3}$
  
  <VirtualHost 192.168.1.20:80>
+
  ^[:digit:]{2}$
  ServerName xn--petaja-oxa.edu.ee
+
 
  ServerAlias www.xn--petaja-oxa.edu.ee
+
  ^[:digit:]{1}$
  ServerAdmin eenet@eenet.ee
 
  DocumentRoot /srv/www/
 
  </VirtualHost>
 
  
*jäääär.ee xn--jr-viaaaa.ee
 
*jüriöö.ee xn--jri-unaa6a.ee
 
*ženja.saša.ee xn--enja-kbb.xn--saa-1za.ee
 
  
 +
----
  
  
/etc/locate.rc faili kirjutasin
+
Amd protsessori info lugemine. Vajalik laadida moodul amdtemp mis bsdga kaasas.
PRUNEPATHS="/tmp /usr/tmp /var/tmp /var/db/portsnap /srv"
 
  
/etc/periodic.conf faili kirjutasin
+
arhiivitaja:~> kldstat
  daily_clean_tmps_dirs="/tmp /var/tmp"
+
Id Refs Address            Size    Name
 +
  1  17 0xffffffff80200000 cdcac0  kernel
 +
  2    1 0xffffffff80edd000 2fe8    amdtemp.ko
 +
  ...
  
(oli ainult /var/tmp)
+
arhiivitaja:~> dmesg | grep -i cpu
 +
CPU: Dual Core AMD Opteron(tm) Processor 275 (2193.80-MHz K8-class CPU)
 +
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
 +
  cpu0 (BSP): APIC ID:  0
 +
  cpu1 (AP): APIC ID:  1
 +
  cpu2 (AP): APIC ID:  2
 +
  cpu3 (AP): APIC ID:  3
 +
  ...
 +
amdtemp0: <AMD CPU On-Die Thermal Sensors> on hostb3
 +
amdtemp1: <AMD CPU On-Die Thermal Sensors> on hostb7
  
Käsurealt ütlesin
+
Temperatuurid
zfs set setuid=off srv
 
zfs set exec=off srv
 
  
(siis ta ei otsi öösiti setuid programme /srv pealt)
+
arhiivitaja:~> sysctl dev.cpu
 +
dev.cpu.0.%desc: ACPI CPU
 +
dev.cpu.0.%driver: cpu
 +
dev.cpu.0.%location: handle=\_PR_.CPU1
 +
dev.cpu.0.%pnpinfo: _HID=none _UID=0
 +
dev.cpu.0.%parent: acpi0
 +
dev.cpu.0.temperature: 53.0C
 +
dev.cpu.0.freq: 2200
 +
dev.cpu.0.freq_levels: 2200/-1 1925/-1 1650/-1 1375/-1 1100/-1 825/-1 550/-1  275/-1
 +
dev.cpu.0.cx_supported: C1/1/0
 +
dev.cpu.0.cx_lowest: C1
 +
dev.cpu.0.cx_usage: 100.00% last 1935us
 +
...
  
 
----
 
----
  
Silla loomine:
+
http://www.rohitmenon.com/index.php/howto-connect-2-phones-and-make-a-simple-call-using-asterisk/ kaks sip telefoni omavahel helistama.
  
# /usr/sbin/brctl addbr br0
+
Otsing logidest, uurida kindlasti http://sub-reality.org/2012/09/howto-setup-logstash-and-kibana-for-nginx-on-debian-squeeze/
 
 
MAC aadressi genereerimine:
 
  
#!/bin/bash
+
Kui dmesgis
# generate a random mac address for the qemu nic
 
printf 'DE:AD:BE:EF:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256))
 
  
 
----
 
----
  
Moniti näidiskonf
+
echo "accf_http_load=\"YES\"" >> /boot/loader.conf
 +
echo "accf_data_load=\"YES\"" >> /boot/loader.conf
 +
echo "apache22_enable=\"YES\"" >> /etc/rc.conf
 +
 
 +
 
 +
---
  
check process freeradius with pidfile "/var/run/radiusd/radiusd.pid"
+
If you have a folder named "mydvd" in your home directory containing a VIDEO_TS folder, cd to your home folder mydvd, then run:
  start = "/usr/local/etc/rc.d/radiusd start"
 
  stop = "/usr/local/etc/rc.d/radiusd stop"  
 
  if failed host 192.168.1.1 port 1812 type UDP  then restart
 
 
  if cpu usage is greater than 60 percent for 2 cycles then alert
 
  if cpu usage > 90% for 5 cycles then restart
 
  if totalmem usage > 40% for 5 cycles then restart
 
 
  if 3 restarts within 4 cycles then timeout
 
  
Dambjuuseritele hää saata:
+
# mkisofs -dvd-video -o mydvd.iso mydvd
  
Each line you type at the Unix shell consists of a command optionally followed by some arguments , e.g.  
+
This will produce a mydvd.iso file. To verify, run
  
  ls -l /etc/passwd
+
# isoinfo -l -i mydvd.iso
  |  |    |
 
cmd  arg1  arg2
 
  
 
----
 
----
  
 +
You can also download pages with a variable GET parameter. For e.g take the following url:
  
#Turn on Public key authentication
+
http://example.com/pages.php?pageNo=35
PubkeyAuthentication yes
 
AuthorizedKeysFile      .ssh/authorized_keys
 
 
#Disable .rhost and normal password authentication
 
HostbasedAuthentication no
 
PasswordAuthentication no
 
PermitEmptyPasswords no
 
  
Võtme genereerimine
+
The variable here is the pageNo parameter. You can download all the pages by adding a regular expression like parameter in the CURL url as given below.
  
  # /usr/bin/ssh-keygen -t dsa
+
  curl -o pages#1.html http://example.com/pages.php?pageNo=[1-12]
  
Võtme lisamine serverisse. Selleks tuleb id_rsa sisu kopeerida
 
kasutaja alla faili .ssh/authorized_keys
 
  
# cat id_rsa.pub | ssh admin@systeem.ee "cat >> .ssh/authorized_keys"
+
To POST to a page.
  
Windowsis saab kasutada võtme loomiseks putty nimelist utiliiti.
+
You can also process a POST request using CURL. The data will use the application/x-www-form-urlencoded encoding. Lets say you have the following POST form in your page:
  
FreeBSDs on see vaikimisi poliitikaks. Linuxis tuleb seda täiendavalt seadistada
+
<form method="POST" action="process.php">
 +
          <input type=text name="item">
 +
          <input type=text name="category">
 +
          <input type=submit name="submit" value="ok">
 +
</form>
  
#Disable root login. Users have to su to root
+
You can use the following CURL command to POST the request.
PermitRootLogin no
 
 
#Only allow userin the wheel or admin group to login
 
AllowGroups wheel admin
 
  
----
+
curl -d "item=bottle&category=consumer&submit=ok"
 +
            www.example.com/process.php
  
 +
send login data with POST request
 +
curl --request POST 'http://www.somedomain.com/login/' \
 +
--data 'username=myusername&password=mypassword'
  
http://wiki.apache.org/httpd/HttpreadyAcceptFilter FreeBSD apache kiirendamine.
+
send search data to with get request
 +
curl --request GET 'http://www.youtube.com/results?search_query=my_keyword'
  
Multihoming
+
send PUT request with data
 +
curl --request PUT 'http://www.somedomain.com/rest-api/user/12345/'\
 +
--data 'email=myemail@gmail.com'
  
http://lartc.org/howto/lartc.rpdb.multiple-links.html
+
same thing but this one get data from a file named data.txt
 +
curl --request PUT 'http://www.somedomain.com/rest-api/user/12345/'\
 +
--data @data.txt
  
Masinal on 2 võrgukaarti eth1 ja eth2 ning kummagil on oma IP ja erinev default route. Näiteks
+
----
on mõlemad ühendatud erineva teenusepakkuja ühenduse külge
 
  
# ip route
+
Cores make threads work better, so you'd want to investigate if
default via 193.40.0.129 dev eth1  metric 3
+
USE="threads" is useful for you.
10.40.0.0/16 dev eth0  proto kernel  scope link  src 10.40.0.25
 
127.0.0.0/8 via 127.0.0.1 dev lo  scope link
 
193.40.0.128/25 dev eth1  proto kernel  scope link  src 193.40.0.134
 
  
ehitaja ~ # ip rule
+
NUMA is also an option in the kernel. Should also be fully transparent.
0: from all lookup local
+
I got one machine with NUMA and only had to set an option for it.
32766: from all lookup main
 
32767: from all lookup default
 
  
Kaks IP aadressi kahe erineva GW läbi ehk erinevatest võrkudest
+
I believe NUMA is only used on multiprocessor machine and not on only multicore.
  
Ip aadressiks mille lisame 193.40.0.75 netmask 255.255.255.240
+
*http://en.wikipedia.org/wiki/Non-Uniform_Memory_Access
ruuter on aadressil 193.40.0.65
 
ja võrk 193.40.0.0/28
 
  
Anname võrguseadmele aadressi
+
NUMA's about memory access so it's about
 +
cores/CPUs/processors/whatever_you_want_to_call_it and how they access
 +
memory.
  
ifconfig eth2 193.40.0.75 netmask 255.255.255.240
+
If you want to run mysql with high memory usage on that machine, you
 +
might want to read
 +
http://blog.jcole.us/2010/09/28/mysql-swap-insanity-and-the-numa-architecture/
  
Ning seadistame ruutingud
+
Everything else that I can think of already has beed said.
  
ip route add 193.40.0.0/28 dev eth2 src 193.40.0.75 table admin
+
Oh, tweak MAKEOPTS for a faster compile time, you also might want to
ip route add default via 193.40.0.65 dev eth2 table admin
+
look at emerges --jobs and --load-average parameters
  
ip rule add from 193.40.0.75/32 table admin
+
NUMA is a hardware architecture. It's how you access memory on a
ip rule add to 193.40.0.75/32 table admin
+
hardware level: NUMA = Non Uniform Memory Access vs a UMA architecture
 +
of typical (old/legacy) SMP systems (UMA = Uniform Memory Access).
  
Nüüd kui ühendus tuleb 193.40.0.75 aadressile saadetakse vastus läbi 193.40.0.65 ruuteri.
+
In a UMA system, all the memory belongs to all the sockets. In a NUMA
----
+
system, each socket has it's "own" local memory. In modern (x86-64)
 +
processors, each socket has it's own memory controller so each socket
 +
controls its own local memory. If one socket runs out of memory it can
 +
ask another socket to lend him some memory. In a UMA system, no socket
 +
has to ask since memory is global and belongs to all sockets so if one
 +
socket uses up all the memory ... the rest "starve". In NUMA, there's
 +
more control over who uses what (be it cores or RAM).
  
http://www.youtube.com/watch?v=rJ2wGOaMRnA
+
If you have a modern dual or quad (or higher #) socket system ...
 +
you've got NUMA architecture and you can't get rid of it, it's
 +
hardware, not software.
  
http://blogs.balabit.com/2011/05/20/logstash/
+
NUMA is not bad nor good. It's "transparent" to you. If your SW
 +
supports threads, OpenMP, ... you'll be using it without knowing. That
 +
doesn't mean you can't tweak performance and use numactl tools,
 +
cgroups, ... to increase performance. You can
  
Graylog2 is an open source syslog implementation that stores your logs in MongoDB. It consists of a server written in Java that accepts your syslog messages via TCP or UDP and stores it in the database. The second part is a Ruby on Rails web interface that allows you to view the log messages.
+
So I must enable CONFIG_NUMA for more than one physical CPU, and disable it for only one physical CPU?
  
http://logstash.net/
+
Yup. But ... Why would you want to disable a socket (CPU)? If you
 +
disable a socket (CPU) ... you lose the memory attached to that socket
 +
(CPU) not to mention you lose those cores
  
logstash is a tool for managing events and logs. You can use it to collect logs, parse them, and store them for later use (like, for searching). Speaking of searching, logstash comes with a web interface for searching and drilling into all of your logs.
+
A better solution would be to use cgroups or numactl tools to pin a
 +
certain process to a set of cores and a memory region.
  
 +
If you really want to deactivate cores (but not the whole socket), you can type:
  
Logstash and Graylog2 are playing very well together and get more and more acceptance in the rising Devops scene these days. Logstash for collecting, processing and forwarding of logs to Graylog2 - Which is then used for analyzing, reporting and monitoring.
+
echo 0 > /sys/devices/system/cpu/cpu1/online
  
 +
This would deactivate core #1. You can deactivate as many cores as you
 +
wish, except for core #0.
  
http://logstash.net/docs/1.0.9/outputs/gelf
+
This can be done without rebooting your server (aka during run time). Your memory will not be affected, but you will have less cores (and theoretically more memory bandwidth). I say "theoretically" because you always have to benchmark these things with YOUR application (remember logic NEVER applies to real life
  
http://code.google.com/p/logstash/wiki/GettingStartedCentralized
+
If you want to check the # of cores you've got:
  
http://logstash.net/docs/1.0.17/getting-started-simple
+
cat /proc/interrupts | grep CPU
  
 +
Other possibilities such as cat /proc/cpuinfo or dmesg, ... can be
 +
useful too for this: your choice, FLOSS gives you options.
  
http://www.voneicken.com/courses/ucsb-cs290i-wi02/papers/Concept_Apache_Arch.htm huvitav artikkel Apache ehitusest. Tasub lugeda.
+
If you want to activate the previously deactivated core, you can run:
  
sata on edaspidi ja tagurpidi ühilduv. Ehk sata 1 ja sata 3 sobivad nii vanadele kui uutele masinatele.
+
echo 1 > /sys/devices/system/cpu/cpu1/online
  
----
+
Now ... be sure your core numbering is the expected core numbering. IOW, not all server vendors follow the same numbering scheme so core #1 in vendor A's server could be core #2 in vendor B's server. Never
 +
trust logic
  
'''tunnelid ja wifi pettus'''
+
As I mentioned previously: test/benchmark YOUR software. DON'T trust logic or generic benchmarks or web pages with results. Trust YOUR results only.
  
http://www.xs4all.nl/~rsmith/
+
$ dmesg | grep UMA
 +
No NUMA configuration found
  
Huvitav lahendus, mida vahel lennujaamas või muus avatud, kuid tasulises wifi levialas rakendada:
+
$ cat /usr/src/linux/.config | grep -i NUMA
http://thomer.com/howtos/nstx.html
+
CONFIG_NUMA=y
 +
# CONFIG_AMD_NUMA is not set
 +
CONFIG_X86_64_ACPI_NUMA=y
 +
# CONFIG_NUMA_EMU is not set
 +
CONFIG_USE_PERCPU_NUMA_NODE_ID=y
 +
CONFIG_ACPI_NUMA=y
  
Lühidalt:
+
----
tihti olevat nimetatud wifi piirkondades DNS päringud lubatud, kuid muu liiklus blokeeritakse, kuni raha on tasutud. NSTX tunneldab kogu IP liikluse läbi DNS protokolli, pettes niiviisi wifi tulemüüri ära.
 
  
See on umbes üheksa aastat vana lahendus ja ma pole kindel, kas see tänapäeval enam päästab. Sama lugu IPoICMP-ga, ICMP on vahel muidu täiesti lahtistest võrkudes lollakalt kinni keeratud.
+
Gentoo Packages /package/sys-process/numactl
  
NSTX näiteks ei sisalda mingit autentimist.
+
http://dustinhatch.tumblr.com/post/38118003177/minimalist-gentoo-for-the-raspberry-pi väärt link
  
 
----
 
----
  
http://www.thesitewizard.com/general/set-cron-job.shtml
+
Task 2 unlock a determined port, once someone “knock”
 +
 
 +
knock < host > 3000 4000 5000 && ssh -p
 +
 
 +
user@host && knock < host > 5000 4000 3000
  
http://misc.allbsd.de/Vortrag/EuroBSDCon_2007//Robert_Watson/20070914-security-features.pdf mac
+
In this example, you do not see the direct use of iptables, but iptables is used in the configuration file of knockd, You have to install knockd.
  
http://screamingelectron.org/forum/showthread.php?t=2809
+
[options]
 +
  logfile = /var/log/knockd.log
 +
[openSSH]
 +
sequence = 3000,4000,5000
 +
seq_timeout = 5
 +
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp --dport 22 -j ACCEPT
 +
tcpflags = syn
 +
[closeSSH]
 +
sequence = 5000,4000,3000
 +
seq_timeout = 5
 +
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp --dport 22 -j ACCEPT
 +
tcpflags = syn
  
http://joekuan.wordpress.com/2010/05/09/quick-tutorial-on-how-to-create-a-freebsd-system-startup-script/ teeme oma rc skripti bsd's
 
  
http://www.mhaller.de/archives/145-Nagios,-mod_security-and-check_http.html vaja seda uurida
 
  
http://www.citi.umich.edu/u/provos/honeyd/
+
Use pf firewall and get updated IP-address list from countryipblocks.net or IPdeny IP country blocks  http://www.ipdeny.com/ipblocks/
  
 +
You can download and store ip list in a directory and configure pf.conf
  
http://linuxgazette.net/149/unnikrishnan.html
+
Code:
 +
table <cn-block> persist file "/path/to/cn.zone"
 +
block in log quick on $ext_if from <cn-block> to any
 +
block out log quick on $ext_if from any to <cn-block>
  
https://www.dan.me.uk/blog/2009/05/24/failover-network-interfaces-in-freebsd/
 
 
By default, FreeBSD uses MD5 hashes for its encrypted passwords for users.  However, blowfish is available in all recent versions of FreeBSD and it’s really easy to change the default…
 
edit the file /etc/login.conf and change the following line:
 
:passwd_format=md5:\
 
To read the following:
 
:passwd_format=blf:\
 
Then rebuild the login database with the following command:
 
cap_mkdb /etc/login.conf
 
Now all passwords you change or set when adding a user will be encrypted using blowfish.  You can change your current password with passwd and when changed, your password will be blowfish encrypted.  Enjoy!
 
  
 
----
 
----
  
[[Pilt:Ftpcontrack1.png]]
+
hosting-sw4.FastEthernet0_18.rrd
 +
hosting-sw.FastEthernet0_18.rrd
 +
hosting-sw4.FastEthernet0_19.rrd
 +
hosting-sw.FastEthernet0_19.rrd
 +
hosting-sw4.FastEthernet0_2.rrd
 +
hosting-sw.FastEthernet0_2.rrd
 +
hosting-sw4.FastEthernet0_20.rrd
  
Serveri ja kliendi vahelise ühenduse loomine
+
Ümbernimetamise
  
*NEW => Server1 connects to Server2 issuing a SYN (Synchronize) packet.
+
for i in `ls *.rrd | grep sw4`
*RELATED => Server 2 receives the SYN packet, and then responds with a SYN-ACK (Synchronize Acknowledgment) packet.
+
do
*ESTABLISHED => Server 1 receives the SYN-ACK packet and then responds with the final ACK (Acknowledgment) packet.
+
new=`echo "$i" | sed 's/sw4/sw/g'`
 +
mv -f $i $new
 +
done
  
Client                    Server
 
------                    -------
 
SYN------------------------>
 
      <---------------------SYN-ACK
 
ACK------------------------> Mõlemapoolne ühendus loodud
 
  
 +
a lot easier:
 +
grub with entry:
 +
vmlinuz
 +
vmlinuz.old
  
----
+
in /usr/src/linux:
 +
make all modules_install install
  
http://exchange.nagios.org/directory/Uncategorized/IPMI-Sensor-Monitoring-Plugin/details
+
no problems, latest kernel will boot by default, previous kernel .old.
Nagios IPMI Sensor Monitoring Plugin
 
*it's a shell script (Bash)
 
*it uses ipmitool, gawk
 
*you can use the plugin with every IPMI-compatible server
 
*it follows the Nagios plug-in development guidelines
 
  
*Callback Lowest Privilege Level.
+
Syn floodiga võitlus bsd masinas
        Allows only initiating a callback.
 
  
*User Allows only IPMI 'begin' commands (query sensors).
+
bsd# netstat -n | grep SYN_RCVD | wc -l
    Changing the BMC configuration, writing data to the
+
    4308
  BMC, executing power on/off or reset commands is
 
  prohibited.
 
  
*Operator Allows nearly all IPMI commands. Only changes of
+
net.inet.tcp.syncookies_only=1
        out-of-band interfaces are prohibited.
+
net.inet.tcp.syncookies=1
  
*Administrator Allows all IPMI commands.
+
testimine
  
 +
hping3 -S x.x.x.x -p 80 --flood
  
I don't do a lot of audio/video stuff with my system, but the other day I had the urge to see if there was some voice synthesis software available on Linux and it turned out that I already had it installed: it's called Festival. Turns out there are a number of voice synthesis and analysis packages available.
+
# sysctl -ad | grep kern.ipc.shm_use_phys
 +
kern.ipc.shm_use_phys: Enable/Disable locking of shared memory pages in core
  
Festival is, according to the website:
+
*http://segfault.in/2010/11/decrypt-https-traffic-using-wireshark-and-key-file/
  
Festival offers a general framework for building speech synthesis systems as well as including examples of various modules. As a whole it offers full text to speech through a number APIs: from shell level, though [sic] a Scheme command interpreter, as a C++ library, from Java, and an Emacs interface. Festival is multi-lingual (currently English (British and American), and Spanish) though English is the most advanced.
+
*http://bramp.net/blog/2009/03/irq-affinity-on-freebsd/
As far as simple commands, Festival comes with two: saytime and text2wave. Saytime does what you would expect, it speaks the time (as well as outputting the spoken text to stdout). Note though, the time that is output tends to be less than specific:
 
  
$ saytime
+
Debiani boodil starditavate teenuste konfilime pseudograafilise liidesega
The time is now, just after half past 10, in the morning.
 
A wave file of the output is attached (time.wav).
 
  
The second command that comes with Festival is text2wave which converts text read from stdin to a .wav file output:
+
#apt-get install rcconf
  
$ echo Your job has completed | text2wave >job.wav
+
This will complete the installation now if you want to run this application use the following command
$ aplay job.wav
 
  
  # OR
+
  # rcconf
$ echo Your job has completed | text2wave | aplay
 
The wave file is attached (job.wav).
 
  
http://gns3.blogspot.com/2007/10/ios.html
+
[[Pilt:Rcconf.png]]
  
http://zumastor.googlecode.com/svn/branches/0.8/doc/zumastor-howto.html
+
WebDAV on HTTP laiendus, mis võimaldab il veebiserveris faile luua ja muuta. Selleabil on võimalik
 +
luua enda isiklikku serverisse mõnusa alternatiivi dropboxile
  
http://zumastor.org/man/ddsnap.8.html
+
[[Pilt:Webdav.GIF]]
  
LVM snapshots are great for being able to backup you server without taking it offline. As stated LVM snapshots are almost instant copies. You create them using the lvcreate command just as you would to create the LV itself, only you give it the --snapshot option and the original LV instead of the VG. For instance:
+
<source lang=apache>
 +
NameVirtualHost *
 +
<VirtualHost *>
 +
        ServerAdmin webmaster@localhost
  
lvcreate -L <LV size> -s -n <snapshot name> /dev/<VG name>/<LV name>
+
        DocumentRoot /var/www/web1/web/
This will create a snapshot of the given LV with the specified snapshot name that you can then mount and use this snapshot LV to perform your backup from without worrying about files being actively used. This is particularly helpful if you are attempting to backup an active database server.
+
        <Directory /var/www/web1/web/>
 +
                Options Indexes MultiViews
 +
                AllowOverride None
 +
                Order allow,deny
 +
                allow from all
 +
        </Directory>
  
After you are done with backing up from the snapshot you would want to remove it to reduce any additional I/O overhead or other performance issues as others have mentioned using:
+
        Alias /webdav /var/www/web1/web
  
lvremove /dev/<VG name>/<snapshot name>
+
        <Location /webdav>
While LVM snapshots can be invaluable in producing a reliable backup of systems like databases and such that you would normally want to shutdown to backup to avoid file contention they are not ideal for long-term operation as a quick restore.
+
          DAV On
 +
          AuthType Basic
 +
          AuthName "webdav"
 +
          AuthUserFile /var/www/web1/passwd.dav
 +
          Require valid-user
 +
      </Location>
 +
</VirtualHost>
 +
</source>
  
Although there are 'write-device' and 'copy-device' patches for RSync they only work well on small images (1-2GB). RSync will spend ages searching around for matching blocks on larger images and it's almost useless of 40GB or larger devices/files.
+
htpasswd /var/www/web1/passwd.dav 192.168.0.100\\test
  
We use the following to perform a per 1MB checksum comparison and then simply copy the content if it doesn't match. We use this to backup servers on a virtual host in the USA to a backup system in the UK, over the public internet. Very little CPU activity and snapshot performance hit is only after hours:
+
We will later on use the URL http://192.168.0.100/webdav to connect to WebDAV. When you do this on a Windows XP client and type in the user name test, Windows translates this to 192.168.0.100\test. Therefore we create a second user account now (without the -c switch because the password file is already existing):
  
Create snapshot:
+
We will now install cadaver, a command-line WebDAV client:
  
  lvcreate -i 2 -L 25G /dev/vg_kvm/company-exchange -n company-exchange-snap1
+
  apt-get install cadaver
  
export dev1='/dev/mapper/vg_kvm-company--exchange--snap1';
+
To test if WebDAV works, type:
export dev2='/dev/mapper/vg_kvm-company--exchange';
 
export remote='root@backup.company.co.za';
 
  
Initial seeding:
+
cadaver http://localhost/webdav/
  
dd if=$dev1 bs=100M | gzip -c -9 | ssh -i /root/.ssh/rsync_rsa $remote "gzip -dc | dd of=$dev2"
+
You should be prompted for a user name. Type in test and then the password for the user test. If all goes well, you should be granted access which means WebDAV is working ok. Type quit to leave the WebDAV shell:
  
Incremental nightly backup (only sends changed blocks):
+
server1:~# cadaver http://localhost/webdav/
 +
Authentication required for test on server `localhost':
 +
Username: test
 +
Password:
 +
dav:/webdav/> quit
 +
Connection to `localhost' closed.
 +
server1:~#
  
<source lang=bash>
+
http://trac.cyberduck.ch/
ssh -i /root/.ssh/rsync_rsa $remote "
 
  perl -'MDigest::MD5 md5' -ne 'BEGIN{\$/=\1024};print md5(\$_)' $dev2 | lzop -c" |
 
  lzop -dc | perl -'MDigest::MD5 md5' -ne 'BEGIN{$/=\1024};$b=md5($_);
 
    read STDIN,$a,16;if ($a eq $b) {print "s"} else {print "c" . $_}' $dev1 | lzop -c |
 
ssh -i /root/.ssh/rsync_rsa $remote "lzop -dc |
 
  perl -ne 'BEGIN{\$/=\1} if (\$_ eq\"s\") {\$s++} else {if (\$s) {
 
    seek STDOUT,\$s*1024,1; \$s=0}; read ARGV,\$buf,1024; print \$buf}' 1<> $dev2"
 
</source>
 
  
Remove snapshot:
+
http://en.wikipedia.org/wiki/OwnCloud
  
lvremove -f company-exchange-snap1
+
http://www.snuffybear.com/ucm_webdav.htm
  
https://help.ubuntu.com/community/MediaTomb
+
Are you using Find & Replace?  If so click on the "More options" button then select "Regular expressions" then retry the find.
  
 +
\t
  
Transfer file to remote computer. Return the
+
# echo "password"|openssl passwd -1 -stdin
result. Cleanup on remote. Except on local (:)
 
  
find logs/ -name '*.gz' | \
+
Sip
parallel --sshlogin server,server2,: \
 
--trc {.}.bz2 "zcat {} | bzip2 -9 >{.}.bz2"
 
  
Run gzip on the files in current dir
+
http://www.gnutelephony.org/index.php/Howto_Deploy_SIP_Witch_On_Ubuntu
Recompress .gz to .bz2
 
  
parallel gzip ::: *
+
http://ariscahyadi.wordpress.com/2009/05/02/sip-server-installation-and-configuration/
parallel "zcat {} | bzip2 >{.}.bz2” ::: *.gz
 
  
GNU Parallel is OK with less quoting
+
http://www.gnutelephony.org/index.php/GNU_SIP_Witch_configuration
parallel zcat {} “|” bzip2 “>”{.}.bz2 ::: *.gz
 
  
find . -type f | egrep "\.flac$" | parallel ffmpeg -i {} -ab 192k -acodec libmp3lame -ac 2 {.}.mp3
+
[[Pilt:P2pvsdomain.jpg]]
  
http://en.wikipedia.org/wiki/Parallel_(software)
+
Gpodder - hea linuxis podcastide tõmbaja.
  
http://hekate.homeip.net/2011/05/parallel-shell-processing/
+
[[Pilt:Gpodd.jpg]]
  
Here's an imagemagick example; over six minutes with xargs, under 20 seconds with parallel
+
http://www.iredmail.org/ üks huvitav maililahendus mida uurida.
  $ ls *.png |wc -l
 
  3580
 
  
  $ time ls|sed 's/\(.*\)\..*/\1/'|parallel convert {}.png {}.ppm
+
Ainult ühe kausta piires
  ls --color  0.00s user 0.01s system 63% cpu 0.016 total
 
  sed 's/\(.*\)\..*/\1/'  0.01s user 0.00s system 39% cpu 0.025 total
 
  parallel convert {}.png {}.ppm  97.39s user 61.87s system 890% cpu 17.883 total
 
  
  $ time ls|sed 's/\(.*\)\..*/\1/'|xargs -I {} convert {}.png {}.ppm
+
for file in *
  ls --color  0.01s user 0.00s system 63% cpu 0.016 total
+
do
  sed 's/\(.*\)\..*/\1/'  0.01s user 0.00s system 39% cpu 0.025 total
+
      iconv -f iso-8859-4 -t UTF-8 "$file" > "$file.new"
  xargs -I {} convert {}.png {}.ppm  93.08s user 47.88s system 38% cpu 6:10.88 total
+
      sleep 1
 
+
      mv -f "$file.new" "$file"
#!/bin/sh
+
      echo $file
for i in `ls asd`
 
do
 
nimi=`echo $i  | awk -F'.' '{ print $1 }'`
 
echo $nimi
 
convert asd/$i -resize 75% -quality 80% $nimi.jpg
 
 
  done
 
  done
  
*em212-l3ta-ss
+
Rekursiivselt kõik
  
http://www.randomboot.org/storage/528-open-source-storage-target-software.html
+
find * -type f -exec /home/konvert2.sh "{}" \;
  
http://scst.sourceforge.net/target_emulex.html
+
või aja järgi
  
http://marcitland.blogspot.com/2011/03/accelerating-vdi-using-scst-and-ssds.html
+
find * -mtime +100 -exec /home/konvert.sh "{}" \;
  
lpfc driver for Emulex Fibre Channel HBAs
+
Skript ise
  
http://www.google.ee/url?sa=t&source=web&cd=1&ved=0CBUQFjAA&url=http%3A%2F%2Fwww-dl.emulex.com%2Fsupport%2Flinux%2F732%2Fset.pdf&rct=j&q=emulex%20hda%20lpfc&ei=9lb-Tf2XHoO6-Aaag6kS&usg=AFQjCNFx3HdP7_O2z2rLq9TvHOi3JwEOcQ
+
iconv -f iso-8859-4 -t UTF-8 "$1" > "$file.new"
 +
sleep 1
 +
mv -f "$file.new" "$1"
 +
echo $1
  
http://www.emulex.com/downloads/emulex.html
+
----
  
http://iscsi-scst.sourceforge.net/SCST_Gentoo_HOWTO.txt
+
Turvaserveri juhendist pärit õpetussõnad
  
http://iscsi-scst.sourceforge.net/iscsi-scst-howto.txt
+
Tugevate paroolide kehtestamine
 +
Anna käsk:
 +
sudo apt-get install libpam-cracklib
 +
Sätteid saab muuta failist /etc/pam.d/common-password. Vaikimisi kehtestatab see paroolide
 +
panekul reeglid, et parooli miinimumpikkus on 8 märki (minlen=8) ja uus parool peab vanast
 +
erinema 3 märgi võrra (difok=3).
  
 +
Apticron
 +
Paigalda pakk "apticron", mis saadab meili teel teavitusi saadaolevatest turvauuendutest, mida
 +
saab konkreetsele serverile paigaldada. Anna käsk:
 +
sudo apt-get install apticron
 +
Vaikimisi saadetakse teavitused kasutajale "root". Muutmiseks anna käsk:
 +
sudo dpkg-reconfigure apticron
  
http://www.geek.com/articles/gadgets/feature-how-to-build-and-customize-your-own-pbx-with-asterisk-20080812/ asteriskist juttu
+
LUBA SSH JUURDEPÄÄS AINULT VOLITATUD KASUTAJATELE
 +
1. Tekita grupp "sshusers", kuhu kuuluvad ainult need kasutajad, kellel peaks olema
 +
juurdepääs üle SSH
 +
2. Lisa SSH konfiguratsioonifaili rida "AllowGroups sshusers"
 +
3. Lisa faili /etc/group sektsioon "sshusers" ja pane sinna volitatud kasutajad
  
mpt0 uurimiseks freebsd keskkonnas
+
KEELA JUURKASUTAJANA SISSELOGIMINE
 +
Asenda rida "PermitRootLogin yes" reaga "PermitRootLogin no".
 +
NB! Kui varundamise vm jaoks on vaja root-juurdepääsu, siis kasuta direktiivi "PermitRootLogin
 +
forced-commands-only".
  
  # /usr/sbin/mptutil show drives
+
Suid- ja sgid-bitiga binaarfailid
  mpt0 Physical Drives:
+
Failide leidmiseks anna käsk:
  da0 (  68G) ONLINE <FUJITSU MBA3073RC 0103> SAS bus 0 id 1
+
  sudo find / -perm 4000 -o -perm 2000
  da1 ( 1863G) ONLINE <WDC WD2003FYYS-0 1D01> SATA bus 0 id 2
+
  Suid/sgid biti eemaldamiseks anna käsk:
  da2 ( 1863G) ONLINE <WDC WD2003FYYS-0 1D01> SATA bus 0 id 3
+
sudo chmod -s <fail>
  da3 ( 1863G) ONLINE <WDC WD2003FYYS-0 1D01> SATA bus 0 id 4
+
Eemaldamisel tuleb lähtuda igast failist eraldi. Selleks, et paki uuendamisel suid-bitt tagasi ei
 +
tuleks, tuleb deb-põhistes distributsioonides need bitid eemaldada permanentselt, kasutades
 +
utiliiti deb-statoverride. Näiteks kui käsku "at" ei kasutata, saab selle eemaldada järgmiselt:
  
 +
sudo dpkg-statoverride --add root root 755 /usr/bin/at
 +
sudo chown root:root /usr/bin/at
 +
sudo chmod 755 /usr/bin/at
  
In  blockio mode, it defines a mapping between a "Logical Unit Number"
+
Teavitused juurkasutaja sisselogimisest
<lun> and a given block device <device>. This mode will perform direct
+
Konfigureeri süsteem nii, et ta saadaks meili iga kord, kui keegi logib root-kasutajana sisse. Selleks
block i/o with the device, bypassing page-cache for all operations. This
+
redigeeri faili /root/.bashrc (kui on kasutusel Bash) ja lisa sinna järgmine rida:
allows for efficient handling of non-aligned sector transfers (virtualized 
+
  echo -e "Serverisse `hostname` on loginud (`date`)\n`who`" | mail -s "Root
environments) and large block transfers (media servers). This mode works ideally
+
logis serverisse `date`" kasutaja@server.ee
with high-end storage HBAs and for applications that either do not need caching
 
between application and disk or need the large block throughput.
 
  
 +
Portide konfigureerimine
 +
Kõikide kuulavate TCP- ja UDP-portide kuvamiseks anna käsk:
 +
sudo lsof -i -n | egrep 'COMMAND|LISTEN|TCP|UDP'
 +
Portide sulgemiseks eemalda pordinumbrile vastavat võrguteenust pakkuv pakk või keela võrgus
 +
kuulamine muul viisil. Sulgeda ei tohi järgmisi deemoneid või protsesse, mis on vajalikud X-tee
 +
tööks:
 +
Andmekogu turvaserver (xtee-producerproxy): TCP 5555
 +
Infosüsteemi (consumer) Apache: TCP 80 või 443
 +
Infosüsteemi või andmekogu turvaserveri veebiliides: TCP 3000
 +
SSH: nagu ülalpool konfigureeritud
 +
ntpd: UDP *:123
 +
named: localhost, oma port
 +
postfix: localhost, oma port
  
http://www.burlaca.com/2009/02/alivelog/ vajab uurimist
 
  
http://www.instalinux.com/ linuxi autoinstaller.
 
  
apt-get install l7-filter-userspace
 
  
l7-filter-userspace
+
----
  
Jälgimiseks super hea iptraf pakett.
+
Videokonverents on
  
# cat /usr/local/bin/mailq_filter
+
...süsteem, mis lubab teatud tehnoloogia vahendusel üle audio-video
#!/bin/bash
+
silla suhelda samaaegselt erinevates geograafilises puktides viibivatel inimestel.
 
if [[ "$1" == "-l" ]]
 
then
 
  LONG='" " err'
 
fi
 
mailq | awk "BEGIN{ RS = \"\n\n\"};
 
{
 
  gsub(/\n/,\" \");
 
  match(\$0, /\(.*\)/);
 
  err = substr(\$0, RSTART, RLENGTH);
 
  sub(/\(.*\)/, \"->\", \$0);
 
  if( \$1 != \"--\") \$2 = \"\";
 
  gsub(/  */, \" \");
 
  print \$0 $LONG
 
}"
 
  
Mailq kirjutab iga kirja kohta vähemalt 3 rida. Seega skript mis teeb väljundi üherealiseks.
+
Videokonverentsi ajalugu
See väljastab ühel real mail ID kuupäev saatja ->  saajad. Kui lisada võti '-l' (nagu long), siis paneb kõige lõppu ka Postfixi veateate, mispärast see deferredis istub.
 
  
Nüüd saab näiteks selliseid otsinguid korraldada:
+
1956 aastal demonstreeris AT&T ideed ühendada hääl ja pilt – üks kaader iga kahe sekundi tagant.
 +
1964 aastal loodi esimene pilti ja heli edastav toode nimega Picturephone.
 +
1980-ndatel digitaalse telefoni (ISDN) tulekuga said videokonverentsi süsteemide arendus tuule tiibadesse.
  
$ mailq_filter | grep "\.com ->  .*\.com"
+
Eesti akadeemilistesse ringkondadesse jõudis videokonverents 1996 aasta septembris kui Sidetehnika messil toimus esimene videokonverents Tallinna Pedagoogika Ülikooli ja Tallinna Tehnikaülikooli vahel. Videokonverents toimus üle ISDN ühenduse.  
 +
Tartusse jõudsid videokonverentsi võimalused 1998 aastal.
  
 +
Videokonverentsi võimalikud süsteemid
  
 +
Tarkvarapõhised (desktop videoconferences)
 +
VK toimub tarkvara vahendusel.
 +
Spetsiaaltarkvara – Polycom, PVX, MS Netmeeting, EVO.
 +
Tavaline audio-video suhtlemiseks mõeldud tarkvara – Skype, MSN, Google talk jms.
 +
(Sõltuvalt VK-st, on vaja lisaks veebikaamerat, mikrofoni, kõrvaklappe.)
  
Selleks, et vabaneda liiga vanadest kirjetest tabelites on olemas järgnev käsk.
+
Veebipõhised
 +
Tarkvara asub keskses serveris kust kasutajad saavad teda kodulehe vahendusel kasutada.
 +
(Näiteks Codian, mida kasutavad ka Eesti haridusasutused)
  
# /sbin/pfctl -t jobud -Te 86400
+
Täpilised domeeninimed
No ALTQ support in kernel
 
ALTQ related functions disabled
 
15/15 addresses expired.
 
  
Aeg tuleb anda sekundites. Seejärel kustutatakse tabelist kõik 24 tundi vanad ja vanemad kirjed.
+
ACE kodeering:
ps: Pacet Filteri reloadimine kustutab ka tabelite sisu. Flushitakse kõik peale olekute.
+
xn--(ASCII märgid)-(kodeeritud Unicode märgid)
  
Krüpteerime/dekrüpteerime faili
+
jäääär.ee xn--jr-viaaaa.ee
  
# openssl aes-128-cbc -salt -in file -out file.aes
+
jüriöö.ee xn--jri-unaa6a.ee
# openssl aes-128-cbc -d -salt -in file.aes -out file
 
  
PS: Fail võib olla suvaline tar, jpg, avi jne
+
ženja.saša.ee xn--enja-kbb.xn--saa-1za.ee
  
Pakime kokku ja krüpteerime/dekrüpteeirme terve kausta
 
  
# tar -cf - directory | openssl aes-128-cbc -salt -out directory.tar.aes   
 
# openssl aes-128-cbc -d -salt -in directory.tar.aes | tar -x -f -         
 
  
Tarime, zipime ja krüpteerime/dekrüpteerime kataloogi
+
PMC-64/66 PMC-SCI Adapter Card
  
# tar -zcf - directory | openssl aes-128-cbc -salt -out directory.tar.gz.aes
+
http://dev.mysql.com/doc/refman/5.0/en/mysql-cluster-interconnects.html
# openssl aes-128-cbc -d -salt -in directory.tar.gz.aes | tar -xz -f -     
 
  
Selleks, et vältida interaktiivset parooliküsimust tuleb anda parameetrina juurde
+
http://docs.oracle.com/cd/E17952_01/refman-5.1-en/mysql-cluster-sci-sockets.html
-k minuparool peale aes-128-cbc rida. Muidugi on see ebaturvaline lähememine
 
  
Tugevamat krüpteerimist vajades võib kasutada aes-128 asemel aes-256-cbc. See nõuab
+
http://www.linuxtopia.org/online_books/database_guides/mysql_5.1_database_reference_guide/sci-sockets.html
samas rohkem cpu jõudlust.
 
  
===Mõned abiks olevad programmid===
+
http://ww.dolphinics.no/download/D_3_4_0_LINUX_DOC/ Linuxi manual.
  
*mplex -- Command-line utility that combines multiple audio and video streams into an mpeg file.
+
----
*dvdauthor -- Command-line utility that makes a DVD filesystem from mpeg files.
 
*growisofs -- Command-line CD/DVD burning utility.
 
*tovid -- A collection of command-line scripts that automate detection of video type and transcoding to mpeg format.
 
  
*avidemux2 -- GUI for extracting audio and video.
 
*DVD::rip -- GUI for ripping, copying, burning DVDs.
 
*K3B -- KDE GUI for CD/DVD burning.
 
  
 +
muidu kui kasutada softi raidi jne ning ei ole suurt vajadust linuxi järgi ilmtingimata, siis soe soovitus on OpenIndiana, RAID-Z ja ZFS. Kui iSCSI peamine meetod, siis tõesti OpenIndiana kuna ZFS eelis on see, et sa saad mega mõnsalt jagada kohe iSCSI targetitena välja või win mount või nfs või ...
  
===Kuidas konvertida DVD9 ümber DVD9 formaati===
+
aga solarises on zfs optsioonid sharemise jaoks FreeBSDs pole sama implementatsiooni. see jah solarise enda osa mis bindib servicetega
  
k9copy
+
osol ja solaris jooksid paralleelis siis kui solarise kood kinni löödi Oracle poolt
 +
siis tehti OI kui kloon OSOL-st ja jätkati sõltumatut arendust
 +
nagu aru saan, siis Oracle teeb putbacke peale igat full reliisi aga mitte vahepeal,
 +
need siis integreeritakse tõenäoliselt ka OI-sse
  
http://www.dvd-guides.com/guides/linux/213-how-to-copy-dvd9-to-dvd5-using-k9copy
+
niiet osol edasi ei arene afaik, areneb OI mida nad teha tahavad on aja jooksul vahetada kõik kinnised tükid (illumos kernel asenduseks jne) iSCSI on suht integraalne osa Solarisest kuna selle peal töötavad nii Suni NAS kastid kui ka Nexenta jne http://openindiana.org/
  
https://help.ubuntu.com/community/K9Copy
+
ainuke osa mis mulle solarise ja derivaatide puhul ei meeldinud on installimine linuxi puhul suht triviaalne pxe püsti panna ja unattended install teha solarise puhul on see automated installer aga see on paras porr, et seda käima saada. ma lõpuks loobusin ja tegin käsi installid üle remote connectioni ISO imagete kaudu
  
http://linux-hacks.blogspot.com/2008/06/converting-dvd9-to-dvd5-in-linux.html
+
http://goodingredients.org/ingredients/index.html headest komponentidest valmib maitsev toit!
  
http://www.linuxquestions.org/questions/linux-software-2/dvd9-to-dvd5-guide-244913/
+
http://blog.doylenet.net/?p=46
  
===Kuidas konvertida DVD ümber AVI formaati===
+
[[Pilt:Soraburg.png]]
  
http://www.togaware.com/linux/survivor/AcidRip_Simple.html
+
graafiline bootloader burg
  
http://fixounet.free.fr/avidemux/
+
Jan 8 16:07:52 vwclub imap[16435]: SQUAT failed to open index file Jan 8 16:07:52 vwclub imap[16435]: SQUAT failed
  
===Kuidas konvertida AVI ümber DVD formaati===
+
It means that a client did a SEARCH on the mailbox and a SQUAT index file (created by squatter which accelerates SEARCH) wasn't found, so the SEARCH proceeded by scanning the messages themselves.
  
http://www.linuxquestions.org/linux/answers/Applications_GUI_Multimedia/AVI_to_DVD
+
If you want to get rid of the message, either stop logging at th debug level, or create a squat index for mailboxes that get frequently searched.
  
 +
saslauthd
 +
-c            Enable credential caching.
  
MySQL-i projektist kõrvalharuna välja kasvanud Drizzle on piisavalt küpseks saanud ning jõudnud avalikkuse ette. Tegemist on toimiva alternatiiviga Oracle omanduses olevale MySQL-ile - üsnagi sarnaselt OpenOffice.org ja LibreOffice vastasseisule. Nüüd on ümberpakendatud tasuta andmebaasimootor valmis ning Drizzle arendajad plaanivad seda pakkuma hakata kõikidele Linuxi distributsioonidele.
+
The caching layer caches the username, realm, service, and an md5 hash of the
 +
> passwords for all authentication mechanisms (LDAP, rimap, PAM, etc). It's
 +
> been tested it on RedHat 7.2 Alpha and RedHat 7.3 Intel. I've also only been
 +
> able to compile the modifications using the unix IPC option
  
http://www.minut.ee/article.pl?sid=11/03/17/2251218&mode=nested&threshold=-1
+
with appropriate values for the username and password should do the trick.
http://en.wikipedia.org/wiki/Drizzle_(database_server)
 
http://drizzle.org/
 
  
Täienduseks veel, et portsus on üllatuseks täiesti olemas http://www.freebsd.org/cgi/url.cgi?ports/databases/drizzle/pkg-descr
+
# testsaslauthd -u test -p parool1
Gentoos on olemas kolm versiooni (kõik hetkel maskitud aga see pole meid varem kunagi seganud). Debiani/Ubuntu
+
0: OK "Success."
peale ei hakanud vaatamagi, kui juba Gentoos ja FreeBSDs olemas siis imestaksin väga kui seal pole :)
 
  
Debianis on Drizzle pakk aasta jagu olemas olnud, aga stabiilsesse
+
Luckily the PAM stack has a way to cache the password information through the use of the PAM module libpam-ccreds. In short terms this module stores the password hash if a user has correctly authenticated through the PAM LDAP module. If the LDAP server is later unavailable to PAM, it uses ccred's locally cached credentials to authenticate the user.
riliisi pole seda siiski veel lisatud. Drizzle on ikka väga erinev
 
arendus juba, seda lihtsalt MySQL-i asemel ei julgeks kasutada.
 
  
Kui jõudluseprobleemid vaevavad, siis drop-in alternatiividena tasuks
+
http://blog.doylenet.net/?p=236
vaadata neid asju:
 
http://www.percona.com/software/percona-server/
 
http://mariadb.org/
 
http://ourdelta.org/
 
  
By default, most disk drives cache writes in internal memory before actually committing them to the disk.
+
KQEMU was a Linux kernel module, also written by Fabrice Bellard, which notably sped up emulation of x86 or x86-64 guests on platforms with the same CPU architecture. This was accomplished by running user mode code (and optionally some kernel code) directly on the host computer's CPU, and by using processor and peripheral emulation only for kernel mode and real mode code.
 +
Unlike KVM, for example, KQEMU could execute code from many guest OSes even if the host CPU did not support hardware virtualization.
  
This behavior can make it more likely to trigger inconsistencies on a filesystem using soft updates in case of a power failure. One can disable this feature by adding the following in /boot/loader.conf;
+
http://www.linux-kvm.org/page/BSD
  
Set ata devices to write-through cache.
+
Programming Without Coding Technology (PWCT) http://radicalbreeze.com/
hw.ata.wc="0"
 
  
If InnoDB is used on a ZFS file system, the following tuning are necessary:
+
http://www.aboutdebian.com/compile.htm kompileerimisest
On the ZFS filesystem block size will be chosen to match the 16kB used by InnoDB:
 
This operation must be done before MySQL start for the first time or create files, otherwise the block size used will be the one configured when the various files are created.
 
zfs set recordsize=16K system/services/mysql
 
  
sysctl tuunimised FreeBSD süsteemis
+
LibreOffice
  
Allow normal users to mount filesystems.
+
Tobedad mustad raamid teksti ümber
  vfs.usermount=1
+
  view->text boundaries
 +
linnuke eest ära lihtsalt
  
Speed up disk reads.
+
Muudatuste näitamise sise või välja lülitamiseks
  vfs.read_max=32
+
  edit -> changes -> show
  
Enable port forwarding (for NAT in pf.conf)
+
http://en.wikipedia.org/wiki/Entity%E2%80%93attribute%E2%80%93value_model
net.inet.ip.forwarding=1
+
http://www.magentocommerce.com/knowledge-base/entry/magento-for-dev-part-7-advanced-orm-entity-attribute-value
  
Mõned vajalikud rc.confi seadistused
+
<source lang=apache>
 +
ClamavTmpdir /var/tmp/
 +
ClamavDbdir /usr/share/clamav
 +
ClamavSafetypes image/jpg
 +
ClamavMode daemon
 +
ClamavSocket /var/clamd
 +
ClamavTrickleInterval 10
 +
ClamavTrickleSize 1024
 +
ClamavSizelimit 1000000
 +
ClamavShm /var/log/clam/clamav.shm
 +
ClamavMutex /var/log/clam/clamav.lock
 +
ClamavAcceptDaemonproblem on
 +
ClamavExtendedLogging on
 +
LogFormat "%t %!304{clamav:status}n %{clamav:details}n %{clamav:virusname}n
 +
request=\"%r\", status=%>s, sent=%!304b, delay=%!304D" clamav_stats
 +
CustomLog logs/scan_log clamav_stats
 +
# make sure proxy data is filtered
 +
<Proxy *>
 +
SetOutputFilter CLAMAV
 +
</Proxy>
 +
# define the location for status information
 +
<Location /clamav>
 +
SetHandler clamav
 +
allow from all
 +
</Location>
 +
</source>
  
smartd_enable="YES"                     # Check Harddisk health       
+
<source lang=php>
blanktime="NO"                         # Wait forever
+
ClamavMessage "\
 +
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">\
 +
<html>\
 +
<head>\
 +
<title>%i found virus</title>\
 +
</head>\
 +
<body text=\"#000000\" bgcolor=\"#ffffff\">\
 +
<basefont size=\"4\">\
 +
<h1><center>%i found virus</center></h1>\
 +
<p>The virus <b>%v</b> was found while downloading <i>%u</i>.\
 +
The transfer has been aborted.</p>\
 +
</basefont>\
 +
</body>\
 +
</html>\
 +
"  
 +
</source>
  
Selleks, et reboodil ei jääks fsck ootama y klahvi vajutust
+
Täpitähtedega domeenid Apache konfis idna formaadis http://idna-converter.com/ Näiteks:
  
fsck_y_enable="YES"
+
Põhimõtted
 +
*DNS-ga tagasiühilduv
 +
*ei mõjuta alumisi protokolle
 +
*uued märgid Unicode kooditabelist
  
The boot process can be customized in the /boot/loader.conf file, to show a nice menu with beastie:
+
ACE kodeering:
# Boot menu
 
loader_logo="beastie"
 
  
----
+
xn--(ASCII märgid)-(kodeeritud Unicode märgid)
  
Packet filter ja IPV6
 
  
Kui reeglis ei ole sõna inet, siis käib sama reegel nii ipv4 kui ipv6 kohta. Näiteks need:
+
*õpetaja -> xn--petaja-oxa
  
block in log quick on $ext_if from <global_deny_in> label "global_deny_in"
+
Virtualhost näeb välja selline:
block in log quick on $ext_if from any to <server_block_out>
 
block log on $kontor_if all label "blocked_kontor"
 
  
Aadresside võrdlemine on pf-il loomulikult intelligentne, s.t. ipv4 aadress tähendab ühtlasi ka ipv4 protot.  
+
<VirtualHost 192.168.1.20:80>
 +
  ServerName xn--petaja-oxa.edu.ee
 +
  ServerAlias www.xn--petaja-oxa.edu.ee
 +
  ServerAdmin eenet@eenet.ee
 +
  DocumentRoot /srv/www/
 +
</VirtualHost>
  
----
+
*jäääär.ee xn--jr-viaaaa.ee
 +
*jüriöö.ee xn--jri-unaa6a.ee
 +
*ženja.saša.ee xn--enja-kbb.xn--saa-1za.ee
  
Veebiserverite võrdlus
 
  
http://nbonvin.wordpress.com/2011/03/14/apache-vs-nginx-vs-varnish-vs-gwan/
 
----
 
  
Linuxi wõrgutuuning
+
/etc/locate.rc faili kirjutasin
 +
PRUNEPATHS="/tmp /usr/tmp /var/tmp /var/db/portsnap /srv"
  
Kõigepealt parema kiiruse saavutamiseks vajalik. Optimeeritud puhuks,
+
/etc/periodic.conf faili kirjutasin
kus mõlemad pooled on gigabiti otsas. Mõju on kohati päris suur, näiteks
+
daily_clean_tmps_dirs="/tmp /var/tmp"
testi puhul kasvas kiirus 500Mbit/s -> 750 MBit/s
 
võrreldes vaikeväärtustega.
 
  
TCP akna mõõdud. Normaaljuhul ei tohiks min väärtust nii suureks keerata
+
(oli ainult /var/tmp)
(default on 4k) ja max väärtuse veel suuremaks ajamisest pole minu
 
katsetuste põhjal kasu. Ühest küljest konservatiivne ja teisest küljest
 
mitteahistav valik võiks olla 4k <midagi> 2M.
 
net.ipv4.tcp_rmem = 131072 1048576 2097152
 
net.ipv4.tcp_wmem = 131072 1048576 2097152
 
net.core.rmem_default = 1048576
 
net.core.wmem_default = 1048576
 
net.core.rmem_max = 2097152
 
net.core.wmem_max = 2097152
 
  
Vastuvõtva järjekorra suurus (saatmisjärjekord seevastu peaks olema
+
Käsurealt ütlesin
lühike, seal on liigne puhverdamine kahjulik)
+
zfs set setuid=off srv
  net.core.netdev_max_backlog = 10000
+
  zfs set exec=off srv
  
Need on jällegi gigabitist maksimumi pigistamiseks, tavaolukorras las
+
(siis ta ei otsi öösiti setuid programme /srv pealt)
jäävad pigem sisselülitatuks.
 
net.ipv4.tcp_timestamps = 0
 
net.ipv4.tcp_dsack = 0
 
net.ipv4.tcp_sack = 0
 
 
 
Serveri puhul on suure ühenduste arvu teenindamiseks vaja suuremaks
 
keerata järgmisi asju:
 
fs.file-max
 
net.ipv4.tcp_max_orphans
 
net.ipv4.tcp_max_tw_buckets
 
Sõltuvalt masinast
 
net.ipv4.tcp_mem
 
Ja kui iptablesi reeglid on conntracki käima tõmmanud siis ka
 
net.netfilter.nf_conntrack_max
 
 
 
Lisaks veel, interruptide sidumise konkreetse tuuma külge teeb
 
tavaliselt ära irqbalance, ise kruvimise huvi korral saab seda /proc/irq
 
kaudu. Protsesside sidumiseks tuumaga on käsud taskset ja schedtool --
 
viimane oskab ka palju muud huvitavat.
 
  
 
----
 
----
  
Sorteerime top 10 suuremat kausta
+
Silla loomine:
  
  $ du | sort -nr | head -10
+
  # /usr/sbin/brctl addbr br0
  
----
+
MAC aadressi genereerimine:
  
 
+
#!/bin/bash
Universaalne frontend haldamiseks, mis võib reegleid genereerida mitme
+
# generate a random mac address for the qemu nic
erineva backendi tarbeks.
+
printf 'DE:AD:BE:EF:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256))
http://www.fwbuilder.org/
 
 
 
Linuxi otsa arendatav ruuteri/tulemüüri produkt. Core on täitsa prii.
 
http://www.vyatta.com/downloads/index.php
 
  
 
----
 
----
  
https://www.slashorg.net/read-141-IPv6-routing-using-FreeBSD.html
+
Moniti näidiskonf
näiteks SSH lubamine: pass in on $ipv6_if inet6 proto tcp from $ext_server to any port 22 keep state
 
  
Polling http://www.cyberciti.biz/faq/freebsd-device-polling-network-polling-tutorial/
+
check process freeradius with pidfile "/var/run/radiusd/radiusd.pid"
 +
  start = "/usr/local/etc/rc.d/radiusd start"
 +
  stop = "/usr/local/etc/rc.d/radiusd stop"
 +
  if failed host 192.168.1.1 port 1812 type UDP  then restart
 +
 +
  if cpu usage is greater than 60 percent for 2 cycles then alert
 +
  if cpu usage > 90% for 5 cycles then restart
 +
  if totalmem usage > 40% for 5 cycles then restart
 +
 +
  if 3 restarts within 4 cycles then timeout
 +
 
 +
Dambjuuseritele hää saata:
 +
 
 +
Each line you type at the Unix shell consists of a command optionally followed by some arguments , e.g.
 +
 
 +
  ls -l /etc/passwd
 +
  |  |    |
 +
cmd  arg1  arg2
  
 
----
 
----
  
Kaks IP aadressi kahe erineva GW läbi ehk erinevatest võrkudest
 
  
*IP 193.40.0.75 netmask 255.255.255.240
+
#Turn on Public key authentication
*ruuter 193.40.0.65
+
PubkeyAuthentication yes
*võrk 193.40.0.0/28
+
  AuthorizedKeysFile      .ssh/authorized_keys
 
 
  # cat /etc/conf.d/local.start
 
 
   
 
   
  # teine ip aadress
+
  #Disable .rhost and normal password authentication
ifconfig eth2 193.40.0.75 netmask 255.255.255.240
+
  HostbasedAuthentication no
+
  PasswordAuthentication no
ip route add 193.40.0.0/28 dev eth2 src 193.40.0.75 table admin
+
  PermitEmptyPasswords no
ip route add default via 193.40.0.65 dev eth2 table admin
 
   
 
  ip rule add from 193.40.0.75/32 table admin
 
  ip rule add to 193.40.0.75/32 table admin
 
  
----
+
Võtme genereerimine
  
http://www.cyberciti.biz/faq/freebsd-device-polling-network-polling-tutorial/ polling
+
# /usr/bin/ssh-keygen -t dsa
  
http://rlworkman.net/howtos/OpenBSD_pf_guide.html hea manual
+
Võtme lisamine serverisse. Selleks tuleb id_rsa sisu kopeerida
 +
kasutaja alla faili .ssh/authorized_keys
  
----
+
# cat id_rsa.pub | ssh admin@systeem.ee "cat >> .ssh/authorized_keys"
  
http://prefetch.net/articles/monitoringpf.html pf tabelitest graafikute joonistamine.
+
Windowsis saab kasutada võtme loomiseks putty nimelist utiliiti.
  
http://en.wikipedia.org/wiki/DGen
+
FreeBSDs on see vaikimisi poliitikaks. Linuxis tuleb seda täiendavalt seadistada
  
http://undeadly.org/cgi?action=article&sid=20060927091645
+
#Disable root login. Users have to su to root
 +
PermitRootLogin no
 +
 +
#Only allow userin the wheel or admin group to login
 +
AllowGroups wheel admin
  
http://www.probsd.net/pf/index.php/Main_Page
+
----
  
http://forge.mysql.com/wiki/MySQL_Proxy
 
  
databases/mysql-proxy
+
http://wiki.apache.org/httpd/HttpreadyAcceptFilter FreeBSD apache kiirendamine.
  
15.6.6.1: In load balancing, how can I separate reads from writes?
+
----
  
There is no automatic separation of queries that perform reads or writes to the different backend servers. However, you can specify to mysql-proxy that one or more of the “backend” MySQL servers are read only.
+
http://www.youtube.com/watch?v=rJ2wGOaMRnA
  
shell> mysql-proxy \
+
http://blogs.balabit.com/2011/05/20/logstash/
--proxy-backend-addresses=10.0.1.2:3306 \
 
--proxy-read-only-backend-addresses=10.0.1.3:3306 &
 
  
 +
Graylog2 is an open source syslog implementation that stores your logs in MongoDB. It consists of a server written in Java that accepts your syslog messages via TCP or UDP and stores it in the database. The second part is a Ruby on Rails web interface that allows you to view the log messages.
  
6.6.4: Can I run MySQL Proxy as a daemon?
+
http://logstash.net/
  
Use the --daemon option. To keep track of the process ID, the daemon can be
+
logstash is a tool for managing events and logs. You can use it to collect logs, parse them, and store them for later use (like, for searching). Speaking of searching, logstash comes with a web interface for searching and drilling into all of your logs.
started with the --pid-file=file option to save the PID to a known file name.  
 
On version 0.5.x, the Proxy cannot be started natively as a daemon.
 
  
http://agiletesting.blogspot.com/2009/04/mysql-load-balancing-and-read-write.html
 
  
http://www.centric-it.com/2009/05/11/simple-mysql-replication-cluster-with-load-balancer-on-the-slaves/
+
Logstash and Graylog2 are playing very well together and get more and more acceptance in the rising Devops scene these days. Logstash for collecting, processing and forwarding of logs to Graylog2 - Which is then used for analyzing, reporting and monitoring.
  
http://barkingiguana.com/2008/07/20/load-balanced-highly-available-mysql-on-ubuntu-804/
 
  
http://www.freebsd.org/cgi/man.cgi?query=ng_netflow&sektion=4&manpath=FreeBSD+6.0-RELEASE
+
http://logstash.net/docs/1.0.9/outputs/gelf
  
kldload netgraph.ko
+
http://code.google.com/p/logstash/wiki/GettingStartedCentralized
kldload ng_ether.ko
 
kldload ng_tee.ko
 
ngctl -f - << SEQ
 
    mkpeer em0: tee lower left
 
    name em0:lower tee
 
    connect tee: em0: right upper
 
 
 
    mkpeer tee: netflow left2right iface0
 
    name tee:left2right netflow
 
    connect tee: netflow: right2left iface1
 
 
 
    mkpeer netflow: ksocket export inet/dgram/udp
 
    name netflow:export ksocket
 
    msg ksocket: connect inet/89.252.34.107:3434
 
SEQ
 
  
http://hep.kbfi.ee/index.php/SITIO/SITIO
+
http://logstash.net/docs/1.0.17/getting-started-simple
  
for (( i=0; i<10; i++ )); do killall -u kasutaja -s USR2 apache2; sleep 1200; done
 
  
Kui tahad ööpäev vanad kirjad ära visata, on vist lihtsam postfixi konfida
+
http://www.voneicken.com/courses/ucsb-cs290i-wi02/papers/Concept_Apache_Arch.htm huvitav artikkel Apache ehitusest. Tasub lugeda.
  
maximal_queue_lifetime (default: 5d)
+
sata on edaspidi ja tagurpidi ühilduv. Ehk sata 1 ja sata 3 sobivad nii vanadele kui uutele masinatele.
bounce_queue_lifetime (default: 5d)
+
 
 +
----
  
* Tuleks sundida asutusi vastama tundmatutele kasutajatele 5XX koodiga. Värske näide:
+
'''tunnelid ja wifi pettus'''
  
F3B2F246B42    5420 Fri May 25 20:44:32  MAILER-DAEMON
+
http://www.xs4all.nl/~rsmith/
(host mail.lavakas.ee[193.40.56.98] said: 450 4.1.1 <dwlavakasm@lavakas.ee>: Recipient address  rejected: User unknown in local recipient table (in reply to RCPT TO command))
 
                                        dwlavakasm@lavakas.ee
 
  
4XX tähendab, et meie vahendaja hoiab kirja mitu päeva alles ja üritab korduvalt sitta edasi saata.  
+
Huvitav lahendus, mida vahel lennujaamas või muus avatud, kuid tasulises wifi levialas rakendada:
 +
http://thomer.com/howtos/nstx.html
  
PS. Igasugu ägedaid asju on võimalik teha, näiteks ICMP rate ära limiteerida -
+
Lühidalt:
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
+
tihti olevat nimetatud wifi piirkondades DNS päringud lubatud, kuid muu liiklus blokeeritakse, kuni raha on tasutud. NSTX tunneldab kogu IP liikluse läbi DNS protokolli, pettes niiviisi wifi tulemüüri ära.
(samamoodi saab TCP SYN floodi limiteerida)
 
  
Nüüd on leiutatud rünnakud, millega on võimalik eemalt võrgukaardi firmware üle võtta ja panna kaart tegema mida hing ihkab. Arusaadavalt on tarkvara sedasorti rünnakute vastu võimetu - nagu esimesena viidatud jutust lugeda võib, minnakse niimoodi rahulikult läbi ka armastatud CheckPointi tulemüürist.
+
See on umbes üheksa aastat vana lahendus ja ma pole kindel, kas see tänapäeval enam päästab. Sama lugu IPoICMP-ga, ICMP on vahel muidu täiesti lahtistest võrkudes lollakalt kinni keeratud.
  
http://www.links.org/?p=330
+
NSTX näiteks ei sisalda mingit autentimist.
http://www.eusecwest.com/speakers.html#PhlashDance
 
  
Protsessi keskkond FreeBSD's
+
----
  
ps uewwwp 1403
+
http://www.thesitewizard.com/general/set-cron-job.shtml
ps: Process environment requires procfs(5)
 
USER  PID %CPU %MEM  VSZ  RSS  TT  STAT STARTED      TIME COMMAND
 
root  1403  0.0  0.2 25520  6820  ??  S    2:06PM  0:00.29  /usr/local/sbin/smbd -D -s  /usr/local/etc/smb.conf
 
ymiseja# mount -t procfs proc /proc
 
ymiseja# ps uewwwp 1403
 
USER  PID %CPU %MEM  VSZ  RSS  TT  STAT STARTED      TIME COMMAND
 
root  1403  0.0  0.2 25520  6820  ??  I    2:06PM  0:00.29 HOME=/ PATH=/sbin:/bin:/usr/sbin:/usr/bin  RC_PID=22 PWD=/ /usr/local/sbin/smbd -D -s /usr/local/etc/smb.conf
 
  
 +
http://misc.allbsd.de/Vortrag/EuroBSDCon_2007//Robert_Watson/20070914-security-features.pdf mac
  
lihtne funktsioon, mis vahetab kaks faili omavahel:
+
http://screamingelectron.org/forum/showthread.php?t=2809
  
function xchg {
+
http://joekuan.wordpress.com/2010/05/09/quick-tutorial-on-how-to-create-a-freebsd-system-startup-script/ teeme oma rc skripti bsd's
  if test -f "$1" -a -f "$2" ; then
 
    if mv "$1" "tmp:xchg" && mv "$2" "$1" && mv "tmp:xchg" "$2"; then
 
      echo "  $1 <-> $2"
 
    else
 
      echo "Failed to xchg: $1 <-> $2"
 
    fi
 
  else
 
    echo "Usage: xchg file1 file2"
 
  fi
 
}
 
  
 +
http://www.mhaller.de/archives/145-Nagios,-mod_security-and-check_http.html vaja seda uurida
  
TMP automaatseks kustutamiseks FreeBSDs /etc/periodic.conf:
+
http://www.citi.umich.edu/u/provos/honeyd/
daily_clean_tmps_enable="YES"
 
daily_clean_tmps_dirs="/var/tmp"
 
daily_clean_tmps_days="7"
 
  
Tänapäeval loetakse turvaauguks, kui bind laseb rekursiivseid päringuid
 
võõrastel teha. Soovitatakse
 
  
options {
+
http://linuxgazette.net/149/unnikrishnan.html
  allow-recursion { localnets; localhost; };
 
  allow-query-cache { localnets; localhost; };
 
};
 
  
http://support.menandmice.com/jforum/posts/list/25.page
+
https://www.dan.me.uk/blog/2009/05/24/failover-network-interfaces-in-freebsd/
  
RH Enterprise Virtualization on KVM-i kommertsialiseeritud versioon, mida koos enterprais-haldusliidesega müüakse.
+
By default, FreeBSD uses MD5 hashes for its encrypted passwords for users. However, blowfish is available in all recent versions of FreeBSD and it’s really easy to change the default…
Allpool viidatud dokument on aga huvitav selle poolest, et väidetavalt suudab mitme virtuaalmasina peale määritud rakendus riistvara ressursi paremini ära kasutada, kui samale rakendusele kogu riista otse kätte andes. http://www.redhat.com/f/pdf/rhev/DOC034R3-LAMP-Scaling.pdf
+
edit the file /etc/login.conf and change the following line:
 +
:passwd_format=md5:\
 +
To read the following:
 +
:passwd_format=blf:\
 +
Then rebuild the login database with the following command:
 +
cap_mkdb /etc/login.conf
 +
Now all passwords you change or set when adding a user will be encrypted using blowfish. You can change your current password with passwd and when changed, your password will be blowfish encrypted. Enjoy!
  
Kõrvataha panemiseks, kui kunagi vaja peaks olema. Mingi tegelane korjas netist kokku hunniku erinevaid regexpe ja testis neid kõiksugu korrektsete ja vigaste e-postiaadressite suhtes, et selgitada välja parimat: http://fightingforalostcause.net/misc/2006/compare-email-regex.php
+
----
  
Google uuring mäluvigadest http://www.zdnet.com/blog/storage/dram-error-rates-nightmare-on-dimm-street/638
+
[[Pilt:Ftpcontrack1.png]]
  
Staatiline veeb
+
Serveri ja kliendi vahelise ühenduse loomine
  
Kuskil oli sellest just hiljaaegu juttu, et see on uus trend. Nüüd komistasin ka mingi innovaatilise töövahendi otsa, mis põhimõtteliselt kasutab MVC põhimõtet sisu loomiseks, kuid genereerib nendest staatilised veebilehed, mis salvestatakse HTML-ina eraldi kausta.
+
*NEW => Server1 connects to Server2 issuing a SYN (Synchronize) packet.
Kasutada saab kõiksugu aspekte, alates templaatidest, kuni partialite ja helperiteni välja.
+
*RELATED => Server 2 receives the SYN packet, and then responds with a SYN-ACK (Synchronize Acknowledgment) packet.
 +
*ESTABLISHED => Server 1 receives the SYN-ACK packet and then responds with the final ACK (Acknowledgment) packet.
  
http://staticmatic.rubyforge.org/
+
Client                    Server
 +
------                    -------
 +
SYN------------------------>
 +
      <---------------------SYN-ACK
 +
ACK------------------------> Mõlemapoolne ühendus loodud
  
Veebiserveri testimise vahendid
 
  
1. ab        http://httpd.apache.org/docs/2.2/programs/ab.html
+
----
2. httest    http://htt.sourceforge.net/
 
3. httperf  http://code.google.com/p/httperf/
 
4. webbench  http://home.tiscali.cz/~cz210552/webbench.html
 
5. siege    http://www.joedog.org/index/siege-home
 
6. jmeter    http://kuutorvaja.eenet.ee/wiki/JMeter
 
  
To compress a big video file, movie.avi and split it into multiple files, each size up to 12MB,
+
http://exchange.nagios.org/directory/Uncategorized/IPMI-Sensor-Monitoring-Plugin/details
rar a -m5 -v12m myarchive movie.avi
+
Nagios IPMI Sensor Monitoring Plugin
A list of files (myarchive.part1.rar, myarchive.part2.rar, ..) will be created in current directory.
+
*it's a shell script (Bash)
You may change the compression quality, -m5 is the best and the slowest, while -m0 do no compression at all (-m3 is default).
+
*it uses ipmitool, gawk
If you prefer the old file naming style (myarchive.rar, myarchive.r00, myarchive.r01, ..), add one extra switch -vn before the archive name.
+
*you can use the plugin with every IPMI-compatible server
To uncompress the files (myarchive.part1.rar, myarchive.part2.rar, ..),
+
*it follows the Nagios plug-in development guidelines
rar e myarchive.part1.rar
 
  
===Sissejuhatus===
+
*Callback Lowest Privilege Level.
 +
        Allows only initiating a callback.
  
===Bindi seadistus===
+
*User Allows only IPMI 'begin' commands (query sensors).
 +
    Changing the BMC configuration, writing data to the
 +
  BMC, executing power on/off or reset commands is
 +
  prohibited.
  
Selleks ,et nimeserveris domeen siduda ipv6 aadressiga on vaja kasutada AAAA kirjet
+
*Operator Allows nearly all IPMI commands. Only changes of
 +
        out-of-band interfaces are prohibited.
  
Näiteks
+
*Administrator Allows all IPMI commands.
  
www6 AAAA mingi_ipv6_aadress
 
  
 +
I don't do a lot of audio/video stuff with my system, but the other day I had the urge to see if there was some voice synthesis software available on Linux and it turned out that I already had it installed: it's called Festival. Turns out there are a number of voice synthesis and analysis packages available.
  
http://forskningsnett.uninett.no/ipv6/IPv6hostsfreebsd.html
+
Festival is, according to the website:
  
===Lingid===
+
Festival offers a general framework for building speech synthesis systems as well as including examples of various modules. As a whole it offers full text to speech through a number APIs: from shell level, though [sic] a Scheme command interpreter, as a C++ library, from Java, and an Emacs interface. Festival is multi-lingual (currently English (British and American), and Spanish) though English is the most advanced.
 +
As far as simple commands, Festival comes with two: saytime and text2wave. Saytime does what you would expect, it speaks the time (as well as outputting the spoken text to stdout). Note though, the time that is output tends to be less than specific:
  
http://www.eenet.ee/EENet/ipv6.html
+
$ saytime
 +
The time is now, just after half past 10, in the morning.
 +
A wave file of the output is attached (time.wav).
  
http://www.ipv6.estpak.ee/?tunnel
+
The second command that comes with Festival is text2wave which converts text read from stdin to a .wav file output:
  
http://math.ut.ee/~mroos/ipv6/ipv6fw.pdf
+
$ echo Your job has completed | text2wave >job.wav
 +
$ aplay job.wav
  
http://6to4.version6.net/
+
# OR
 +
$ echo Your job has completed | text2wave | aplay
 +
The wave file is attached (job.wav).
  
http://vallaste.ee/index.htm?Type=UserId&otsing=2308
+
http://gns3.blogspot.com/2007/10/ios.html
  
http://www.hot.ee/mego1/materjalid/interneti_referaat.htm
+
http://zumastor.googlecode.com/svn/branches/0.8/doc/zumastor-howto.html
  
http://www.hot.ee/raffas/ipv6fw.pdf
+
http://zumastor.org/man/ddsnap.8.html
  
http://math.ut.ee/~mroos/ipv6/
+
LVM snapshots are great for being able to backup you server without taking it offline. As stated LVM snapshots are almost instant copies. You create them using the lvcreate command just as you would to create the LV itself, only you give it the --snapshot option and the original LV instead of the VG. For instance:
  
http://www.inet6.dk/firewall.html
+
lvcreate -L <LV size> -s -n <snapshot name> /dev/<VG name>/<LV name>
 +
This will create a snapshot of the given LV with the specified snapshot name that you can then mount and use this snapshot LV to perform your backup from without worrying about files being actively used. This is particularly helpful if you are attempting to backup an active database server.
  
---
+
After you are done with backing up from the snapshot you would want to remove it to reduce any additional I/O overhead or other performance issues as others have mentioned using:
  
Võrk rc.conf
+
lvremove /dev/<VG name>/<snapshot name>
 +
While LVM snapshots can be invaluable in producing a reliable backup of systems like databases and such that you would normally want to shutdown to backup to avoid file contention they are not ideal for long-term operation as a quick restore.
  
 +
Although there are 'write-device' and 'copy-device' patches for RSync they only work well on small images (1-2GB). RSync will spend ages searching around for matching blocks on larger images and it's almost useless of 40GB or larger devices/files.
  
HOSTNAME="test_db"
+
We use the following to perform a per 1MB checksum comparison and then simply copy the content if it doesn't match. We use this to backup servers on a virtual host in the USA to a backup system in the UK, over the public internet. Very little CPU activity and snapshot performance hit is only after hours:
eth0="eth0 192.168.100.2 netmask 255.255.255.0 broadcast 192.168.100.255"
 
INTERFACES=(eth0)
 
gateway="default gw 192.168.100.1"
 
ROUTES=(gateway)
 
  
Mitu kaarti
+
Create snapshot:
  
  INTERFACES=(eth1 eth0)
+
  lvcreate -i 2 -L 25G /dev/vg_kvm/company-exchange -n company-exchange-snap1
  
Uuendab andmebaasi pakkidel
+
export dev1='/dev/mapper/vg_kvm-company--exchange--snap1';
 +
export dev2='/dev/mapper/vg_kvm-company--exchange';
 +
export remote='root@backup.company.co.za';
  
pacman -Syy
+
Initial seeding:
  
uuendused teeb
+
dd if=$dev1 bs=100M | gzip -c -9 | ssh -i /root/.ssh/rsync_rsa $remote "gzip -dc | dd of=$dev2"
  
pacman -Su
+
Incremental nightly backup (only sends changed blocks):
  
Paketi paigaldamine
+
<source lang=bash>
 
+
ssh -i /root/.ssh/rsync_rsa $remote "
pacman -S openssh
+
  perl -'MDigest::MD5 md5' -ne 'BEGIN{\$/=\1024};print md5(\$_)' $dev2 | lzop -c" |
 
+
  lzop -dc | perl -'MDigest::MD5 md5' -ne 'BEGIN{$/=\1024};$b=md5($_);
sshd käivitamine
+
    read STDIN,$a,16;if ($a eq $b) {print "s"} else {print "c" . $_}' $dev1 | lzop -c |
 +
ssh -i /root/.ssh/rsync_rsa $remote "lzop -dc |
 +
  perl -ne 'BEGIN{\$/=\1} if (\$_ eq\"s\") {\$s++} else {if (\$s) {
 +
    seek STDOUT,\$s*1024,1; \$s=0}; read ARGV,\$buf,1024; print \$buf}' 1<> $dev2"
 +
</source>
 +
 
 +
Remove snapshot:
 +
 
 +
lvremove -f company-exchange-snap1
 +
 
 +
https://help.ubuntu.com/community/MediaTomb
  
/etc/rc.d/sshd start
 
  
Info paketi kohta
+
Transfer file to remote computer. Return the
 +
result. Cleanup on remote. Except on local (:)
  
  #  pacman -Si mysql
+
  find logs/ -name '*.gz' | \
  Repository    : extra
+
  parallel --sshlogin server,server2,: \
  Name          : mysql
+
  --trc {.}.bz2 "zcat {} | bzip2 -9 >{.}.bz2"
Version        : 5.1.54-1
 
URL            : http://www.mysql.com/
 
Licenses      : GPL
 
Groups        : None
 
Provides      : None
 
Depends On    : mysql-clients
 
Optional Deps  : perl-dbi
 
                  perl-dbd-mysql
 
Conflicts With : None
 
Replaces      : None
 
Download Size  : 7856.18 K
 
Installed Size : 68804.00 K
 
Packager      : Andrea Scarpino <andrea@archlinux.org>
 
Architecture  : x86_64
 
Build Date    : Mon 03 Jan 2011 06:14:49 PM EET
 
MD5 Sum        : 507d442b82e53eb09dbb37c3b3ad836a
 
Description    : A fast SQL database server
 
  
Mysql serveri installimiseks
+
Run gzip on the files in current dir
 +
Recompress .gz to .bz2
  
  # pacman -S mysql
+
  parallel gzip ::: *
  # /etc/rc.d/mysqld start && mysql_secure_installation
+
  parallel "zcat {} | bzip2 >{.}.bz2” ::: *.gz
  
Vaikimisi seadistatud /etc/hosts.allow tühi ja hosts.deny kõiki ühendusi blokeerima.
+
GNU Parallel is OK with less quoting
 +
parallel zcat {} “|” bzip2 “>”{.}.bz2 ::: *.gz
  
/etc/rc.conf faili täiendada
+
find . -type f | egrep "\.flac$" | parallel ffmpeg -i {} -ab 192k -acodec libmp3lame -ac 2 {.}.mp3
  
DAEMONS=(syslog-ng network netfs crond mysqld sshd)
+
http://en.wikipedia.org/wiki/Parallel_(software)
  
 +
http://hekate.homeip.net/2011/05/parallel-shell-processing/
  
A Socket is the place where you plug in the CPU.
+
Here's an imagemagick example; over six minutes with xargs, under 20 seconds with parallel
So normaly you use:
+
  $ ls *.png |wc -l
cores: 1
+
  3580
socket: 1
 
  
Not to beat the subject to death, but let me ask this as well.  
+
  $ time ls|sed 's/\(.*\)\..*/\1/'|parallel convert {}.png {}.ppm
Assuming the sofrware license is for one CPU and in the computer
+
  ls --color  0.00s user 0.01s system 63% cpu 0.016 total
I have 2 quad core CPUs. Can I tell KVM 1 CPU Socket with 8 Socket/Cores?
+
  sed 's/\(.*\)\..*/\1/'  0.01s user 0.00s system 39% cpu 0.025 total
 +
  parallel convert {}.png {}.ppm  97.39s user 61.87s system 890% cpu 17.883 total
  
---
+
  $ time ls|sed 's/\(.*\)\..*/\1/'|xargs -I {} convert {}.png {}.ppm
 +
  ls --color  0.01s user 0.00s system 63% cpu 0.016 total
 +
  sed 's/\(.*\)\..*/\1/'  0.01s user 0.00s system 39% cpu 0.025 total
 +
  xargs -I {} convert {}.png {}.ppm  93.08s user 47.88s system 38% cpu 6:10.88 total
  
Use TCP syn-proxy for mysql port - normally when a client initiates a TCP connection to a mysql server, PF will pass the handshake packets between the two endpoints as they arrive. PF has the ability, however, to proxy the handshake. With the handshake proxied, PF itself will complete the handshake with the client, initiate a handshake with the server, and then pass packets between the two. The benefit of this process is that no packets are sent to the server before the client completes the handshake. This eliminates the threat of spoofed TCP SYN floods affecting the server because a spoofed client connection will be unable to complete the handshake.
+
#!/bin/sh
 +
for i in `ls asd`
 +
do
 +
nimi=`echo $i  | awk -F'.' '{ print $1 }'`
 +
echo $nimi
 +
convert asd/$i -resize 75% -quality 80% $nimi.jpg
 +
done
  
pass in on $ext_if proto tcp from any to $mysql_server port 3306 flags S/SA synproxy state
+
*em212-l3ta-ss
 +
 
 +
http://www.randomboot.org/storage/528-open-source-storage-target-software.html
 +
 
 +
http://scst.sourceforge.net/target_emulex.html
 +
 
 +
http://marcitland.blogspot.com/2011/03/accelerating-vdi-using-scst-and-ssds.html
 +
 
 +
lpfc driver for Emulex Fibre Channel HBAs
  
Google tegi Apachele mooduli, mis sisaldab hunnikut filtreid lehekülgede järeltoimetamiseks, et brauserisse laadimine oleks kiirem:
+
http://www.google.ee/url?sa=t&source=web&cd=1&ved=0CBUQFjAA&url=http%3A%2F%2Fwww-dl.emulex.com%2Fsupport%2Flinux%2F732%2Fset.pdf&rct=j&q=emulex%20hda%20lpfc&ei=9lb-Tf2XHoO6-Aaag6kS&usg=AFQjCNFx3HdP7_O2z2rLq9TvHOi3JwEOcQ
  
*http://googlewebmastercentral.blogspot.com/2010/11/make-your-websites-run-faster.html
+
http://www.emulex.com/downloads/emulex.html
*http://code.google.com/intl/et-EE/speed/page-speed/docs/using_mod.html
 
*http://web-tech.ga-usa.com/2010/11/using-compiling-mod_pagespeed-for-apache-and-freebsd/
 
  
Host/Subnet Quantities Table
+
http://iscsi-scst.sourceforge.net/SCST_Gentoo_HOWTO.txt
  
Class B                  Effective  Effective
+
http://iscsi-scst.sourceforge.net/iscsi-scst-howto.txt
# bits        Mask        Subnets    Hosts
 
-------  ---------------  ---------  ---------
 
  1      255.255.128.0          2    32766
 
  2      255.255.192.0          4    16382
 
  3      255.255.224.0          8      8190
 
  4      255.255.240.0          16      4094
 
  5      255.255.248.0          32      2046
 
  6      255.255.252.0          64      1022
 
  7      255.255.254.0        128      510
 
  8      255.255.255.0        256      254
 
  9      255.255.255.128      512      126
 
  10    255.255.255.192      1024        62
 
  11    255.255.255.224      2048        30
 
  12    255.255.255.240      4096        14
 
  13    255.255.255.248      8192        6
 
  14    255.255.255.252    16384        2
 
 
Class C                  Effective  Effective
 
# bits        Mask        Subnets    Hosts
 
------- ---------------  ---------  ---------
 
  1      255.255.255.128      2        126
 
  2      255.255.255.192      4        62
 
  3      255.255.255.224      8        30
 
  4      255.255.255.240    16        14
 
  5      255.255.255.248    32          6
 
  6      255.255.255.252    64          2
 
  
C klass 193.40.45.0/24
 
  
# gw ise 193.40.45.1/245 (cisco)
+
http://www.geek.com/articles/gadgets/feature-how-to-build-and-customize-your-own-pbx-with-asterisk-20080812/ asteriskist juttu
# ruuteri esimene kaart 193.40.45.2/252 (2 aadressiga võrk, st niipalju läheb kaduma)
 
# ruuteri teine kaart 193.40.45.32/192 (62 aadressi)
 
# teisel kaardil olev klient 193.40.45.34/192 ja gw 193.40.0.32
 
  
Ja
+
mpt0 uurimiseks freebsd keskkonnas
  
  gateway_enable="YES"
+
  # /usr/sbin/mptutil show drives
 +
mpt0 Physical Drives:
 +
  da0 (  68G) ONLINE <FUJITSU MBA3073RC 0103> SAS bus 0 id 1
 +
  da1 ( 1863G) ONLINE <WDC WD2003FYYS-0 1D01> SATA bus 0 id 2
 +
  da2 ( 1863G) ONLINE <WDC WD2003FYYS-0 1D01> SATA bus 0 id 3
 +
  da3 ( 1863G) ONLINE <WDC WD2003FYYS-0 1D01> SATA bus 0 id 4
  
Traceroute
 
  
  # traceroute www.ut.ee
+
In blockio mode, it defines a mapping between a "Logical Unit Number"
traceroute to www.ut.ee (193.40.5.73), 64 hops max, 52 byte packets
+
<lun> and a given block device <device>This mode will perform direct
  1  193.40.45.32 (193.40.45.32) 0.364 ms  0.373 ms  0.352 ms
+
block i/o with the device, bypassing page-cache for all operations. This
  2  193.40.45.1 (193.40.45.1)  0.785 ms
+
allows for efficient handling of non-aligned sector transfers (virtualized  
  3  ut-gw1.bb.eenet.ee (193.40.133.210)  1.269 ms 1.189 ms  1.141 ms
+
environments) and large block transfers (media servers). This mode works ideally
  4 sein.ut.ee (193.40.12.10) 1.088 ms  1.221 ms  1.203 ms
+
with high-end storage HBAs and for applications that either do not need caching
  5  ak-gw.ut.ee (193.40.12.14)  1.171 ms  1.321 ms  1.051 ms
+
between application and disk or need the large block throughput.
  6  www.ut.ee (193.40.5.73)  1.135 ms  1.025 ms *
 
  
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml lisalugemiseks klassidest ja ruutingust.
 
  
IPMI seadistamine FreeIPMI abil.
+
http://www.burlaca.com/2009/02/alivelog/ vajab uurimist
 +
 
 +
http://www.instalinux.com/ linuxi autoinstaller.
 +
 
 +
apt-get install l7-filter-userspace
 +
 
 +
l7-filter-userspace
 +
 
 +
Jälgimiseks super hea iptraf pakett.
  
Salvestame hetke ipmi seadistusfaili kettale nimega ipmi.conf
 
  
# bmc-config --checkout --filename=ipmi.conf
+
Krüpteerime/dekrüpteerime faili
  
Teeme muudatused failis ja laadime selle tagasi ipmi seadmesse
+
# openssl aes-128-cbc -salt -in file -out file.aes
 +
# openssl aes-128-cbc -d -salt -in file.aes -out file
  
# bmc-config --commit -f ipmi.conf
+
PS: Fail võib olla suvaline tar, jpg, avi jne
ERROR: Failed to commit `Lan_Conf:MAC_Address': Read Only Field
 
  
Errorit võib ignoreerida.
+
Pakime kokku ja krüpteerime/dekrüpteeirme terve kausta
  
  # bmc-config -D open -o --section=User2       
+
  # tar -cf - directory | openssl aes-128-cbc -salt -out directory.tar.aes   
  Section User2
+
  # openssl aes-128-cbc -d -salt -in directory.tar.aes | tar -x -f -        
## Give Username
 
Username                                      admin
 
## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
 
## Password                                 
 
## Possible values: Yes/No or blank to not set
 
## Enable_User                               
 
## Possible values: Yes/No
 
Lan_Enable_IPMI_Msgs                          Yes
 
## Possible values: Yes/No
 
Lan_Enable_Link_Auth                          Yes
 
## Possible values: Yes/No
 
Lan_Enable_Restricted_to_Callback            Yes
 
## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
 
  Lan_Privilege_Limit                          Administrator
 
## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
 
## Lan_Session_Limit                         
 
## Possible values: Yes/No
 
SOL_Payload_Access                            No
 
EndSection
 
  
I’ve got a FreeBSD system which is lacking some of the tools which I’ve gotten used to having, whether from Linux or Solaris.
+
Tarime, zipime ja krüpteerime/dekrüpteerime kataloogi
  
I’ll often use the GNU tool seq to iterate through things on the command line… for example, if I’m going to ping 192.168.1.20-40, I might, at my bash prompt,
+
# tar -zcf - directory | openssl aes-128-cbc -salt -out directory.tar.gz.aes
 +
# openssl aes-128-cbc -d -salt -in directory.tar.gz.aes | tar -xz -f -      
  
for i in `seq 20 40`; do ping 192.168.1.${i}; done
+
Selleks, et vältida interaktiivset parooliküsimust tuleb anda parameetrina juurde
 +
-k minuparool peale aes-128-cbc rida. Muidugi on see ebaturvaline lähememine
  
Quite handy, though FreeBSD doesn’t have it, and I haven’t installed whatever port contains it.
+
Tugevamat krüpteerimist vajades võib kasutada aes-128 asemel aes-256-cbc. See nõuab
 +
samas rohkem cpu jõudlust.
  
So… I’ll use jot, now that I’ve once again looked up what it is and how it works.
+
===Mõned abiks olevad programmid===
  
The equivalent line to that above?
+
*mplex -- Command-line utility that combines multiple audio and video streams into an mpeg file.
 +
*dvdauthor -- Command-line utility that makes a DVD filesystem from mpeg files.
 +
*growisofs -- Command-line CD/DVD burning utility.
 +
*tovid -- A collection of command-line scripts that automate detection of video type and transcoding to mpeg format.
  
for i in `jot 21 20`; do ping 192.168.1.${i}; done
+
*avidemux2 -- GUI for extracting audio and video.
 +
*DVD::rip -- GUI for ripping, copying, burning DVDs.
 +
*K3B -- KDE GUI for CD/DVD burning.
  
Mis ubuntu serveril viga ?
 
  
Lühidalt saan seda ühe sõnaga öelda -- upstart :-)
+
===Kuidas konvertida DVD9 ümber DVD9 formaati===
  
Natukese pikemalt kirjeldades on lugu selline, et upstart käivitab
+
k9copy
teenuseid sõltuvalt teatud tingimustest (teiste tööde käivitamisest ja
 
süsteemi olekust tingitud sündmused jms) ning võimalikult paralleelselt.
 
Osad asjad aga hakkavad selle tulemusel aeg-ajalt katki minema.
 
  
Paar huvitavat bugi sel teemal:
+
http://www.dvd-guides.com/guides/linux/213-how-to-copy-dvd9-to-dvd5-using-k9copy
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/543506?comments=all
 
https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/478392
 
  
Kirjutada tõrvajasse apache seadistamise probleemidest FreeBSD opsüsteemis.
+
https://help.ubuntu.com/community/K9Copy
  
Kasutaja loomise skript
+
http://linux-hacks.blogspot.com/2008/06/converting-dvd9-to-dvd5-in-linux.html
  
adduser.sh
+
http://www.linuxquestions.org/questions/linux-software-2/dvd9-to-dvd5-guide-244913/
<source lang=bash>
+
 
#!/usr/local/bin/bash
+
===Kuidas konvertida DVD ümber AVI formaati===
+
 
if [ "$ID" == "0" ]; then
+
http://www.togaware.com/linux/survivor/AcidRip_Simple.html
        echo Must be root for now.
+
 
        exit 1
+
http://fixounet.free.fr/avidemux/
fi
+
 
+
===Kuidas konvertida AVI ümber DVD formaati===
echo "----- ----- ----- -----"
+
 
echo "kirjuta kasutajanimi:"
+
http://www.linuxquestions.org/linux/answers/Applications_GUI_Multimedia/AVI_to_DVD
read username
+
 
echo "kirjuta grupinimi kuhu kasutaja lisatakse:"
+
 
read grp
+
MySQL-i projektist kõrvalharuna välja kasvanud Drizzle on piisavalt küpseks saanud ning jõudnud avalikkuse ette. Tegemist on toimiva alternatiiviga Oracle omanduses olevale MySQL-ile - üsnagi sarnaselt OpenOffice.org ja LibreOffice vastasseisule. Nüüd on ümberpakendatud tasuta andmebaasimootor valmis ning Drizzle arendajad plaanivad seda pakkuma hakata kõikidele Linuxi distributsioonidele.
echo "kirjuta ees ja perenimi:"
+
 
read userfullname
+
http://www.minut.ee/article.pl?sid=11/03/17/2251218&mode=nested&threshold=-1
+
http://en.wikipedia.org/wiki/Drizzle_(database_server)
while [ $pass1 != $pass2 ]
+
http://drizzle.org/
do
 
  echo "...."
 
  echo "parool #1:"
 
  read -s pass1
 
  echo "parool #2:"
 
  read -s pass2
 
done
 
 
echo $username $grp $userfullname # $pass1 $pass2
 
 
echo "----- ----- ----- -----"
 
 
cp /usr/home/samba/netlogon/k.bat /usr/home/samba/netlogon/"$username".bat
 
 
echo $pass1 | pw add user $username -c "$userfullname" -d "/usr/home/$grp/$username" -G $grp -m -s \
 
/usr/local/bin/bash -h0 (echo $pass1; echo $pass1 ) | smbpasswd -s -a $username
 
chmod 750 /usr/home/$grp/$username
 
</source>
 
  
Väikekooli arvutivõrku sobiv konf
+
Täienduseks veel, et portsus on üllatuseks täiesti olemas http://www.freebsd.org/cgi/url.cgi?ports/databases/drizzle/pkg-descr
 +
Gentoos on olemas kolm versiooni (kõik hetkel maskitud aga see pole meid varem kunagi seganud). Debiani/Ubuntu
 +
peale ei hakanud vaatamagi, kui juba Gentoos ja FreeBSDs olemas siis imestaksin väga kui seal pole :)
  
Võrk ise
+
Debianis on Drizzle pakk aasta jagu olemas olnud, aga stabiilsesse
 +
riliisi pole seda siiski veel lisatud. Drizzle on ikka väga erinev
 +
arendus juba, seda lihtsalt MySQL-i asemel ei julgeks kasutada.
  
  [ COMP1 ]    [ COMP3 ]
+
Kui jõudluseprobleemid vaevavad, siis drop-in alternatiividena tasuks
      |            |                             
+
vaadata neid asju:
  ---+------+-----+------- em0 [ Server ] em0 -------- ( Internet )
+
http://www.percona.com/software/percona-server/
            |
+
http://mariadb.org/
        [ COMP2 ]
+
http://ourdelta.org/
  
tulemüüri fail meeles tuleb pidada, et reegleid tuleb kirjutada sellises järjestuses
+
By default, most disk drives cache writes in internal memory before actually committing them to the disk.
  
* MAKROS. Makrod ehk anname maakeeli muutujatele väärtusi, näiteks
+
This behavior can make it more likely to trigger inconsistencies on a filesystem using soft updates in case of a power failure. One can disable this feature by adding the following in /boot/loader.conf;
* TABLES, tabelid milles hoiame igasuguseid põnevaid ja pahasid IP aadresse
 
* GLOBAL OPTIONS globaalsed ühendustele seatavad seaded
 
* TRAFFIC NORMALIZATION
 
* QUEUEING RULES, liikluse prioritiseerimiseks mõeldud järjekorrad
 
* TRANSLATION RULES (ehk NAT)
 
* FILTER RULES, ehk siis reeglid mis keelvad ja lubavad ühendusi, näiteks lubame kõik liikluse igas suunas selliselt
 
  
  pass in log all keep state
+
Set ata devices to write-through cache.
  pass out log all keep state
+
hw.ata.wc="0"
 +
 
 +
If InnoDB is used on a ZFS file system, the following tuning are necessary:
 +
On the ZFS filesystem block size will be chosen to match the 16kB used by InnoDB:
 +
This operation must be done before MySQL start for the first time or create files, otherwise the block size used will be the one configured when the various files are created.
 +
zfs set recordsize=16K system/services/mysql
 +
 
 +
sysctl tuunimised FreeBSD süsteemis
 +
 
 +
Allow normal users to mount filesystems.
 +
vfs.usermount=1
  
Reaalne seadistusfail
+
Speed up disk reads.
 +
vfs.read_max=32
  
<source lang=bash>
+
Enable port forwarding (for NAT in pf.conf)
# välimine (rl0) ja sisemine (em0) võrguseade
+
  net.inet.ip.forwarding=1
  ext_if="rl0"
+
 
int_if="em0"
+
Mõned vajalikud rc.confi seadistused
+
 
  icmp_types = "echoreq"
+
  smartd_enable="YES"                     # Check Harddisk health       
+
  blanktime="NO"                         # Wait forever
# arvutiklassi IP aadressid
 
  klass="{192.168.1.201, 192.168.1.202, 192.168.1.203 }"
 
 
set skip on lo0
 
# set optimization high-latency # aeglastel võrkudel
 
set optimization aggressive
 
set timeout tcp.established 7200
 
set timeout { udp.first 20, udp.single 5, udp.multiple 30 }
 
set limit states 1000000 # vaikimisi 10000, pool miljonit ei tohiks tänapäeval mingi number olla
 
 
scrub in all
 
scrub out all random-id max-mss 1440
 
 
# suuname kogu veebiliikluse squid vahendusserverile
 
rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128
 
 
# NAT välisvõrgust
 
nat on $ext_if inet from 192.168.0.0/16 to any -> ($int_if:0)
 
  
 
+
Selleks, et reboodil ei jääks fsck ootama y klahvi vajutust
# blokeerime esialgu kõik
 
block log all label "blocked"
 
 
# vaatame, et sisevõrgust saaks ühenduda vaid meie enda mailiserveriga, see vähendab rämpsposti teadmatut saatmist
 
pass in quick on $int_if inet proto tcp from $int_if:network to 192.168.1.1 port 25 keep state
 
block in quick on $int_if inet proto tcp from $int_if:network to any port 25
 
 
# blokeerime arvutiklassis toimuva õppetöö jaoks ühe ohtliku aadress :)
 
block in quick on $int_if inet proto tcp from $klass to 58.35.11.23
 
 
#spoofikaitse
 
antispoof for $ext_if inet
 
 
# lubame vaid ühe icmp tüübi, ehk pingi
 
pass in inet proto icmp all icmp-type $icmp_types
 
 
# avame serverile hulga porte teenuste kasutamiseks
 
pass in on $ext_if proto tcp from any to $ext_if port 22 keep state label "ssh"
 
pass in on $ext_if proto tcp from any to $ext_if port 80 keep state label "www"
 
pass in on $ext_if proto tcp from any to $ext_if port 25 keep state label "mail"
 
pass in on $ext_if proto tcp from any to $ext_if port 143 keep state label "imap"
 
pass in on $ext_if proto tcp from any to $ext_if port 443 keep state label "https"
 
pass in on $ext_if proto tcp from any to $ext_if port 993 keep state label "imaps"
 
 
# lubame välja kõik tcp ja udp ühendused
 
pass out on $ext_if all keep state
 
</source>
 
  
Parandusideed vormistamise mõttes:
+
fsck_y_enable="YES"
  
1. rakendaksin selgelt vaikimisi block reeglid kõigil suundadel (st neljal suunal kui tal on kaks liidest)
+
The boot process can be customized in the /boot/loader.conf file, to show a nice menu with beastie:
 +
# Boot menu
 +
loader_logo="beastie"
  
2. kasutaksin tag'isid, nii on lihtsam tihedat tulemüüri kirjeldada
+
----
  
http://kuutorvaja.eenet.ee/wiki/Kahe_v%C3%B5rgukaardiga_aadressteisendav_tulem%C3%BC%C3%BCr
+
Packet filter ja IPV6
  
---
+
Kui reeglis ei ole sõna inet, siis käib sama reegel nii ipv4 kui ipv6 kohta. Näiteks need:
 
Jälle noSQL rindelt teateid, kuid seekord pisut teise suunitlusega.
 
  
GlusterFS alternatiivina võiks äkki kaaluda Facebooki arendatud Cassandrat:
+
block in log quick on $ext_if from <global_deny_in> label "global_deny_in"
http://cassandra.apache.org/
+
block in log quick on $ext_if from any to <server_block_out>
 +
block log on $kontor_if all label "blocked_kontor"
  
Niipalju kui mina aru sain, siis see on neil (ja Diggil ja Twitteril ja Redditil jne) kasutusel, et talletada terabaite andmeid klastrisse, nii et see on kättesaadav igast nodest ja ka kirjutatav igast nodest (lihtsalt proxytakse, kuhu vaja), samas on selle peamine eesmärk skaleeruvus (O(1)) ja huvitaval kombel, tehnoloogilistel põhjustel on kirjutamine isegi kaks suurusjärku kiirem kui lugemine, mis võrreldes nt MySQL-iga on ka suurusjärgu võrra kiirem.
+
Aadresside võrdlemine on pf-il loomulikult intelligentne, s.t. ipv4 aadress tähendab ühtlasi ka ipv4 protot.  
  
Cassandrale on pea kõigis levinuimates keeltes kõrgtaseme-teegid ja läbi Thrifti veel tosinale keelele madala-taseme teegid.
+
----
  
Tuunida saab CAP (Consistency, Availability, Partition tolerance) osas korraga kahe väärtuse nõuet, nt konsistentsuse vajaduse puhul nõuda, et 1/2 + 1 vajalikest koopiatest oleks alati kirjutatud, enne kui operatsioon lõpetab jne.
+
Veebiserverite võrdlus
  
Kirjelduse järgi tundub, et Cassandra sobiks väga hästi klastris kasutamiseks, eriti juhul, kui igast nodest on vaja kogu andmehulgale kiiresti ligi pääseda.  
+
http://nbonvin.wordpress.com/2011/03/14/apache-vs-nginx-vs-varnish-vs-gwan/
 +
----
  
Ainuke miinus on, et see tähendaks failidesse kirjutamise asemel pisukest progemistööd rakenduse arendajale. Esmane guugeldamine ei andnud ka tulemust, et keegi näiteks FUSE peal Cassandra failisüsteemiga valmis oleks saanud (mõnel oli vaid idee).
+
----
  
PS. kui failisüsteem oleks olemas, siis võiks isegi mõelda, et KVM masinate sisemised kettad niiviisi kokku ühendada ja moodustada terviklik storage masinate endi kõhus. Kui masinaid on piisavalt palju (nt 4-5) peaks selline süsteem isegi 1-2 hosti kokkuvarisemise üle elama.
+
Sorteerime top 10 suuremat kausta
  
---
+
$ du | sort -nr | head -10
  
Väga huvitav andmete salvestamise meetod on "dokumendiadmebaas", mille keyword guugeldamiseks on noSQL.
+
----
  
Tegemist on andmebaasidega, mis ei ole relatsioonilised, st objektide vahel ei ole otseselt seoseid, igaüks moodustab ise tervikliku dokumendi koos kõikide väärtustega. Andmebaas ei ole tihti normaalkujul (vahel vähendatakse normaalsust meelega - denormaliseerimine), objektid vastavad enamasti üks-ühele mingisuguse andmestruktuuriga programmeerimiskeeles - sellest dokument.
 
  
Näiteks sellistest: Redis, Memcached (kuigi see on rohkem cache, kui admebaas), MongoDB jt.
+
Universaalne frontend haldamiseks, mis võib reegleid genereerida mitme
Neist viimane on väga huvitav, kuna on iseenesest JavaScripti objektide hoidla (JSON), millega suhtlemine käib JavaScripti kaudu (loomulikult on sellele teegid kõikidesse peamistesse progekeeltesse ka olemas). Kiirustestides on ta ikka tohutult kiirem kui MySQL ja isegi Memcachedil sammub kannul või mõnes testis ka kiirem, olles samas ikkagi täisväärtuslik, indekseeritud andmebaas.
+
erineva backendi tarbeks.
 +
http://www.fwbuilder.org/
  
http://www.mongodb.org/
+
Linuxi otsa arendatav ruuteri/tulemüüri produkt. Core on täitsa prii.
 +
http://www.vyatta.com/downloads/index.php
  
Kõige silmatorkavam erinevus relatsioonilise baasiga on selles, et kahel ühes "kollektsioonis" oleval objektil ei pruugi mitte ükski atribuut kokku langeda ja atrbuutide väärtused võivad olla mh ka massiivid.
+
----
  
Kes hakkab asja vastu lähemat huvi tundma, siis esimene segadust tekitav koht nende dokumentatsioonis oli minu jaoks Map/Reduce selgitus. See on MongoDB töövahend, mis keedab mune, peseb autot ja toob lapse lasteaiast ära. Kahjuks dokumentatsiooni järgi läks mul kaua aega, enne kui pihta sain, kuidas seda kasutada.
+
https://www.slashorg.net/read-141-IPv6-routing-using-FreeBSD.html
 +
näiteks SSH lubamine: pass in on $ipv6_if inet6 proto tcp from $ext_server to any port 22 keep state
  
Map/Reduce kasutusvaldkonnaks on näiteks artiklite kogumi pealt kõigi tag-ide kogumi genereerimine (arvestades, et tagid on ilmselt artikli objekti sees olev massiiv).
+
Polling http://www.cyberciti.biz/faq/freebsd-device-polling-network-polling-tutorial/
  
Rubysti jaoks on alternatiivne selgitus: Map/Reduce on sama, mis Rubys on map/inject - map funktsioon käib üle kõigi leitud objektide ja tagastab neist igaühekohta mingi alternatiivse tulemuse; reduce funktioon käbi üle kõikide tagastatud tulemuste ja arvutab mingisuguse uue väärtuse nende pealt, kasutades selleks kaasa veetavat vahemuutujat (nagu inject).
+
----
  
Üks koht, kus seda katsetada annaks, olekski just see nn kesksüsteem, mis haldaks mingit tsentraalset objekti (asutus, isik, domeen, teenus vmt) ja koondaks linke ning andmeid meie teistest süsteemidest, mida me ükskord arutasime.
+
Kaks IP aadressi kahe erineva GW läbi ehk erinevatest võrkudest
Sel puhul oleks just abi dokumendibaasi paindlikkusest, kuna objektid on erineva sisuga.
 
  
MongoDB ja Rails:
+
*IP 193.40.0.75 netmask 255.255.255.240
http://www.mongodb.org/display/DOCS/MongoDB+Data+Modeling+and+Rails
+
*ruuter 193.40.0.65
 +
*võrk 193.40.0.0/28
  
MongoMapper ja MongoID on mh railscastis, suht huvitav oli kuulata/vaadata:
+
# cat /etc/conf.d/local.start
 
+
http://railscasts.com/episodes/194-mongodb-and-mongomapper
+
# teine ip aadress
http://railscasts.com/episodes/238-mongoid
+
ifconfig eth2 193.40.0.75 netmask 255.255.255.240
 +
 +
ip route add 193.40.0.0/28 dev eth2 src 193.40.0.75 table admin
 +
ip route add default via 193.40.0.65 dev eth2 table admin
 +
 +
ip rule add from 193.40.0.75/32 table admin
 +
ip rule add to 193.40.0.75/32 table admin
  
 
----
 
----
  
Probleem spamassassini uuendamisega
+
http://www.cyberciti.biz/faq/freebsd-device-polling-network-polling-tutorial/ polling
  
_die can t locate mail spamassassin compiledregexps body_0 pm 
+
http://rlworkman.net/howtos/OpenBSD_pf_guide.html hea manual
  
# sa-compile
+
----
# sa-update -D
 
  
Dec  6 20:44:57 muheleja amavis[14891]: extra modules loaded after daemonizing/chrooting:  Mail/SpamAssassin/CompiledRegexps/body_0.pm, Mail/SpamAssassin/Plugin/FreeMail.pm
+
http://prefetch.net/articles/monitoringpf.html pf tabelitest graafikute joonistamine.
  
 +
http://en.wikipedia.org/wiki/DGen
  
  568  mergemaster -p
+
http://undeadly.org/cgi?action=article&sid=20060927091645
  569  mergemaster -a
 
  
http://forum.nginx.org/read.php?23,41517 openssl freebsd baasi ülekirjutamine
+
http://www.probsd.net/pf/index.php/Main_Page
  
http://www.cyberls.com/forum/Thread-HOWTO-ProFTPD-Antivirus-using-CLAMAV
+
http://forge.mysql.com/wiki/MySQL_Proxy
  
http://www.ibm.com/developerworks/linux/library/l-linux-kernel/index.html?S_TACT=105AGX03&S_CMP=ART
+
databases/mysql-proxy
  
http://www.ibm.com/developerworks/linux/library/l-linux-filesystem/index.html
+
15.6.6.1: In load balancing, how can I separate reads from writes?
S_TACT=105AGX03&S_CMP=ART
 
  
http://selectparks.net/~julian/levelhead/install.html
+
There is no automatic separation of queries that perform reads or writes to the different backend servers. However, you can specify to mysql-proxy that one or more of the “backend” MySQL servers are read only.
  
----
+
shell> mysql-proxy \
 +
--proxy-backend-addresses=10.0.1.2:3306 \
 +
--proxy-read-only-backend-addresses=10.0.1.3:3306 &
  
# freshclam
 
ClamAV update process started at Mon Nov 29 16:06:25 2010
 
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
 
daily.cld is up to date (version: 12333, sigs: 6732, f-level: 54, builder: ccordes)
 
bytecode.cld is up to date (version: 93, sigs: 16, f-level: 54, builder: edwin)
 
  
Kataloogi kontrollimiseks
+
6.6.4: Can I run MySQL Proxy as a daemon?
  
# clamscan -ri /kataloog
+
Use the --daemon option. To keep track of the process ID, the daemon can be
 +
started with the --pid-file=file option to save the PID to a known file name.
 +
On version 0.5.x, the Proxy cannot be started natively as a daemon.
  
Vsftp conf
+
http://agiletesting.blogspot.com/2009/04/mysql-load-balancing-and-read-write.html
  
listen=YES
+
http://www.centric-it.com/2009/05/11/simple-mysql-replication-cluster-with-load-balancer-on-the-slaves/
anonymous_enable=NO
 
local_enable=YES
 
write_enable=YES
 
local_umask=022
 
dirmessage_enable=YES
 
xferlog_enable=YES
 
connect_from_port_20=YES
 
ftpd_banner=FTP.ZOO.TARTU.EE
 
chroot_local_user=YES
 
file_open_mode=0755
 
ascii_download_enable=YES
 
ascii_upload_enable=YES
 
syslog_enable=YES
 
 
ssl_enable=YES
 
rsa_cert_file=/etc/vsftpd/vsftpd.pem
 
force_local_data_ssl=NO
 
force_local_logins_ssl=NO
 
 
pasv_min_port=12400
 
pasv_max_port=12500
 
  
Proftpd teeb mugavaks tema modulaarne ehitus mis võimaldab
+
http://barkingiguana.com/2008/07/20/load-balanced-highly-available-mysql-on-ubuntu-804/
koostada üsna keerukaid ftp teenuseid.
 
  
Seadistus mis autentib pami abil süsteemsete kasutajate vastu oleks
+
http://www.freebsd.org/cgi/man.cgi?query=ng_netflow&sektion=4&manpath=FreeBSD+6.0-RELEASE
  
  ServerName          "ftp.zoo.tartu.ee"
+
  kldload netgraph.ko
  ServerType          standalone
+
  kldload ng_ether.ko
  DefaultServer      on
+
  kldload ng_tee.ko
  RequireValidShell  off
+
  ngctl -f - << SEQ
AuthPAM            on
+
    mkpeer em0: tee lower left
AuthPAMConfig      ftp
+
    name em0:lower tee
Port 21
+
    connect tee: em0: right upper
+
 
PassivePorts 49152 65535
+
    mkpeer tee: netflow left2right iface0
+
    name tee:left2right netflow
#punktiga failidele
+
    connect tee: netflow: right2left iface1
ListOptions "-a"
+
 
+
    mkpeer netflow: ksocket export inet/dgram/udp
# Umask 022 is a good standard umask to prevent new dirs and files
+
    name netflow:export ksocket
# from being group and world writable.
+
    msg ksocket: connect inet/89.252.34.107:3434
Umask 022
+
  SEQ
 
MaxInstances 30
 
 
# Set the user and group under which the server will run.
 
User ftp
 
Group ftp
 
 
DebugLevel 5
 
DefaultRoot ~
 
 
# Autendi nii mysql-ist kui ka systeemitabelitest
 
AuthOrder mod_auth_unix.c
 
 
# Normally, we want files to be overwriteable.
 
  <Directory />
 
  AllowOverwrite on
 
</Directory>
 
  
Passiivsete ühenduste lubamiseks tuleb näiteks pf.conf lisada
+
http://hep.kbfi.ee/index.php/SITIO/SITIO
  
  pass in on $ext_if proto tcp from any to any port > 49151 keep state label "passive ftp"
+
  for (( i=0; i<10; i++ )); do killall -u kasutaja -s USR2 apache2; sleep 1200; done
  
Mysqlist autentimiseks tuleb lisada AuthOrder reale lisada mod_auth_unix.c kõrvale mod_sql.c
+
Kui tahad ööpäev vanad kirjad ära visata, on vist lihtsam postfixi konfida
  
  AuthOrder mod_sql.c mod_auth_unix.c
+
  maximal_queue_lifetime (default: 5d)
 +
bounce_queue_lifetime (default: 5d)
  
Ja seadistada mysqliga suhtlemise kasutaja ning parool
+
* Tuleks sundida asutusi vastama tundmatutele kasutajatele 5XX koodiga. Värske näide:
  
  # MySQL conf
+
  F3B2F246B42    5420 Fri May 25 20:44:32 MAILER-DAEMON
  SQLAuthTypes Crypt
+
  (host mail.lavakas.ee[193.40.56.98] said: 450 4.1.1 <dwlavakasm@lavakas.ee>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command))
  SQLAuthenticate users
+
                                        dwlavakasm@lavakas.ee
SQLConnectInfo andmebaas@db.zoo.tartu.ee kasutaja parool
 
  SQLDefaultUID 20000
 
SQLDefaultGID 20000
 
SQLMinUserUID 20000
 
SQLMinUserGID 20000
 
SQLUserInfo users username passwd uid gid ftpdir homedir
 
  
Viimase reaga on defineeritud kasutajaid sisaldava tabeli struktuur.
+
4XX tähendab, et meie vahendaja hoiab kirja mitu päeva alles ja üritab korduvalt sitta edasi saata.  
  
SSL toe lisamiseks
+
PS. Igasugu ägedaid asju on võimalik teha, näiteks ICMP rate ära limiteerida -
 +
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
 +
(samamoodi saab TCP SYN floodi limiteerida)
  
<IfDefine TLS>
+
Nüüd on leiutatud rünnakud, millega on võimalik eemalt võrgukaardi firmware üle võtta ja panna kaart tegema mida hing ihkab. Arusaadavalt on tarkvara sedasorti rünnakute vastu võimetu - nagu esimesena viidatud jutust lugeda võib, minnakse niimoodi rahulikult läbi ka armastatud CheckPointi tulemüürist.
  TLSEngineon
 
  TLSRequiredon
 
  TLSRSACertificateFile /etc/vsftpd/proftp.pem
 
  TLSRSACertificateKeyFile /etc/vsftpd/proftp.pem
 
  TLSCipherSuiteALL:!ADH:!DES
 
  TLSOptionsNoCertRequest
 
  TLSVerifyClientoff
 
  TLSRenegotiatectrl 3600 data 512000 required off timeout 33 00
 
  #TLSLog/var/log/proftpd/tls.log
 
 
<IfModule mod_tls_shmcache.c>
 
  TLSSessionCacheshm:/file=/var/run/proftpd/sesscache
 
</IfModule>
 
</IfDefine>
 
  
+
http://www.links.org/?p=330
===Proftp failide kontroll läbi ClamAv viirusetõrje.===
+
http://www.eusecwest.com/speakers.html#PhlashDance
 
Paigalda Clamav op-süsteemi töövahenditega.
 
Paigalda samamoodi Proftp server koos mod_clamav toega
 
  
clamd.conf tuleb teha järgnevad muudatused, ehk tuleb lahti kommenteerida rida kus öeldakse, et ta töötaks deemonina ja kuulaks 3310 porti
+
Protsessi keskkond FreeBSD's
  
  # TCP port address.
+
  ps uewwwp 1403
  # Default: no
+
ps: Process environment requires procfs(5)
  TCPSocket 3310
+
USER  PID %CPU %MEM  VSZ  RSS  TT  STAT STARTED      TIME COMMAND
 +
root  1403  0.0  0.2 25520  6820  ??  S    2:06PM  0:00.29  /usr/local/sbin/smbd -D -s  /usr/local/etc/smb.conf
 +
ymiseja# mount -t procfs proc /proc
 +
  ymiseja# ps uewwwp 1403
 +
USER  PID %CPU %MEM  VSZ  RSS  TT  STAT STARTED      TIME COMMAND
 +
root  1403  0.0  0.2 25520  6820  ??  I    2:06PM  0:00.29 HOME=/ PATH=/sbin:/bin:/usr/sbin:/usr/bin RC_PID=22 PWD=/ /usr/local/sbin/smbd -D -s /usr/local/etc/smb.conf
  
proftpd.conf tuleks lisada <global></blobal> markerite vahele lõpuossa järgnev blokk
 
  
<IfModule mod_clamav.c>
+
lihtne funktsioon, mis vahetab kaks faili omavahel:
    ClamAV on
 
    ClamServer localhost
 
    ClamPort 3310
 
    ClamMaxSize 5 Mb
 
</IfModule>
 
  
5 Mb tähendab mis on maksimaalne failisuurus millest üle enam faile ei kontrollita.
+
function xchg {
 +
  if test -f "$1" -a -f "$2" ; then
 +
    if mv "$1" "tmp:xchg" && mv "$2" "$1" && mv "tmp:xchg" "$2"; then
 +
      echo "  $1 <-> $2"
 +
    else
 +
      echo "Failed to xchg: $1 <-> $2"
 +
    fi
 +
  else
 +
    echo "Usage: xchg file1 file2"
 +
  fi
 +
}
  
Mõlemad teenused restartida.
 
  
Testimiseks võib üritada ühte Eicar signatuuri sisaldavat faili üles laadida  http://www.eicar.org/anti_virus_test_file.htm
+
TMP automaatseks kustutamiseks FreeBSDs /etc/periodic.conf:
 +
daily_clean_tmps_enable="YES"
 +
daily_clean_tmps_dirs="/var/tmp"
 +
daily_clean_tmps_days="7"
 +
 
 +
Tänapäeval loetakse turvaauguks, kui bind laseb rekursiivseid päringuid
 +
võõrastel teha. Soovitatakse
  
  # ftp zoo.tartu.ee
+
  options {
  Connected to zoo.tartu.ee.
+
  allow-recursion { localnets; localhost; };
  220 ProFTPD 1.3.3c Server (zoo.tartu.ee) [::ffff:192.168.1.22]
+
  allow-query-cache { localnets; localhost; };
  Name (zoo.tartu.ee:ants): ants
+
};
  331 Password required for ants
+
 
  Password:
+
http://support.menandmice.com/jforum/posts/list/25.page
  230 User ants logged in
+
 
  Remote system type is UNIX.
+
RH Enterprise Virtualization on KVM-i kommertsialiseeritud versioon, mida koos enterprais-haldusliidesega müüakse.
  Using binary mode to transfer files.
+
Allpool viidatud dokument on aga huvitav selle poolest, et väidetavalt suudab mitme virtuaalmasina peale määritud rakendus riistvara ressursi paremini ära kasutada, kui samale rakendusele kogu riista otse kätte andes. http://www.redhat.com/f/pdf/rhev/DOC034R3-LAMP-Scaling.pdf
  ftp> put test
+
 
  local: test remote: test
+
Kõrvataha panemiseks, kui kunagi vaja peaks olema. Mingi tegelane korjas netist kokku hunniku erinevaid regexpe ja testis neid kõiksugu korrektsete ja vigaste e-postiaadressite suhtes, et selgitada välja parimat: http://fightingforalostcause.net/misc/2006/compare-email-regex.php
  200 PORT command successful
+
 
  150 Opening BINARY mode data connection for test
+
Google uuring mäluvigadest http://www.zdnet.com/blog/storage/dram-error-rates-nightmare-on-dimm-street/638
  550 Virus Detected and Removed: Eicar-Test-Signature
+
 
  71 bytes sent in 0.00 secs (745.5 kB/s)
+
Staatiline veeb
 +
 
 +
Kuskil oli sellest just hiljaaegu juttu, et see on uus trend. Nüüd komistasin ka mingi innovaatilise töövahendi otsa, mis põhimõtteliselt kasutab MVC põhimõtet sisu loomiseks, kuid genereerib nendest staatilised veebilehed, mis salvestatakse HTML-ina eraldi kausta.
 +
Kasutada saab kõiksugu aspekte, alates templaatidest, kuni partialite ja helperiteni välja.
 +
 
 +
http://staticmatic.rubyforge.org/
 +
 
 +
Veebiserveri testimise vahendid
 +
 
 +
1. ab        http://httpd.apache.org/docs/2.2/programs/ab.html
 +
2. httest    http://htt.sourceforge.net/
 +
3. httperf  http://code.google.com/p/httperf/
 +
4. webbench  http://home.tiscali.cz/~cz210552/webbench.html
 +
5. siege    http://www.joedog.org/index/siege-home
 +
6. jmeter    http://kuutorvaja.eenet.ee/wiki/JMeter
 +
 
 +
To compress a big video file, movie.avi and split it into multiple files, each size up to 12MB,
 +
rar a -m5 -v12m myarchive movie.avi
 +
A list of files (myarchive.part1.rar, myarchive.part2.rar, ..) will be created in current directory.
 +
You may change the compression quality, -m5 is the best and the slowest, while -m0 do no compression at all (-m3 is default).
 +
If you prefer the old file naming style (myarchive.rar, myarchive.r00, myarchive.r01, ..), add one extra switch -vn before the archive name.
 +
To uncompress the files (myarchive.part1.rar, myarchive.part2.rar, ..),
 +
rar e myarchive.part1.rar
 +
 
 +
===Sissejuhatus===
 +
 
 +
===Bindi seadistus===
 +
 
 +
Selleks ,et nimeserveris domeen siduda ipv6 aadressiga on vaja kasutada AAAA kirjet
 +
 
 +
Näiteks
 +
 
 +
www6 AAAA mingi_ipv6_aadress
 +
 
 +
 
 +
http://forskningsnett.uninett.no/ipv6/IPv6hostsfreebsd.html
 +
 
 +
===Lingid===
 +
 
 +
http://www.eenet.ee/EENet/ipv6.html
 +
 
 +
http://www.ipv6.estpak.ee/?tunnel
 +
 
 +
http://math.ut.ee/~mroos/ipv6/ipv6fw.pdf
 +
 
 +
http://6to4.version6.net/
 +
 
 +
http://vallaste.ee/index.htm?Type=UserId&otsing=2308
 +
 
 +
http://www.hot.ee/mego1/materjalid/interneti_referaat.htm
 +
 
 +
http://www.hot.ee/raffas/ipv6fw.pdf
 +
 
 +
http://math.ut.ee/~mroos/ipv6/
 +
 
 +
http://www.inet6.dk/firewall.html
 +
 
 +
---
 +
 
 +
Võrk rc.conf
 +
 
 +
 
 +
HOSTNAME="test_db"
 +
eth0="eth0 192.168.100.2 netmask 255.255.255.0 broadcast 192.168.100.255"
 +
INTERFACES=(eth0)
 +
gateway="default gw 192.168.100.1"
 +
ROUTES=(gateway)
 +
 
 +
Mitu kaarti
 +
 
 +
INTERFACES=(eth1 eth0)
 +
 
 +
Uuendab andmebaasi pakkidel
 +
 
 +
pacman -Syy
 +
 
 +
uuendused teeb
 +
 
 +
pacman -Su
 +
 
 +
Paketi paigaldamine
 +
 
 +
pacman -S openssh
 +
 
 +
sshd käivitamine
 +
 
 +
/etc/rc.d/sshd start
 +
 
 +
Info paketi kohta
 +
 
 +
#  pacman -Si mysql
 +
Repository    : extra
 +
Name          : mysql
 +
Version        : 5.1.54-1
 +
URL            : http://www.mysql.com/
 +
Licenses      : GPL
 +
Groups        : None
 +
Provides      : None
 +
Depends On    : mysql-clients
 +
Optional Deps  : perl-dbi
 +
                  perl-dbd-mysql
 +
Conflicts With : None
 +
Replaces      : None
 +
Download Size  : 7856.18 K
 +
Installed Size : 68804.00 K
 +
Packager      : Andrea Scarpino <andrea@archlinux.org>
 +
Architecture  : x86_64
 +
Build Date    : Mon 03 Jan 2011 06:14:49 PM EET
 +
MD5 Sum        : 507d442b82e53eb09dbb37c3b3ad836a
 +
Description    : A fast SQL database server
 +
 
 +
Mysql serveri installimiseks
 +
 
 +
# pacman -S mysql
 +
# /etc/rc.d/mysqld start && mysql_secure_installation
 +
 
 +
Vaikimisi seadistatud /etc/hosts.allow tühi ja hosts.deny kõiki ühendusi blokeerima.
 +
 
 +
/etc/rc.conf faili täiendada
 +
 
 +
DAEMONS=(syslog-ng network netfs crond mysqld sshd)
 +
 
 +
 
 +
A Socket is the place where you plug in the CPU.
 +
So normaly you use:
 +
cores: 1
 +
socket: 1
 +
 
 +
Not to beat the subject to death, but let me ask this as well.
 +
Assuming the sofrware license is for one CPU and in the computer
 +
I have 2 quad core CPUs. Can I tell KVM 1 CPU Socket with 8 Socket/Cores?
 +
 
 +
---
 +
 
 +
Use TCP syn-proxy for mysql port - normally when a client initiates a TCP connection to a mysql server, PF will pass the handshake packets between the two endpoints as they arrive. PF has the ability, however, to proxy the handshake. With the handshake proxied, PF itself will complete the handshake with the client, initiate a handshake with the server, and then pass packets between the two. The benefit of this process is that no packets are sent to the server before the client completes the handshake. This eliminates the threat of spoofed TCP SYN floods affecting the server because a spoofed client connection will be unable to complete the handshake.
 +
 
 +
pass in on $ext_if proto tcp from any to $mysql_server port 3306 flags S/SA synproxy state
 +
 
 +
Google tegi Apachele mooduli, mis sisaldab hunnikut filtreid lehekülgede järeltoimetamiseks, et brauserisse laadimine oleks kiirem:
 +
 
 +
*http://googlewebmastercentral.blogspot.com/2010/11/make-your-websites-run-faster.html
 +
*http://code.google.com/intl/et-EE/speed/page-speed/docs/using_mod.html
 +
*http://web-tech.ga-usa.com/2010/11/using-compiling-mod_pagespeed-for-apache-and-freebsd/
 +
 
 +
Host/Subnet Quantities Table
 +
 
 +
Class B                  Effective  Effective
 +
# bits        Mask        Subnets    Hosts
 +
-------  ---------------  ---------  ---------
 +
  1      255.255.128.0          2    32766
 +
  2      255.255.192.0          4    16382
 +
  3      255.255.224.0          8      8190
 +
  4      255.255.240.0          16      4094
 +
  5      255.255.248.0          32      2046
 +
  6      255.255.252.0          64      1022
 +
  7      255.255.254.0        128      510
 +
  8      255.255.255.0        256      254
 +
  9      255.255.255.128      512      126
 +
  10    255.255.255.192      1024        62
 +
  11    255.255.255.224      2048        30
 +
  12    255.255.255.240      4096        14
 +
  13    255.255.255.248      8192        6
 +
  14    255.255.255.252    16384        2
 +
 +
Class C                  Effective  Effective
 +
# bits        Mask        Subnets    Hosts
 +
-------  ---------------  ---------  ---------
 +
  1      255.255.255.128      2        126
 +
  2      255.255.255.192      4        62
 +
  3      255.255.255.224      8        30
 +
  4      255.255.255.240    16        14
 +
  5      255.255.255.248    32          6
 +
  6      255.255.255.252    64          2
 +
 
 +
C klass 193.40.45.0/24
 +
 
 +
# gw ise 193.40.45.1/245 (cisco)
 +
# ruuteri esimene kaart 193.40.45.2/252 (2 aadressiga võrk, st niipalju läheb kaduma)
 +
# ruuteri teine kaart 193.40.45.32/192 (62 aadressi)
 +
# teisel kaardil olev klient 193.40.45.34/192 ja gw 193.40.0.32
 +
 
 +
Ja
 +
 
 +
gateway_enable="YES"
 +
 
 +
Traceroute
 +
 
 +
# traceroute www.ut.ee
 +
  traceroute to www.ut.ee (193.40.5.73), 64 hops max, 52 byte packets
 +
  1  193.40.45.32 (193.40.45.32)  0.364 ms  0.373 ms  0.352 ms
 +
  2 193.40.45.1 (193.40.45.1)  0.785 ms
 +
  3 ut-gw1.bb.eenet.ee (193.40.133.210)  1.269 ms  1.189 ms  1.141 ms
 +
  4  sein.ut.ee (193.40.12.10)  1.088 ms  1.221 ms  1.203 ms
 +
  5  ak-gw.ut.ee (193.40.12.14)  1.171 ms  1.321 ms  1.051 ms
 +
  6  www.ut.ee (193.40.5.73)  1.135 ms  1.025 ms *
 +
 
 +
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml lisalugemiseks klassidest ja ruutingust.
 +
 
 +
IPMI seadistamine FreeIPMI abil.
 +
 
 +
Salvestame hetke ipmi seadistusfaili kettale nimega ipmi.conf
 +
 
 +
# bmc-config --checkout --filename=ipmi.conf
 +
 
 +
Teeme muudatused failis ja laadime selle tagasi ipmi seadmesse
 +
 
 +
# bmc-config --commit -f ipmi.conf
 +
ERROR: Failed to commit `Lan_Conf:MAC_Address': Read Only Field
 +
 
 +
Errorit võib ignoreerida.
 +
 
 +
# bmc-config -D open -o --section=User2       
 +
Section User2
 +
## Give Username
 +
Username                                      admin
 +
## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
 +
## Password                                 
 +
## Possible values: Yes/No or blank to not set
 +
## Enable_User                               
 +
## Possible values: Yes/No
 +
Lan_Enable_IPMI_Msgs                          Yes
 +
## Possible values: Yes/No
 +
Lan_Enable_Link_Auth                          Yes
 +
## Possible values: Yes/No
 +
Lan_Enable_Restricted_to_Callback            Yes
 +
## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
 +
  Lan_Privilege_Limit                          Administrator
 +
## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
 +
## Lan_Session_Limit                         
 +
## Possible values: Yes/No
 +
SOL_Payload_Access                            No
 +
EndSection
 +
 
 +
I’ve got a FreeBSD system which is lacking some of the tools which I’ve gotten used to having, whether from Linux or Solaris.
 +
 
 +
I’ll often use the GNU tool seq to iterate through things on the command line… for example, if I’m going to ping 192.168.1.20-40, I might, at my bash prompt,
 +
 
 +
for i in `seq 20 40`; do ping 192.168.1.${i}; done
 +
 
 +
Quite handy, though FreeBSD doesn’t have it, and I haven’t installed whatever port contains it.
 +
 
 +
So… I’ll use jot, now that I’ve once again looked up what it is and how it works.
 +
 
 +
The equivalent line to that above?
 +
 
 +
  for i in `jot 21 20`; do ping 192.168.1.${i}; done
 +
 
 +
Mis ubuntu serveril viga ?
 +
 
 +
Lühidalt saan seda ühe sõnaga öelda -- upstart :-)
 +
 
 +
Natukese pikemalt kirjeldades on lugu selline, et upstart käivitab
 +
teenuseid sõltuvalt teatud tingimustest (teiste tööde käivitamisest ja
 +
süsteemi olekust tingitud sündmused jms) ning võimalikult paralleelselt.
 +
Osad asjad aga hakkavad selle tulemusel aeg-ajalt katki minema.
 +
 
 +
Paar huvitavat bugi sel teemal:
 +
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/543506?comments=all
 +
https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/478392
 +
 
 +
Kirjutada tõrvajasse apache seadistamise probleemidest FreeBSD opsüsteemis.
 +
 
 +
Kasutaja loomise skript
 +
 
 +
adduser.sh
 +
<source lang=bash>
 +
  #!/usr/local/bin/bash
 +
 +
if [ "$ID" == "0" ]; then
 +
        echo Must be root for now.
 +
        exit 1
 +
fi
 +
 +
echo "----- ----- ----- -----"
 +
echo "kirjuta kasutajanimi:"
 +
read username
 +
echo "kirjuta grupinimi kuhu kasutaja lisatakse:"
 +
read grp
 +
echo "kirjuta ees ja perenimi:"
 +
  read userfullname
 +
 +
while [ $pass1 != $pass2 ]
 +
do
 +
  echo "...."
 +
  echo "parool #1:"
 +
  read -s pass1
 +
  echo "parool #2:"
 +
  read -s pass2
 +
done
 +
 +
echo $username $grp $userfullname # $pass1 $pass2
 +
 +
echo "----- ----- ----- -----"
 +
 +
cp /usr/home/samba/netlogon/k.bat /usr/home/samba/netlogon/"$username".bat
 +
 +
  echo $pass1 | pw add user $username -c "$userfullname" -d "/usr/home/$grp/$username" -G $grp -m -s \
 +
/usr/local/bin/bash -h0 (echo $pass1; echo $pass1 ) | smbpasswd -s -a $username
 +
chmod 750 /usr/home/$grp/$username
 +
</source>
 +
 
 +
Väikekooli arvutivõrku sobiv konf
 +
 
 +
Võrk ise
 +
 
 +
  [ COMP1 ]    [ COMP3 ]
 +
      |            |                             
 +
  ---+------+-----+------- em0 [ Server ] em0 -------- ( Internet )
 +
            |
 +
        [ COMP2 ]
 +
 
 +
tulemüüri fail meeles tuleb pidada, et reegleid tuleb kirjutada sellises järjestuses
 +
 
 +
* MAKROS. Makrod ehk anname maakeeli muutujatele väärtusi, näiteks
 +
* TABLES, tabelid milles hoiame igasuguseid põnevaid ja pahasid IP aadresse
 +
* GLOBAL OPTIONS globaalsed ühendustele seatavad seaded
 +
* TRAFFIC NORMALIZATION
 +
* QUEUEING RULES, liikluse prioritiseerimiseks mõeldud järjekorrad
 +
* TRANSLATION RULES (ehk NAT)
 +
* FILTER RULES, ehk siis reeglid mis keelvad ja lubavad ühendusi, näiteks lubame kõik liikluse igas suunas selliselt
 +
 
 +
  pass in log all keep state
 +
  pass out log all keep state
 +
 
 +
Reaalne seadistusfail
 +
 
 +
<source lang=bash>
 +
# välimine (rl0) ja sisemine (em0) võrguseade
 +
ext_if="rl0"
 +
int_if="em0"
 +
 +
icmp_types = "echoreq"
 +
   
 +
# arvutiklassi IP aadressid
 +
klass="{192.168.1.201, 192.168.1.202, 192.168.1.203 }"
 +
 +
set skip on lo0
 +
# set optimization high-latency # aeglastel võrkudel
 +
set optimization aggressive
 +
set timeout tcp.established 7200
 +
set timeout { udp.first 20, udp.single 5, udp.multiple 30 }
 +
set limit states 1000000 # vaikimisi 10000, pool miljonit ei tohiks tänapäeval mingi number olla
 +
 +
scrub in all
 +
scrub out all random-id max-mss 1440
 +
 +
# suuname kogu veebiliikluse squid vahendusserverile
 +
  rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128
 +
 +
  # NAT välisvõrgust
 +
nat on $ext_if inet from 192.168.0.0/16 to any -> ($ext_if)
 +
 
 +
# blokeerime esialgu kõik
 +
block log all label "blocked"
 +
 +
  # vaatame, et sisevõrgust saaks ühenduda vaid meie enda mailiserveriga, see vähendab rämpsposti teadmatut saatmist
 +
pass in quick on $int_if inet proto tcp from $int_if:network to 192.168.1.1 port 25 keep state
 +
block in quick on $int_if inet proto tcp from $int_if:network to any port 25
 +
 +
# blokeerime arvutiklassis toimuva õppetöö jaoks ühe ohtliku aadress :)
 +
block in quick on $int_if inet proto tcp from $klass to 58.35.11.23
 +
 +
  #spoofikaitse
 +
  antispoof for $ext_if inet
 +
   
 +
# lubame vaid ühe icmp tüübi, ehk pingi
 +
pass in inet proto icmp all icmp-type $icmp_types
 +
 +
# avame serverile hulga porte teenuste kasutamiseks
 +
pass in on $ext_if proto tcp from any to $ext_if port 22 keep state label "ssh"
 +
pass in on $ext_if proto tcp from any to $ext_if port 80 keep state label "www"
 +
pass in on $ext_if proto tcp from any to $ext_if port 25 keep state label "mail"
 +
pass in on $ext_if proto tcp from any to $ext_if port 143 keep state label "imap"
 +
pass in on $ext_if proto tcp from any to $ext_if port 443 keep state label "https"
 +
pass in on $ext_if proto tcp from any to $ext_if port 993 keep state label "imaps"
 +
 +
# lubame välja kõik tcp ja udp ühendused
 +
pass out on $ext_if all keep state
 +
# lubame sisevõrgus kogu liikluse
 +
pass quick on $int_if all label int
 +
</source>
 +
 
 +
Parandusideed vormistamise mõttes:
 +
 
 +
1. rakendaksin selgelt vaikimisi block reeglid kõigil suundadel (st neljal suunal kui tal on kaks liidest)
 +
 
 +
2. kasutaksin tag'isid, nii on lihtsam tihedat tulemüüri kirjeldada
 +
 
 +
http://kuutorvaja.eenet.ee/wiki/Kahe_v%C3%B5rgukaardiga_aadressteisendav_tulem%C3%BC%C3%BCr
 +
 
 +
---
 +
   
 +
Jälle noSQL rindelt teateid, kuid seekord pisut teise suunitlusega.
 +
 
 +
GlusterFS alternatiivina võiks äkki kaaluda Facebooki arendatud Cassandrat:
 +
http://cassandra.apache.org/
 +
 
 +
Niipalju kui mina aru sain, siis see on neil (ja Diggil ja Twitteril ja Redditil jne) kasutusel, et talletada terabaite andmeid klastrisse, nii et see on kättesaadav igast nodest ja ka kirjutatav igast nodest (lihtsalt proxytakse, kuhu vaja), samas on selle peamine eesmärk skaleeruvus (O(1)) ja huvitaval kombel, tehnoloogilistel põhjustel on kirjutamine isegi kaks suurusjärku kiirem kui lugemine, mis võrreldes nt MySQL-iga on ka suurusjärgu võrra kiirem.
 +
 
 +
Cassandrale on pea kõigis levinuimates keeltes kõrgtaseme-teegid ja läbi Thrifti veel tosinale keelele madala-taseme teegid.
 +
 
 +
Tuunida saab CAP (Consistency, Availability, Partition tolerance) osas korraga kahe väärtuse nõuet, nt konsistentsuse vajaduse puhul nõuda, et 1/2 + 1 vajalikest koopiatest oleks alati kirjutatud, enne kui operatsioon lõpetab jne.
 +
 
 +
Kirjelduse järgi tundub, et Cassandra sobiks väga hästi klastris kasutamiseks, eriti juhul, kui igast nodest on vaja kogu andmehulgale kiiresti ligi pääseda.
 +
 
 +
Ainuke miinus on, et see tähendaks failidesse kirjutamise asemel pisukest progemistööd rakenduse arendajale. Esmane guugeldamine ei andnud ka tulemust, et keegi näiteks FUSE peal Cassandra failisüsteemiga valmis oleks saanud (mõnel oli vaid idee).
 +
 
 +
PS. kui failisüsteem oleks olemas, siis võiks isegi mõelda, et KVM masinate sisemised kettad niiviisi kokku ühendada ja moodustada terviklik storage masinate endi kõhus. Kui masinaid on piisavalt palju (nt 4-5) peaks selline süsteem isegi 1-2 hosti kokkuvarisemise üle elama.
 +
 
 +
---
 +
 
 +
Väga huvitav andmete salvestamise meetod on "dokumendiadmebaas", mille keyword guugeldamiseks on noSQL.
 +
 
 +
Tegemist on andmebaasidega, mis ei ole relatsioonilised, st objektide vahel ei ole otseselt seoseid, igaüks moodustab ise tervikliku dokumendi koos kõikide väärtustega. Andmebaas ei ole tihti normaalkujul (vahel vähendatakse normaalsust meelega - denormaliseerimine), objektid vastavad enamasti üks-ühele mingisuguse andmestruktuuriga programmeerimiskeeles - sellest dokument.
 +
 
 +
Näiteks sellistest: Redis, Memcached (kuigi see on rohkem cache, kui admebaas), MongoDB jt.
 +
Neist viimane on väga huvitav, kuna on iseenesest JavaScripti objektide hoidla (JSON), millega suhtlemine käib JavaScripti kaudu (loomulikult on sellele teegid kõikidesse peamistesse progekeeltesse ka olemas). Kiirustestides on ta ikka tohutult kiirem kui MySQL ja isegi Memcachedil sammub kannul või mõnes testis ka kiirem, olles samas ikkagi täisväärtuslik, indekseeritud andmebaas.
 +
 
 +
http://www.mongodb.org/
 +
 
 +
Kõige silmatorkavam erinevus relatsioonilise baasiga on selles, et kahel ühes "kollektsioonis" oleval objektil ei pruugi mitte ükski atribuut kokku langeda ja atrbuutide väärtused võivad olla mh ka massiivid.
 +
 
 +
Kes hakkab asja vastu lähemat huvi tundma, siis esimene segadust tekitav koht nende dokumentatsioonis oli minu jaoks Map/Reduce selgitus. See on MongoDB töövahend, mis keedab mune, peseb autot ja toob lapse lasteaiast ära. Kahjuks dokumentatsiooni järgi läks mul kaua aega, enne kui pihta sain, kuidas seda kasutada.
 +
 
 +
Map/Reduce kasutusvaldkonnaks on näiteks artiklite kogumi pealt kõigi tag-ide kogumi genereerimine (arvestades, et tagid on ilmselt artikli objekti sees olev massiiv).
 +
 
 +
Rubysti jaoks on alternatiivne selgitus: Map/Reduce on sama, mis Rubys on map/inject - map funktsioon käib üle kõigi leitud objektide ja tagastab neist igaühekohta mingi alternatiivse tulemuse; reduce funktioon käbi üle kõikide tagastatud tulemuste ja arvutab mingisuguse uue väärtuse nende pealt, kasutades selleks kaasa veetavat vahemuutujat (nagu inject).
 +
 
 +
Üks koht, kus seda katsetada annaks, olekski just see nn kesksüsteem, mis haldaks mingit tsentraalset objekti (asutus, isik, domeen, teenus vmt) ja koondaks linke ning andmeid meie teistest süsteemidest, mida me ükskord arutasime.
 +
Sel puhul oleks just abi dokumendibaasi paindlikkusest, kuna objektid on erineva sisuga.
 +
 
 +
MongoDB ja Rails:
 +
http://www.mongodb.org/display/DOCS/MongoDB+Data+Modeling+and+Rails
 +
 
 +
MongoMapper ja MongoID on mh railscastis, suht huvitav oli kuulata/vaadata:
 +
 
 +
http://railscasts.com/episodes/194-mongodb-and-mongomapper
 +
http://railscasts.com/episodes/238-mongoid
 +
 
 +
----
 +
 
 +
Probleem spamassassini uuendamisega
 +
 
 +
_die can t locate mail spamassassin compiledregexps body_0 pm 
 +
 
 +
# sa-compile
 +
# sa-update -D
 +
 
 +
Dec  6 20:44:57 muheleja amavis[14891]: extra modules loaded after daemonizing/chrooting:  Mail/SpamAssassin/CompiledRegexps/body_0.pm, Mail/SpamAssassin/Plugin/FreeMail.pm
 +
 
 +
 
 +
  568  mergemaster -p
 +
  569  mergemaster -a
 +
 
 +
http://forum.nginx.org/read.php?23,41517 openssl freebsd baasi ülekirjutamine
 +
 
 +
http://www.ibm.com/developerworks/linux/library/l-linux-kernel/index.html?S_TACT=105AGX03&S_CMP=ART
 +
 
 +
http://www.ibm.com/developerworks/linux/library/l-linux-filesystem/index.html
 +
S_TACT=105AGX03&S_CMP=ART
 +
 
 +
http://selectparks.net/~julian/levelhead/install.html
 +
 
 +
----
 +
 
 +
# freshclam
 +
ClamAV update process started at Mon Nov 29 16:06:25 2010
 +
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
 +
daily.cld is up to date (version: 12333, sigs: 6732, f-level: 54, builder: ccordes)
 +
bytecode.cld is up to date (version: 93, sigs: 16, f-level: 54, builder: edwin)
 +
 
 +
Kataloogi kontrollimiseks
 +
 
 +
# clamscan -ri /kataloog
 +
 
 +
Vsftp conf
 +
 
 +
listen=YES
 +
anonymous_enable=NO
 +
local_enable=YES
 +
write_enable=YES
 +
local_umask=022
 +
dirmessage_enable=YES
 +
xferlog_enable=YES
 +
connect_from_port_20=YES
 +
ftpd_banner=FTP.ZOO.TARTU.EE
 +
chroot_local_user=YES
 +
file_open_mode=0755
 +
ascii_download_enable=YES
 +
ascii_upload_enable=YES
 +
syslog_enable=YES
 +
 +
ssl_enable=YES
 +
rsa_cert_file=/etc/vsftpd/vsftpd.pem
 +
force_local_data_ssl=NO
 +
force_local_logins_ssl=NO
 +
 +
pasv_min_port=12400
 +
pasv_max_port=12500
  
 
----
 
----

Viimane redaktsioon: 18. märts 2018, kell 21:49

Personaalne jj arendusnurk ehk sodinurk kuutõrvajas

NB Mitte puududa

Must materjal

DVD kaust iso failiks

genisoimage -dvd-video -v -o DVD.iso DVD

This will create an iso named DVD.iso from the DVD folder.

Alternatiivne ruuting

# Build my alternate routing tables
/usr/sbin/setfib 0 /sbin/route add default 10.1.9.58
/usr/sbin/setfib 1 /sbin/route add default 10.1.9.59
/usr/sbin/setfib 2 /sbin/route add default 10.1.9.60
/usr/sbin/setfib 3 /sbin/route add default 10.1.9.61

# Start SSH daemons for each interface
/usr/sbin/setfib 0 /usr/sbin/sshd -f /etc/ssh/sshd_config
/usr/sbin/setfib 1 /usr/sbin/sshd -f /etc/ssh/sshd_config.tap0
/usr/sbin/setfib 2 /usr/sbin/sshd -f /etc/ssh/sshd_config.tap1
/usr/sbin/setfib 3 /usr/sbin/sshd -f /etc/ssh/sshd_config.tap2

The qemu-img program can be used to convert images from one format to another. For example:

qemu-img convert -O qcow2 MyVmwareImage.vmdk MyProxmoxImage.qcow2

Saab kiirelt luua nt wifikaardiga läppariga wifi wõrgu.

# apt-get install hostapd


http://freebsd.so14k.com/ifstated_apache.shtml

Paljudel sellega küsimusi, seega vaja vormistada kenaks juhendiks:

ssh-keygen käskküsib parooli ja tekitab ~/.ssh/id_rsa faili

Kopeerimiseks teise masinasse on hea käsk (võib ka käsitsi)

ssh-copy-id -i .ssh/id_rsa.pub kautaja@zoo.tartu.ee 
Või siis käsitsi tuleb paigaldada tekitatud key teises masinas .ssh/authorized_keys alla ja
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

Kasutaja konto lukustamine, et parooliga enam autentida ei saaks

passwd -l kasutaja

...

http://www.marcofolio.net/tips/22_tips_on_how_to_speed_up_windows_xp.html

FreeBSD kerneli paanika järel rebootima /etc/sysctl.conf

debug.debugger_on_panic=0

BSDs apachele olulised moodulid, enne ei anna kernel apachele päringut kätte kui see pole täielik

kldload accf_http

Permanentseks laadimiseks

accf_data_load="YES" # Wait for data accept filter
accf_http_load="YES" # Wait for full HTTP request accept filter

https://www.crc.id.au/configuring-dnssec-on-el6-and-bind-9/ dnssecist

inet6 2001:bb8:2001::5 prefixlen 64 tentative 

tentative tähendab, et ei saa ipv6 aadressi kätte. mingi bsd jama. täpsemalt et süsteem ei tohi kasutada kuni otsib kollisioone.

Apache käsna seadistus sisult harva muutuvale, kuid samas aeglaste andmebaasi päringutega veebile

Timeout 60
Header merge Cache-Control max-age=900
Header unset Expires
CacheEnable disk /
CacheDisable /administrator
CacheDefaultExpire 900
CacheMaxExpire 3600
CacheIgnoreCacheControl On
CacheIgnoreNoLastMod On
CacheIgnoreHeaders Set-Cookie
CacheDirLevels 1
CacheDirLength 1
CacheMaxFileSize 64000
CacheRoot /run/zoo/cache

Selle mõjud on järgmised 1) kord veerand tunni jooksul saab üks vaataja Sirbi veebilehe ette aeglaselt, järgmised vaatajad näevad sisu peaaegu hetkeliselt, 2) veebis tehtavad muudatused ilmuvad vaatajatele viivitusega kuni 15 minutit.

Puhvrist välja jäävad kaust /administrator, lehed suurusega alla 2KB (s.h. veateated) ja materjalid mahuga üle 64KB.

https://wiki.archlinux.org/index.php/prosody jabberi server

http://prosody.im/doc/configure

https://wiki.debian.org/InstallingProsody

Linuxi poolne iscsi loogika:

> Oct 31 12:16:30 se kernel: connection39:0: ping timeout of 5 secs > expired, recv timeout 5, last rx 22326623071, last ping 22326621840, now > 22326633071 > Oct 31 12:16:30 se kernel: connection39:0: detected conn error (1011)


The iscsi initiator will send a iscsi nop/ping every node.conn[0].timeo.noop_out_interval seconds if there is no traffic on a session. If it does not get a response in node.conn[0].timeo.noop_out_timeout seconds, it drops the connection thinking the connection is bad. It then tries to create a new tcp/ip connection and relogin to the target and restart IO.

Mul on need mõlemad numbrid 5 sekundit, seega kui 5 sekundi jooksul traffic puudub, saadab masin iscsi nop/pingi ja kui sellele 5 sekundi jooksul vastust ei tule, resetib ühenduse.

Teiseks väidetakse, et koormatud storage korral "Decrease the queue_depth and increase the nop setting"

queue_depth on mul 32 ja timeo.noop_out_timeout on 5 

/usr/local/etc/mail/spamassassin/local.cf

# whitelist everyone at sparkingwire.com:
whitelist_from  *@sparkingwire.com

http://acksyn.org/?p=796 iscsi deemon ja fiiberkaardid

http://community.zenoss.org/docs/DOC-9132 freebsd snmpd deemon mis distroga kaasas. Parem kui net-snmpd

http://www.jlsnet.co.uk/index.php?page=ccna_1a_switching switchi ehk lüliti töö seletus. Cam tabel jms.

tcp and host <ip>
src port 80 and dst host 10.30.1.3
src port > 1024 and dst host 10.10.X.Y
src host 10.10.X.Y – meaning look for fows for this host
src port 22 – meaning fows where the source port is 22
src port 22 or src port 80 – meaning fows of either port 22 or 80
src port 80 and in if 1 – meaning fows of src port 80 that passed via interface 1
dst net 10.10.0.0/16 – meaning all fows where the destnaton network is 10.10.0.0/16
src port > 5000 – meaning all fows where the source port is greater than 5000
  • MariaDB Galera Cluster

Millegipärast käivitades usb pulga kontrolli andis # fsck.vfat -r -f -v /dev/sdb1 paljude võtmetega annab teateks Unable to create unique name

Paistab, et kõige paremini töötas lahendus, kus fsck.vfat jaoks ei anna mitte ühtegi muud parameetrit kui -r ja toimib.

badblocks -v /dev/hda1 > bad-blocks

The above command will generate the file bad-blocks in the current directory from where you are running this command.


http://frenzy.org.ua/en/download.shtml Asjalik FreeBSD live cd mitmete töövahenditega.

Okular, üks asjalikumaid pdfi ja cbr-cbz koomiksite lugemise tarkvarasid linuxile. Võimaldab nt kerida koomikseid mugavamalt, ilma, et peaks eraldi lehevahetamiseks mingit nuppu klõksima.

70965 619x590.jpg

http://spritesmods.com/?art=hddhack&page=2 kõvaketta ehitusest.

#!/bin/bash
createTunnel() {
  /usr/bin/ssh -N -R 2222:localhost:22 serverUser@25.25.25.25
  if [[ $? -eq 0 ]]; then
    echo Tunnel to jumpbox created successfully
  else
    echo An error occurred creating a tunnel to jumpbox. RC was $?
  fi
}
/bin/pidof ssh
if [[ $? -ne 0 ]]; then
  echo Creating new tunnel connection
  createTunnel
fi

Place this in as your cron job (every minute check if the ssh connection is up, if not, attempt to bring it up)

*/1 * * * * ~/create_ssh_tunnel.sh > tunnel.log 2>&1

To troubleshoot any problems in this you can view the tunnel.log file.

Now let’s take a step back and look at what we’ve done. When the Raspberri Pi is on, it will check every minute to see if an ssh connection to your linux server exists. If it doesn’t it will create one. The tunnel it creates is really a reverse remote tunnel. Once the tunnel is up, anyone who ssh’s into port 2222 of the linux server will then be redirected to the Pi.

Kantsulgude vahel olevate asjade otsimise regexp.

\[.*\]

Then concatenate the .vob files that make up the part of the dvd you wish to convert (they will be split into 1gb files for compatibility)

cat VTS_xx_xx.VOB VTS_xx_xx.VOB ... > intermediate.VOB

Then, use ffmpeg to convert the file to mkv with no loss of quality

ffmpeg -i intermediate.VOB output.mkv

Ati kaartidel

# aticonfig --odgc

Default Adapter - AMD Radeon HD 7900 Series 
                            Core (MHz)    Memory (MHz)
           Current Clocks :    500           1400
             Current Peak :    1000           1400
  Configurable Peak Range : [300-1125]     [150-1575]
                 GPU load :    0%

Nvidia kaartidel

 # nvclock ?

ATI videokaardi seadistamise menüü linuxis

# gksu amdcccle

Nvidia kaartidel, nt Geforce GTX 550 Ti

# apt-get install nvidia-settings nvidia-current

ja

# sudo nvidia-settings 


Lihtne proxy: tcpproxy


https://code.google.com/p/sigil/downloads/list vabavaraline epubi editor

Mis helisüsteemid meil on

# cat /proc/asound/cards 
 0 [HDMI           ]: HDA-Intel - HDA ATI HDMI
                      HDA ATI HDMI at 0xe0240000 irq 86

Heli väljundid

# aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: HDMI [HDA ATI HDMI], device 3: HDMI 0 [HDMI 0]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 0: HDMI [HDA ATI HDMI], device 7: HDMI 1 [HDMI 1]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 0: HDMI [HDA ATI HDMI], device 8: HDMI 2 [HDMI 2]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 0: HDMI [HDA ATI HDMI], device 9: HDMI 3 [HDMI 3]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 0: HDMI [HDA ATI HDMI], device 10: HDMI 4 [HDMI 4]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 0: HDMI [HDA ATI HDMI], device 11: HDMI 5 [HDMI 5]
  Subdevices: 1/1
  Subdevice #0: subdevice #0

Alsa seadistus

# sudo alsamixer -c 0

The sound card you are looking at is for output over HDMI, such as on an HDTV. Select your other sound device with F6, to get sound from your built-in speakers.

# lspci | egrep -i audio 
03:00.1 Audio device: Advanced Micro Devices [AMD] nee ATI Tahiti XT HDMI Audio [Radeon HD 7970 Series]

Test

# speaker-test

http://en.wikibooks.org/wiki/Configuring_Sound_on_Linux/HW_Address rohkelt juttu.

Emaplaadi info vaatamine

# sudo dmidecode -t 2
Handle 0x0011, DMI type 2, 20 bytes
Base Board Information
	Manufacturer: Intel Corporation
	Product Name: DX79SI
	Version: AAG28808-600
	Serial Number: BTSI210000EE
	Asset Tag: Base Board Asset Tag
	Features:
		Board is a hosting board
		Board is replaceable
	Location In Chassis: Base Board Chassis Location
	Chassis Handle: 0x0012
	Type: Unknown
	Contained Object Handles: 0

Kui skännitud tekstis on sisse jäänud ka leheküljenumbrid stiilis number+reavahetus saab neid otsida libreoffices järgiste regexpiga

^[:digit:]{3}$
^[:digit:]{2}$
^[:digit:]{1}$




Amd protsessori info lugemine. Vajalik laadida moodul amdtemp mis bsdga kaasas.

arhiivitaja:~> kldstat
Id Refs Address            Size     Name
 1   17 0xffffffff80200000 cdcac0   kernel
 2    1 0xffffffff80edd000 2fe8     amdtemp.ko
...
arhiivitaja:~> dmesg | grep -i cpu
CPU: Dual Core AMD Opteron(tm) Processor 275 (2193.80-MHz K8-class CPU)
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
 cpu2 (AP): APIC ID:  2
 cpu3 (AP): APIC ID:  3
 ...
amdtemp0: <AMD CPU On-Die Thermal Sensors> on hostb3
amdtemp1: <AMD CPU On-Die Thermal Sensors> on hostb7

Temperatuurid

arhiivitaja:~> sysctl dev.cpu
dev.cpu.0.%desc: ACPI CPU
dev.cpu.0.%driver: cpu
dev.cpu.0.%location: handle=\_PR_.CPU1
dev.cpu.0.%pnpinfo: _HID=none _UID=0
dev.cpu.0.%parent: acpi0
dev.cpu.0.temperature: 53.0C
dev.cpu.0.freq: 2200
dev.cpu.0.freq_levels: 2200/-1 1925/-1 1650/-1 1375/-1 1100/-1 825/-1 550/-1  275/-1 
dev.cpu.0.cx_supported: C1/1/0
dev.cpu.0.cx_lowest: C1
dev.cpu.0.cx_usage: 100.00% last 1935us
...

http://www.rohitmenon.com/index.php/howto-connect-2-phones-and-make-a-simple-call-using-asterisk/ kaks sip telefoni omavahel helistama.

Otsing logidest, uurida kindlasti http://sub-reality.org/2012/09/howto-setup-logstash-and-kibana-for-nginx-on-debian-squeeze/

Kui dmesgis


echo "accf_http_load=\"YES\"" >> /boot/loader.conf
echo "accf_data_load=\"YES\"" >> /boot/loader.conf
echo "apache22_enable=\"YES\"" >> /etc/rc.conf


---

If you have a folder named "mydvd" in your home directory containing a VIDEO_TS folder, cd to your home folder mydvd, then run:

# mkisofs -dvd-video -o mydvd.iso mydvd

This will produce a mydvd.iso file. To verify, run

# isoinfo -l -i mydvd.iso

You can also download pages with a variable GET parameter. For e.g take the following url:

http://example.com/pages.php?pageNo=35

The variable here is the pageNo parameter. You can download all the pages by adding a regular expression like parameter in the CURL url as given below.

curl -o pages#1.html http://example.com/pages.php?pageNo=[1-12]


To POST to a page.

You can also process a POST request using CURL. The data will use the application/x-www-form-urlencoded encoding. Lets say you have the following POST form in your page:

<form method="POST" action="process.php">
          <input type=text name="item">
          <input type=text name="category">
          <input type=submit name="submit" value="ok">
</form>

You can use the following CURL command to POST the request.

curl -d "item=bottle&category=consumer&submit=ok" 
           www.example.com/process.php

send login data with POST request curl --request POST 'http://www.somedomain.com/login/' \ --data 'username=myusername&password=mypassword'

send search data to with get request

curl --request GET 'http://www.youtube.com/results?search_query=my_keyword'

send PUT request with data

curl --request PUT 'http://www.somedomain.com/rest-api/user/12345/'\
--data 'email=myemail@gmail.com'

same thing but this one get data from a file named data.txt

curl --request PUT 'http://www.somedomain.com/rest-api/user/12345/'\
--data @data.txt

Cores make threads work better, so you'd want to investigate if USE="threads" is useful for you.

NUMA is also an option in the kernel. Should also be fully transparent. I got one machine with NUMA and only had to set an option for it.

I believe NUMA is only used on multiprocessor machine and not on only multicore.

NUMA's about memory access so it's about cores/CPUs/processors/whatever_you_want_to_call_it and how they access memory.

If you want to run mysql with high memory usage on that machine, you might want to read http://blog.jcole.us/2010/09/28/mysql-swap-insanity-and-the-numa-architecture/

Everything else that I can think of already has beed said.

Oh, tweak MAKEOPTS for a faster compile time, you also might want to look at emerges --jobs and --load-average parameters

NUMA is a hardware architecture. It's how you access memory on a hardware level: NUMA = Non Uniform Memory Access vs a UMA architecture of typical (old/legacy) SMP systems (UMA = Uniform Memory Access).

In a UMA system, all the memory belongs to all the sockets. In a NUMA system, each socket has it's "own" local memory. In modern (x86-64) processors, each socket has it's own memory controller so each socket controls its own local memory. If one socket runs out of memory it can ask another socket to lend him some memory. In a UMA system, no socket has to ask since memory is global and belongs to all sockets so if one socket uses up all the memory ... the rest "starve". In NUMA, there's more control over who uses what (be it cores or RAM).

If you have a modern dual or quad (or higher #) socket system ... you've got NUMA architecture and you can't get rid of it, it's hardware, not software.

NUMA is not bad nor good. It's "transparent" to you. If your SW supports threads, OpenMP, ... you'll be using it without knowing. That doesn't mean you can't tweak performance and use numactl tools, cgroups, ... to increase performance. You can

So I must enable CONFIG_NUMA for more than one physical CPU, and disable it for only one physical CPU?

Yup. But ... Why would you want to disable a socket (CPU)? If you disable a socket (CPU) ... you lose the memory attached to that socket (CPU) not to mention you lose those cores

A better solution would be to use cgroups or numactl tools to pin a certain process to a set of cores and a memory region.

If you really want to deactivate cores (but not the whole socket), you can type:

echo 0 > /sys/devices/system/cpu/cpu1/online

This would deactivate core #1. You can deactivate as many cores as you wish, except for core #0.

This can be done without rebooting your server (aka during run time). Your memory will not be affected, but you will have less cores (and theoretically more memory bandwidth). I say "theoretically" because you always have to benchmark these things with YOUR application (remember logic NEVER applies to real life

If you want to check the # of cores you've got:

cat /proc/interrupts | grep CPU

Other possibilities such as cat /proc/cpuinfo or dmesg, ... can be useful too for this: your choice, FLOSS gives you options.

If you want to activate the previously deactivated core, you can run:

echo 1 > /sys/devices/system/cpu/cpu1/online

Now ... be sure your core numbering is the expected core numbering. IOW, not all server vendors follow the same numbering scheme so core #1 in vendor A's server could be core #2 in vendor B's server. Never trust logic

As I mentioned previously: test/benchmark YOUR software. DON'T trust logic or generic benchmarks or web pages with results. Trust YOUR results only.

$ dmesg | grep UMA
No NUMA configuration found
$ cat /usr/src/linux/.config | grep -i NUMA
CONFIG_NUMA=y
# CONFIG_AMD_NUMA is not set
CONFIG_X86_64_ACPI_NUMA=y
# CONFIG_NUMA_EMU is not set
CONFIG_USE_PERCPU_NUMA_NODE_ID=y
CONFIG_ACPI_NUMA=y

Gentoo Packages /package/sys-process/numactl

http://dustinhatch.tumblr.com/post/38118003177/minimalist-gentoo-for-the-raspberry-pi väärt link


Task 2 unlock a determined port, once someone “knock”

knock < host > 3000 4000 5000 && ssh -p
user@host && knock < host > 5000 4000 3000

In this example, you do not see the direct use of iptables, but iptables is used in the configuration file of knockd, You have to install knockd.

[options]
 logfile = /var/log/knockd.log
[openSSH]
sequence = 3000,4000,5000
seq_timeout = 5
command = /sbin/iptables -A INPUT -i eth0 -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn
[closeSSH]
sequence = 5000,4000,3000
seq_timeout = 5
command = /sbin/iptables -D INPUT -i eth0 -s %IP% -p tcp --dport 22 -j ACCEPT
tcpflags = syn


Use pf firewall and get updated IP-address list from countryipblocks.net or IPdeny IP country blocks http://www.ipdeny.com/ipblocks/

You can download and store ip list in a directory and configure pf.conf

Code: table <cn-block> persist file "/path/to/cn.zone" block in log quick on $ext_if from <cn-block> to any block out log quick on $ext_if from any to <cn-block>



hosting-sw4.FastEthernet0_18.rrd
hosting-sw.FastEthernet0_18.rrd
hosting-sw4.FastEthernet0_19.rrd
hosting-sw.FastEthernet0_19.rrd
hosting-sw4.FastEthernet0_2.rrd
hosting-sw.FastEthernet0_2.rrd
hosting-sw4.FastEthernet0_20.rrd

Ümbernimetamise

for i in `ls *.rrd | grep sw4`
do
new=`echo "$i" | sed 's/sw4/sw/g'`
mv -f $i $new
done


a lot easier: grub with entry:

vmlinuz
vmlinuz.old

in /usr/src/linux:

make all modules_install install

no problems, latest kernel will boot by default, previous kernel .old.

Syn floodiga võitlus bsd masinas

bsd# netstat -n | grep SYN_RCVD | wc -l
    4308
net.inet.tcp.syncookies_only=1
net.inet.tcp.syncookies=1

testimine

hping3 -S x.x.x.x -p 80 --flood
# sysctl -ad | grep kern.ipc.shm_use_phys
kern.ipc.shm_use_phys: Enable/Disable locking of shared memory pages in core

Debiani boodil starditavate teenuste konfilime pseudograafilise liidesega

#apt-get install rcconf

This will complete the installation now if you want to run this application use the following command

# rcconf

Rcconf.png

WebDAV on HTTP laiendus, mis võimaldab il veebiserveris faile luua ja muuta. Selleabil on võimalik luua enda isiklikku serverisse mõnusa alternatiivi dropboxile

Webdav.GIF

NameVirtualHost *
<VirtualHost *>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/web1/web/
        <Directory /var/www/web1/web/>
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        Alias /webdav /var/www/web1/web

        <Location /webdav>
           DAV On
           AuthType Basic
           AuthName "webdav"
           AuthUserFile /var/www/web1/passwd.dav
           Require valid-user
       </Location>
</VirtualHost>
htpasswd /var/www/web1/passwd.dav 192.168.0.100\\test

We will later on use the URL http://192.168.0.100/webdav to connect to WebDAV. When you do this on a Windows XP client and type in the user name test, Windows translates this to 192.168.0.100\test. Therefore we create a second user account now (without the -c switch because the password file is already existing):

We will now install cadaver, a command-line WebDAV client:

apt-get install cadaver

To test if WebDAV works, type:

cadaver http://localhost/webdav/

You should be prompted for a user name. Type in test and then the password for the user test. If all goes well, you should be granted access which means WebDAV is working ok. Type quit to leave the WebDAV shell:

server1:~# cadaver http://localhost/webdav/
Authentication required for test on server `localhost':
Username: test
Password:
dav:/webdav/> quit
Connection to `localhost' closed.
server1:~#

http://trac.cyberduck.ch/

http://en.wikipedia.org/wiki/OwnCloud

http://www.snuffybear.com/ucm_webdav.htm

Are you using Find & Replace? If so click on the "More options" button then select "Regular expressions" then retry the find.

\t
# echo "password"|openssl passwd -1 -stdin

Sip

http://www.gnutelephony.org/index.php/Howto_Deploy_SIP_Witch_On_Ubuntu

http://ariscahyadi.wordpress.com/2009/05/02/sip-server-installation-and-configuration/

http://www.gnutelephony.org/index.php/GNU_SIP_Witch_configuration

P2pvsdomain.jpg

Gpodder - hea linuxis podcastide tõmbaja.

Gpodd.jpg

http://www.iredmail.org/ üks huvitav maililahendus mida uurida.

Ainult ühe kausta piires

for file in *
do
     iconv -f iso-8859-4 -t UTF-8 "$file" > "$file.new"
     sleep 1
     mv -f "$file.new" "$file"
     echo $file
done

Rekursiivselt kõik

find * -type f -exec /home/konvert2.sh "{}" \;

või aja järgi

find * -mtime +100 -exec /home/konvert.sh "{}" \;

Skript ise

iconv -f iso-8859-4 -t UTF-8 "$1" > "$file.new"
sleep 1
mv -f "$file.new" "$1"
echo $1

Turvaserveri juhendist pärit õpetussõnad

Tugevate paroolide kehtestamine Anna käsk:

sudo apt-get install libpam-cracklib

Sätteid saab muuta failist /etc/pam.d/common-password. Vaikimisi kehtestatab see paroolide panekul reeglid, et parooli miinimumpikkus on 8 märki (minlen=8) ja uus parool peab vanast erinema 3 märgi võrra (difok=3).

Apticron Paigalda pakk "apticron", mis saadab meili teel teavitusi saadaolevatest turvauuendutest, mida saab konkreetsele serverile paigaldada. Anna käsk:

sudo apt-get install apticron

Vaikimisi saadetakse teavitused kasutajale "root". Muutmiseks anna käsk:

sudo dpkg-reconfigure apticron

LUBA SSH JUURDEPÄÄS AINULT VOLITATUD KASUTAJATELE 1. Tekita grupp "sshusers", kuhu kuuluvad ainult need kasutajad, kellel peaks olema juurdepääs üle SSH 2. Lisa SSH konfiguratsioonifaili rida "AllowGroups sshusers" 3. Lisa faili /etc/group sektsioon "sshusers" ja pane sinna volitatud kasutajad

KEELA JUURKASUTAJANA SISSELOGIMINE Asenda rida "PermitRootLogin yes" reaga "PermitRootLogin no". NB! Kui varundamise vm jaoks on vaja root-juurdepääsu, siis kasuta direktiivi "PermitRootLogin forced-commands-only".

Suid- ja sgid-bitiga binaarfailid Failide leidmiseks anna käsk:

sudo find / -perm 4000 -o -perm 2000
Suid/sgid biti eemaldamiseks anna käsk:
sudo chmod -s <fail>

Eemaldamisel tuleb lähtuda igast failist eraldi. Selleks, et paki uuendamisel suid-bitt tagasi ei tuleks, tuleb deb-põhistes distributsioonides need bitid eemaldada permanentselt, kasutades utiliiti deb-statoverride. Näiteks kui käsku "at" ei kasutata, saab selle eemaldada järgmiselt:

sudo dpkg-statoverride --add root root 755 /usr/bin/at
sudo chown root:root /usr/bin/at
sudo chmod 755 /usr/bin/at

Teavitused juurkasutaja sisselogimisest Konfigureeri süsteem nii, et ta saadaks meili iga kord, kui keegi logib root-kasutajana sisse. Selleks redigeeri faili /root/.bashrc (kui on kasutusel Bash) ja lisa sinna järgmine rida:

echo -e "Serverisse `hostname` on loginud (`date`)\n`who`" | mail -s "Root

logis serverisse `date`" kasutaja@server.ee

Portide konfigureerimine Kõikide kuulavate TCP- ja UDP-portide kuvamiseks anna käsk:

sudo lsof -i -n | egrep 'COMMAND|LISTEN|TCP|UDP'

Portide sulgemiseks eemalda pordinumbrile vastavat võrguteenust pakkuv pakk või keela võrgus kuulamine muul viisil. Sulgeda ei tohi järgmisi deemoneid või protsesse, mis on vajalikud X-tee tööks: Andmekogu turvaserver (xtee-producerproxy): TCP 5555 Infosüsteemi (consumer) Apache: TCP 80 või 443 Infosüsteemi või andmekogu turvaserveri veebiliides: TCP 3000 SSH: nagu ülalpool konfigureeritud ntpd: UDP *:123 named: localhost, oma port postfix: localhost, oma port




Videokonverents on

...süsteem, mis lubab teatud tehnoloogia vahendusel üle audio-video silla suhelda samaaegselt erinevates geograafilises puktides viibivatel inimestel.

Videokonverentsi ajalugu

1956 aastal demonstreeris AT&T ideed ühendada hääl ja pilt – üks kaader iga kahe sekundi tagant. 1964 aastal loodi esimene pilti ja heli edastav toode nimega Picturephone. 1980-ndatel digitaalse telefoni (ISDN) tulekuga said videokonverentsi süsteemide arendus tuule tiibadesse.

Eesti akadeemilistesse ringkondadesse jõudis videokonverents 1996 aasta septembris kui Sidetehnika messil toimus esimene videokonverents Tallinna Pedagoogika Ülikooli ja Tallinna Tehnikaülikooli vahel. Videokonverents toimus üle ISDN ühenduse. Tartusse jõudsid videokonverentsi võimalused 1998 aastal.

Videokonverentsi võimalikud süsteemid

Tarkvarapõhised (desktop videoconferences) VK toimub tarkvara vahendusel. Spetsiaaltarkvara – Polycom, PVX, MS Netmeeting, EVO. Tavaline audio-video suhtlemiseks mõeldud tarkvara – Skype, MSN, Google talk jms. (Sõltuvalt VK-st, on vaja lisaks veebikaamerat, mikrofoni, kõrvaklappe.)

Veebipõhised Tarkvara asub keskses serveris kust kasutajad saavad teda kodulehe vahendusel kasutada. (Näiteks Codian, mida kasutavad ka Eesti haridusasutused)

Täpilised domeeninimed

ACE kodeering: xn--(ASCII märgid)-(kodeeritud Unicode märgid)

jäääär.ee xn--jr-viaaaa.ee

jüriöö.ee xn--jri-unaa6a.ee

ženja.saša.ee xn--enja-kbb.xn--saa-1za.ee


PMC-64/66 PMC-SCI Adapter Card

http://dev.mysql.com/doc/refman/5.0/en/mysql-cluster-interconnects.html

http://docs.oracle.com/cd/E17952_01/refman-5.1-en/mysql-cluster-sci-sockets.html

http://www.linuxtopia.org/online_books/database_guides/mysql_5.1_database_reference_guide/sci-sockets.html

http://ww.dolphinics.no/download/D_3_4_0_LINUX_DOC/ Linuxi manual.



muidu kui kasutada softi raidi jne ning ei ole suurt vajadust linuxi järgi ilmtingimata, siis soe soovitus on OpenIndiana, RAID-Z ja ZFS. Kui iSCSI peamine meetod, siis tõesti OpenIndiana kuna ZFS eelis on see, et sa saad mega mõnsalt jagada kohe iSCSI targetitena välja või win mount või nfs või ...

aga solarises on zfs optsioonid sharemise jaoks FreeBSDs pole sama implementatsiooni. see jah solarise enda osa mis bindib servicetega

osol ja solaris jooksid paralleelis siis kui solarise kood kinni löödi Oracle poolt siis tehti OI kui kloon OSOL-st ja jätkati sõltumatut arendust nagu aru saan, siis Oracle teeb putbacke peale igat full reliisi aga mitte vahepeal, need siis integreeritakse tõenäoliselt ka OI-sse

niiet osol edasi ei arene afaik, areneb OI mida nad teha tahavad on aja jooksul vahetada kõik kinnised tükid (illumos kernel asenduseks jne) iSCSI on suht integraalne osa Solarisest kuna selle peal töötavad nii Suni NAS kastid kui ka Nexenta jne http://openindiana.org/

ainuke osa mis mulle solarise ja derivaatide puhul ei meeldinud on installimine linuxi puhul suht triviaalne pxe püsti panna ja unattended install teha solarise puhul on see automated installer aga see on paras porr, et seda käima saada. ma lõpuks loobusin ja tegin käsi installid üle remote connectioni ISO imagete kaudu

http://goodingredients.org/ingredients/index.html headest komponentidest valmib maitsev toit!

http://blog.doylenet.net/?p=46

Soraburg.png

graafiline bootloader burg

Jan 8 16:07:52 vwclub imap[16435]: SQUAT failed to open index file Jan 8 16:07:52 vwclub imap[16435]: SQUAT failed 

It means that a client did a SEARCH on the mailbox and a SQUAT index file (created by squatter which accelerates SEARCH) wasn't found, so the SEARCH proceeded by scanning the messages themselves.

If you want to get rid of the message, either stop logging at th debug level, or create a squat index for mailboxes that get frequently searched.

saslauthd

-c             Enable credential caching.

The caching layer caches the username, realm, service, and an md5 hash of the > passwords for all authentication mechanisms (LDAP, rimap, PAM, etc). It's > been tested it on RedHat 7.2 Alpha and RedHat 7.3 Intel. I've also only been > able to compile the modifications using the unix IPC option

with appropriate values for the username and password should do the trick.

# testsaslauthd -u test -p parool1
0: OK "Success."

Luckily the PAM stack has a way to cache the password information through the use of the PAM module libpam-ccreds. In short terms this module stores the password hash if a user has correctly authenticated through the PAM LDAP module. If the LDAP server is later unavailable to PAM, it uses ccred's locally cached credentials to authenticate the user.

http://blog.doylenet.net/?p=236

KQEMU was a Linux kernel module, also written by Fabrice Bellard, which notably sped up emulation of x86 or x86-64 guests on platforms with the same CPU architecture. This was accomplished by running user mode code (and optionally some kernel code) directly on the host computer's CPU, and by using processor and peripheral emulation only for kernel mode and real mode code. Unlike KVM, for example, KQEMU could execute code from many guest OSes even if the host CPU did not support hardware virtualization.

http://www.linux-kvm.org/page/BSD

Programming Without Coding Technology (PWCT) http://radicalbreeze.com/

http://www.aboutdebian.com/compile.htm kompileerimisest

LibreOffice

Tobedad mustad raamid teksti ümber

view->text boundaries
linnuke eest ära lihtsalt

Muudatuste näitamise sise või välja lülitamiseks

edit -> changes -> show

http://en.wikipedia.org/wiki/Entity%E2%80%93attribute%E2%80%93value_model http://www.magentocommerce.com/knowledge-base/entry/magento-for-dev-part-7-advanced-orm-entity-attribute-value

ClamavTmpdir /var/tmp/ 
ClamavDbdir /usr/share/clamav 
ClamavSafetypes image/jpg 
ClamavMode daemon 
ClamavSocket /var/clamd 
ClamavTrickleInterval 10 
ClamavTrickleSize 1024 
ClamavSizelimit 1000000 
ClamavShm /var/log/clam/clamav.shm 
ClamavMutex /var/log/clam/clamav.lock 
ClamavAcceptDaemonproblem on 
ClamavExtendedLogging on 
LogFormat "%t %!304{clamav:status}n %{clamav:details}n %{clamav:virusname}n 
request=\"%r\", status=%>s, sent=%!304b, delay=%!304D" clamav_stats 
CustomLog logs/scan_log clamav_stats 
# make sure proxy data is filtered 
<Proxy *> 
SetOutputFilter CLAMAV 
</Proxy> 
# define the location for status information 
<Location /clamav> 
SetHandler clamav 
allow from all 
</Location>
ClamavMessage "\ 
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0//EN\">\ 
<html>\ 
<head>\ 
<title>%i found virus</title>\ 
</head>\ 
<body text=\"#000000\" bgcolor=\"#ffffff\">\ 
<basefont size=\"4\">\ 
<h1><center>%i found virus</center></h1>\ 
<p>The virus <b>%v</b> was found while downloading <i>%u</i>.\ 
The transfer has been aborted.</p>\ 
</basefont>\ 
</body>\ 
</html>\ 
"

Täpitähtedega domeenid Apache konfis idna formaadis http://idna-converter.com/ Näiteks:

Põhimõtted

  • DNS-ga tagasiühilduv
  • ei mõjuta alumisi protokolle
  • uued märgid Unicode kooditabelist

ACE kodeering:

xn--(ASCII märgid)-(kodeeritud Unicode märgid)


  • õpetaja -> xn--petaja-oxa

Virtualhost näeb välja selline:

<VirtualHost 192.168.1.20:80>
  ServerName xn--petaja-oxa.edu.ee 
  ServerAlias www.xn--petaja-oxa.edu.ee
  ServerAdmin eenet@eenet.ee
  DocumentRoot /srv/www/
</VirtualHost>
  • jäääär.ee xn--jr-viaaaa.ee
  • jüriöö.ee xn--jri-unaa6a.ee
  • ženja.saša.ee xn--enja-kbb.xn--saa-1za.ee


/etc/locate.rc faili kirjutasin

PRUNEPATHS="/tmp /usr/tmp /var/tmp /var/db/portsnap /srv"

/etc/periodic.conf faili kirjutasin

daily_clean_tmps_dirs="/tmp /var/tmp"

(oli ainult /var/tmp)

Käsurealt ütlesin

zfs set setuid=off srv
zfs set exec=off srv

(siis ta ei otsi öösiti setuid programme /srv pealt)


Silla loomine:

# /usr/sbin/brctl addbr br0

MAC aadressi genereerimine:

#!/bin/bash
# generate a random mac address for the qemu nic
printf 'DE:AD:BE:EF:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256))

Moniti näidiskonf

check process freeradius with pidfile "/var/run/radiusd/radiusd.pid" 
  start = "/usr/local/etc/rc.d/radiusd start" 
  stop = "/usr/local/etc/rc.d/radiusd stop" 
  if failed host 192.168.1.1 port 1812 type UDP  then restart 

  if cpu usage is greater than 60 percent for 2 cycles then alert 
  if cpu usage > 90% for 5 cycles then restart 
  if totalmem usage > 40% for 5 cycles then restart 

  if 3 restarts within 4 cycles then timeout 

Dambjuuseritele hää saata:

Each line you type at the Unix shell consists of a command optionally followed by some arguments , e.g.

  ls -l /etc/passwd
  |   |     |
cmd   arg1  arg2


#Turn on Public key authentication
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys

#Disable .rhost and normal password authentication
HostbasedAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no

Võtme genereerimine

# /usr/bin/ssh-keygen -t dsa

Võtme lisamine serverisse. Selleks tuleb id_rsa sisu kopeerida kasutaja alla faili .ssh/authorized_keys

# cat id_rsa.pub | ssh admin@systeem.ee "cat >> .ssh/authorized_keys"

Windowsis saab kasutada võtme loomiseks putty nimelist utiliiti.

FreeBSDs on see vaikimisi poliitikaks. Linuxis tuleb seda täiendavalt seadistada

#Disable root login. Users have to su to root
PermitRootLogin no

#Only allow userin the wheel or admin group to login
AllowGroups wheel admin


http://wiki.apache.org/httpd/HttpreadyAcceptFilter FreeBSD apache kiirendamine.


http://www.youtube.com/watch?v=rJ2wGOaMRnA

http://blogs.balabit.com/2011/05/20/logstash/

Graylog2 is an open source syslog implementation that stores your logs in MongoDB. It consists of a server written in Java that accepts your syslog messages via TCP or UDP and stores it in the database. The second part is a Ruby on Rails web interface that allows you to view the log messages.

http://logstash.net/

logstash is a tool for managing events and logs. You can use it to collect logs, parse them, and store them for later use (like, for searching). Speaking of searching, logstash comes with a web interface for searching and drilling into all of your logs.


Logstash and Graylog2 are playing very well together and get more and more acceptance in the rising Devops scene these days. Logstash for collecting, processing and forwarding of logs to Graylog2 - Which is then used for analyzing, reporting and monitoring.


http://logstash.net/docs/1.0.9/outputs/gelf

http://code.google.com/p/logstash/wiki/GettingStartedCentralized

http://logstash.net/docs/1.0.17/getting-started-simple


http://www.voneicken.com/courses/ucsb-cs290i-wi02/papers/Concept_Apache_Arch.htm huvitav artikkel Apache ehitusest. Tasub lugeda.

sata on edaspidi ja tagurpidi ühilduv. Ehk sata 1 ja sata 3 sobivad nii vanadele kui uutele masinatele.


tunnelid ja wifi pettus

http://www.xs4all.nl/~rsmith/

Huvitav lahendus, mida vahel lennujaamas või muus avatud, kuid tasulises wifi levialas rakendada: http://thomer.com/howtos/nstx.html

Lühidalt: tihti olevat nimetatud wifi piirkondades DNS päringud lubatud, kuid muu liiklus blokeeritakse, kuni raha on tasutud. NSTX tunneldab kogu IP liikluse läbi DNS protokolli, pettes niiviisi wifi tulemüüri ära.

See on umbes üheksa aastat vana lahendus ja ma pole kindel, kas see tänapäeval enam päästab. Sama lugu IPoICMP-ga, ICMP on vahel muidu täiesti lahtistest võrkudes lollakalt kinni keeratud.

NSTX näiteks ei sisalda mingit autentimist.


http://www.thesitewizard.com/general/set-cron-job.shtml

http://misc.allbsd.de/Vortrag/EuroBSDCon_2007//Robert_Watson/20070914-security-features.pdf mac

http://screamingelectron.org/forum/showthread.php?t=2809

http://joekuan.wordpress.com/2010/05/09/quick-tutorial-on-how-to-create-a-freebsd-system-startup-script/ teeme oma rc skripti bsd's

http://www.mhaller.de/archives/145-Nagios,-mod_security-and-check_http.html vaja seda uurida

http://www.citi.umich.edu/u/provos/honeyd/


http://linuxgazette.net/149/unnikrishnan.html

https://www.dan.me.uk/blog/2009/05/24/failover-network-interfaces-in-freebsd/

By default, FreeBSD uses MD5 hashes for its encrypted passwords for users. However, blowfish is available in all recent versions of FreeBSD and it’s really easy to change the default… edit the file /etc/login.conf and change the following line:

passwd_format=md5:\

To read the following:

passwd_format=blf:\

Then rebuild the login database with the following command: cap_mkdb /etc/login.conf Now all passwords you change or set when adding a user will be encrypted using blowfish. You can change your current password with passwd and when changed, your password will be blowfish encrypted. Enjoy!


Ftpcontrack1.png

Serveri ja kliendi vahelise ühenduse loomine

  • NEW => Server1 connects to Server2 issuing a SYN (Synchronize) packet.
  • RELATED => Server 2 receives the SYN packet, and then responds with a SYN-ACK (Synchronize Acknowledgment) packet.
  • ESTABLISHED => Server 1 receives the SYN-ACK packet and then responds with the final ACK (Acknowledgment) packet.
Client                     Server
------                     -------
SYN------------------------>
      <---------------------SYN-ACK
ACK------------------------> Mõlemapoolne ühendus loodud



http://exchange.nagios.org/directory/Uncategorized/IPMI-Sensor-Monitoring-Plugin/details Nagios IPMI Sensor Monitoring Plugin

  • it's a shell script (Bash)
  • it uses ipmitool, gawk
  • you can use the plugin with every IPMI-compatible server
  • it follows the Nagios plug-in development guidelines
  • Callback Lowest Privilege Level.
       Allows only initiating a callback.
  • User Allows only IPMI 'begin' commands (query sensors).
   Changing the BMC configuration, writing data to the
  BMC, executing power on/off or reset commands is
 prohibited.
  • Operator Allows nearly all IPMI commands. Only changes of
       out-of-band interfaces are prohibited.
  • Administrator Allows all IPMI commands.


I don't do a lot of audio/video stuff with my system, but the other day I had the urge to see if there was some voice synthesis software available on Linux and it turned out that I already had it installed: it's called Festival. Turns out there are a number of voice synthesis and analysis packages available.

Festival is, according to the website:

Festival offers a general framework for building speech synthesis systems as well as including examples of various modules. As a whole it offers full text to speech through a number APIs: from shell level, though [sic] a Scheme command interpreter, as a C++ library, from Java, and an Emacs interface. Festival is multi-lingual (currently English (British and American), and Spanish) though English is the most advanced. As far as simple commands, Festival comes with two: saytime and text2wave. Saytime does what you would expect, it speaks the time (as well as outputting the spoken text to stdout). Note though, the time that is output tends to be less than specific:

$ saytime The time is now, just after half past 10, in the morning. A wave file of the output is attached (time.wav).

The second command that comes with Festival is text2wave which converts text read from stdin to a .wav file output:

$ echo Your job has completed | text2wave >job.wav
$ aplay job.wav
# OR
$ echo Your job has completed | text2wave | aplay
The wave file is attached (job.wav).

http://gns3.blogspot.com/2007/10/ios.html

http://zumastor.googlecode.com/svn/branches/0.8/doc/zumastor-howto.html

http://zumastor.org/man/ddsnap.8.html

LVM snapshots are great for being able to backup you server without taking it offline. As stated LVM snapshots are almost instant copies. You create them using the lvcreate command just as you would to create the LV itself, only you give it the --snapshot option and the original LV instead of the VG. For instance:

lvcreate -L <LV size> -s -n <snapshot name> /dev/<VG name>/<LV name> This will create a snapshot of the given LV with the specified snapshot name that you can then mount and use this snapshot LV to perform your backup from without worrying about files being actively used. This is particularly helpful if you are attempting to backup an active database server.

After you are done with backing up from the snapshot you would want to remove it to reduce any additional I/O overhead or other performance issues as others have mentioned using:

lvremove /dev/<VG name>/<snapshot name> While LVM snapshots can be invaluable in producing a reliable backup of systems like databases and such that you would normally want to shutdown to backup to avoid file contention they are not ideal for long-term operation as a quick restore.

Although there are 'write-device' and 'copy-device' patches for RSync they only work well on small images (1-2GB). RSync will spend ages searching around for matching blocks on larger images and it's almost useless of 40GB or larger devices/files.

We use the following to perform a per 1MB checksum comparison and then simply copy the content if it doesn't match. We use this to backup servers on a virtual host in the USA to a backup system in the UK, over the public internet. Very little CPU activity and snapshot performance hit is only after hours:

Create snapshot:

lvcreate -i 2 -L 25G /dev/vg_kvm/company-exchange -n company-exchange-snap1
export dev1='/dev/mapper/vg_kvm-company--exchange--snap1';
export dev2='/dev/mapper/vg_kvm-company--exchange';
export remote='root@backup.company.co.za';

Initial seeding:

dd if=$dev1 bs=100M | gzip -c -9 | ssh -i /root/.ssh/rsync_rsa $remote "gzip -dc | dd of=$dev2"

Incremental nightly backup (only sends changed blocks):

 ssh -i /root/.ssh/rsync_rsa $remote "
   perl -'MDigest::MD5 md5' -ne 'BEGIN{\$/=\1024};print md5(\$_)' $dev2 | lzop -c" |
   lzop -dc | perl -'MDigest::MD5 md5' -ne 'BEGIN{$/=\1024};$b=md5($_);
     read STDIN,$a,16;if ($a eq $b) {print "s"} else {print "c" . $_}' $dev1 | lzop -c |
 ssh -i /root/.ssh/rsync_rsa $remote "lzop -dc |
   perl -ne 'BEGIN{\$/=\1} if (\$_ eq\"s\") {\$s++} else {if (\$s) {
     seek STDOUT,\$s*1024,1; \$s=0}; read ARGV,\$buf,1024; print \$buf}' 1<> $dev2"

Remove snapshot:

lvremove -f company-exchange-snap1

https://help.ubuntu.com/community/MediaTomb


Transfer file to remote computer. Return the result. Cleanup on remote. Except on local (:)

find logs/ -name '*.gz' | \
parallel --sshlogin server,server2,: \
--trc {.}.bz2 "zcat {} | bzip2 -9 >{.}.bz2"

Run gzip on the files in current dir Recompress .gz to .bz2

parallel gzip ::: *
parallel "zcat {} | bzip2 >{.}.bz2” ::: *.gz

GNU Parallel is OK with less quoting

parallel zcat {} “|” bzip2 “>”{.}.bz2 ::: *.gz
find . -type f | egrep "\.flac$" | parallel ffmpeg -i {} -ab 192k -acodec libmp3lame -ac 2 {.}.mp3

http://en.wikipedia.org/wiki/Parallel_(software)

http://hekate.homeip.net/2011/05/parallel-shell-processing/

Here's an imagemagick example; over six minutes with xargs, under 20 seconds with parallel

 $ ls *.png |wc -l
 3580
 $ time ls|sed 's/\(.*\)\..*/\1/'|parallel convert {}.png {}.ppm
 ls --color  0.00s user 0.01s system 63% cpu 0.016 total
 sed 's/\(.*\)\..*/\1/'  0.01s user 0.00s system 39% cpu 0.025 total
 parallel convert {}.png {}.ppm  97.39s user 61.87s system 890% cpu 17.883 total
 $ time ls|sed 's/\(.*\)\..*/\1/'|xargs -I {} convert {}.png {}.ppm
 ls --color  0.01s user 0.00s system 63% cpu 0.016 total
 sed 's/\(.*\)\..*/\1/'  0.01s user 0.00s system 39% cpu 0.025 total
 xargs -I {} convert {}.png {}.ppm  93.08s user 47.88s system 38% cpu 6:10.88 total
#!/bin/sh
for i in `ls asd`
do
nimi=`echo $i  | awk -F'.' '{ print $1 }'`
echo $nimi
convert asd/$i -resize 75% -quality 80% $nimi.jpg
done
  • em212-l3ta-ss

http://www.randomboot.org/storage/528-open-source-storage-target-software.html

http://scst.sourceforge.net/target_emulex.html

http://marcitland.blogspot.com/2011/03/accelerating-vdi-using-scst-and-ssds.html

lpfc driver for Emulex Fibre Channel HBAs

http://www.google.ee/url?sa=t&source=web&cd=1&ved=0CBUQFjAA&url=http%3A%2F%2Fwww-dl.emulex.com%2Fsupport%2Flinux%2F732%2Fset.pdf&rct=j&q=emulex%20hda%20lpfc&ei=9lb-Tf2XHoO6-Aaag6kS&usg=AFQjCNFx3HdP7_O2z2rLq9TvHOi3JwEOcQ

http://www.emulex.com/downloads/emulex.html

http://iscsi-scst.sourceforge.net/SCST_Gentoo_HOWTO.txt

http://iscsi-scst.sourceforge.net/iscsi-scst-howto.txt


http://www.geek.com/articles/gadgets/feature-how-to-build-and-customize-your-own-pbx-with-asterisk-20080812/ asteriskist juttu

mpt0 uurimiseks freebsd keskkonnas

# /usr/sbin/mptutil show drives 
mpt0 Physical Drives:
 da0 (   68G) ONLINE <FUJITSU MBA3073RC 0103> SAS bus 0 id 1
 da1 ( 1863G) ONLINE <WDC WD2003FYYS-0 1D01> SATA bus 0 id 2
 da2 ( 1863G) ONLINE <WDC WD2003FYYS-0 1D01> SATA bus 0 id 3
 da3 ( 1863G) ONLINE <WDC WD2003FYYS-0 1D01> SATA bus 0 id 4


In blockio mode, it defines a mapping between a "Logical Unit Number" <lun> and a given block device <device>. This mode will perform direct block i/o with the device, bypassing page-cache for all operations. This allows for efficient handling of non-aligned sector transfers (virtualized environments) and large block transfers (media servers). This mode works ideally with high-end storage HBAs and for applications that either do not need caching between application and disk or need the large block throughput.


http://www.burlaca.com/2009/02/alivelog/ vajab uurimist

http://www.instalinux.com/ linuxi autoinstaller.

apt-get install l7-filter-userspace

l7-filter-userspace

Jälgimiseks super hea iptraf pakett.


Krüpteerime/dekrüpteerime faili

# openssl aes-128-cbc -salt -in file -out file.aes
# openssl aes-128-cbc -d -salt -in file.aes -out file

PS: Fail võib olla suvaline tar, jpg, avi jne

Pakime kokku ja krüpteerime/dekrüpteeirme terve kausta

# tar -cf - directory | openssl aes-128-cbc -salt -out directory.tar.aes    
# openssl aes-128-cbc -d -salt -in directory.tar.aes | tar -x -f -          

Tarime, zipime ja krüpteerime/dekrüpteerime kataloogi

# tar -zcf - directory | openssl aes-128-cbc -salt -out directory.tar.gz.aes 
# openssl aes-128-cbc -d -salt -in directory.tar.gz.aes | tar -xz -f -       

Selleks, et vältida interaktiivset parooliküsimust tuleb anda parameetrina juurde -k minuparool peale aes-128-cbc rida. Muidugi on see ebaturvaline lähememine

Tugevamat krüpteerimist vajades võib kasutada aes-128 asemel aes-256-cbc. See nõuab samas rohkem cpu jõudlust.

Mõned abiks olevad programmid

  • mplex -- Command-line utility that combines multiple audio and video streams into an mpeg file.
  • dvdauthor -- Command-line utility that makes a DVD filesystem from mpeg files.
  • growisofs -- Command-line CD/DVD burning utility.
  • tovid -- A collection of command-line scripts that automate detection of video type and transcoding to mpeg format.
  • avidemux2 -- GUI for extracting audio and video.
  • DVD::rip -- GUI for ripping, copying, burning DVDs.
  • K3B -- KDE GUI for CD/DVD burning.


Kuidas konvertida DVD9 ümber DVD9 formaati

k9copy

http://www.dvd-guides.com/guides/linux/213-how-to-copy-dvd9-to-dvd5-using-k9copy

https://help.ubuntu.com/community/K9Copy

http://linux-hacks.blogspot.com/2008/06/converting-dvd9-to-dvd5-in-linux.html

http://www.linuxquestions.org/questions/linux-software-2/dvd9-to-dvd5-guide-244913/

Kuidas konvertida DVD ümber AVI formaati

http://www.togaware.com/linux/survivor/AcidRip_Simple.html

http://fixounet.free.fr/avidemux/

Kuidas konvertida AVI ümber DVD formaati

http://www.linuxquestions.org/linux/answers/Applications_GUI_Multimedia/AVI_to_DVD


MySQL-i projektist kõrvalharuna välja kasvanud Drizzle on piisavalt küpseks saanud ning jõudnud avalikkuse ette. Tegemist on toimiva alternatiiviga Oracle omanduses olevale MySQL-ile - üsnagi sarnaselt OpenOffice.org ja LibreOffice vastasseisule. Nüüd on ümberpakendatud tasuta andmebaasimootor valmis ning Drizzle arendajad plaanivad seda pakkuma hakata kõikidele Linuxi distributsioonidele.

http://www.minut.ee/article.pl?sid=11/03/17/2251218&mode=nested&threshold=-1 http://en.wikipedia.org/wiki/Drizzle_(database_server) http://drizzle.org/

Täienduseks veel, et portsus on üllatuseks täiesti olemas http://www.freebsd.org/cgi/url.cgi?ports/databases/drizzle/pkg-descr Gentoos on olemas kolm versiooni (kõik hetkel maskitud aga see pole meid varem kunagi seganud). Debiani/Ubuntu peale ei hakanud vaatamagi, kui juba Gentoos ja FreeBSDs olemas siis imestaksin väga kui seal pole :)

Debianis on Drizzle pakk aasta jagu olemas olnud, aga stabiilsesse riliisi pole seda siiski veel lisatud. Drizzle on ikka väga erinev arendus juba, seda lihtsalt MySQL-i asemel ei julgeks kasutada.

Kui jõudluseprobleemid vaevavad, siis drop-in alternatiividena tasuks vaadata neid asju: http://www.percona.com/software/percona-server/ http://mariadb.org/ http://ourdelta.org/

By default, most disk drives cache writes in internal memory before actually committing them to the disk.

This behavior can make it more likely to trigger inconsistencies on a filesystem using soft updates in case of a power failure. One can disable this feature by adding the following in /boot/loader.conf;

Set ata devices to write-through cache.

hw.ata.wc="0"

If InnoDB is used on a ZFS file system, the following tuning are necessary: On the ZFS filesystem block size will be chosen to match the 16kB used by InnoDB: This operation must be done before MySQL start for the first time or create files, otherwise the block size used will be the one configured when the various files are created.

zfs set recordsize=16K system/services/mysql

sysctl tuunimised FreeBSD süsteemis

Allow normal users to mount filesystems.

vfs.usermount=1

Speed up disk reads.

vfs.read_max=32

Enable port forwarding (for NAT in pf.conf)

net.inet.ip.forwarding=1

Mõned vajalikud rc.confi seadistused

smartd_enable="YES"                     # Check Harddisk health         
blanktime="NO"                          # Wait forever

Selleks, et reboodil ei jääks fsck ootama y klahvi vajutust

fsck_y_enable="YES"

The boot process can be customized in the /boot/loader.conf file, to show a nice menu with beastie:

  1. Boot menu
loader_logo="beastie"

Packet filter ja IPV6

Kui reeglis ei ole sõna inet, siis käib sama reegel nii ipv4 kui ipv6 kohta. Näiteks need:

block in log quick on $ext_if from <global_deny_in> label "global_deny_in"
block in log quick on $ext_if from any to <server_block_out>
block log on $kontor_if all label "blocked_kontor"

Aadresside võrdlemine on pf-il loomulikult intelligentne, s.t. ipv4 aadress tähendab ühtlasi ka ipv4 protot.


Veebiserverite võrdlus

http://nbonvin.wordpress.com/2011/03/14/apache-vs-nginx-vs-varnish-vs-gwan/



Sorteerime top 10 suuremat kausta

$ du | sort -nr | head -10


Universaalne frontend haldamiseks, mis võib reegleid genereerida mitme erineva backendi tarbeks. http://www.fwbuilder.org/

Linuxi otsa arendatav ruuteri/tulemüüri produkt. Core on täitsa prii. http://www.vyatta.com/downloads/index.php


https://www.slashorg.net/read-141-IPv6-routing-using-FreeBSD.html näiteks SSH lubamine: pass in on $ipv6_if inet6 proto tcp from $ext_server to any port 22 keep state

Polling http://www.cyberciti.biz/faq/freebsd-device-polling-network-polling-tutorial/


Kaks IP aadressi kahe erineva GW läbi ehk erinevatest võrkudest

  • IP 193.40.0.75 netmask 255.255.255.240
  • ruuter 193.40.0.65
  • võrk 193.40.0.0/28
# cat /etc/conf.d/local.start

# teine ip aadress
ifconfig eth2 193.40.0.75 netmask 255.255.255.240

ip route add 193.40.0.0/28 dev eth2 src 193.40.0.75 table admin
ip route add default via 193.40.0.65 dev eth2 table admin

ip rule add from 193.40.0.75/32 table admin
ip rule add to 193.40.0.75/32 table admin

http://www.cyberciti.biz/faq/freebsd-device-polling-network-polling-tutorial/ polling

http://rlworkman.net/howtos/OpenBSD_pf_guide.html hea manual


http://prefetch.net/articles/monitoringpf.html pf tabelitest graafikute joonistamine.

http://en.wikipedia.org/wiki/DGen

http://undeadly.org/cgi?action=article&sid=20060927091645

http://www.probsd.net/pf/index.php/Main_Page

http://forge.mysql.com/wiki/MySQL_Proxy

databases/mysql-proxy

15.6.6.1: In load balancing, how can I separate reads from writes?

There is no automatic separation of queries that perform reads or writes to the different backend servers. However, you can specify to mysql-proxy that one or more of the “backend” MySQL servers are read only.

shell> mysql-proxy \
--proxy-backend-addresses=10.0.1.2:3306 \
--proxy-read-only-backend-addresses=10.0.1.3:3306 &


6.6.4: Can I run MySQL Proxy as a daemon?

Use the --daemon option. To keep track of the process ID, the daemon can be started with the --pid-file=file option to save the PID to a known file name. On version 0.5.x, the Proxy cannot be started natively as a daemon.

http://agiletesting.blogspot.com/2009/04/mysql-load-balancing-and-read-write.html

http://www.centric-it.com/2009/05/11/simple-mysql-replication-cluster-with-load-balancer-on-the-slaves/

http://barkingiguana.com/2008/07/20/load-balanced-highly-available-mysql-on-ubuntu-804/

http://www.freebsd.org/cgi/man.cgi?query=ng_netflow&sektion=4&manpath=FreeBSD+6.0-RELEASE

kldload netgraph.ko
kldload ng_ether.ko
kldload ng_tee.ko
ngctl -f - << SEQ
    mkpeer em0: tee lower left
    name em0:lower tee
    connect tee: em0: right upper
 
    mkpeer tee: netflow left2right iface0
    name tee:left2right netflow
    connect tee: netflow: right2left iface1
 
    mkpeer netflow: ksocket export inet/dgram/udp
    name netflow:export ksocket
    msg ksocket: connect inet/89.252.34.107:3434
SEQ

http://hep.kbfi.ee/index.php/SITIO/SITIO

for (( i=0; i<10; i++ )); do killall -u kasutaja -s USR2 apache2; sleep 1200; done

Kui tahad ööpäev vanad kirjad ära visata, on vist lihtsam postfixi konfida

maximal_queue_lifetime (default: 5d)
bounce_queue_lifetime (default: 5d) 
  • Tuleks sundida asutusi vastama tundmatutele kasutajatele 5XX koodiga. Värske näide:
F3B2F246B42     5420 Fri May 25 20:44:32  MAILER-DAEMON
(host mail.lavakas.ee[193.40.56.98] said: 450 4.1.1 <dwlavakasm@lavakas.ee>: Recipient address  rejected: User unknown in local recipient table (in reply to RCPT TO command))
                                        dwlavakasm@lavakas.ee

4XX tähendab, et meie vahendaja hoiab kirja mitu päeva alles ja üritab korduvalt sitta edasi saata.

PS. Igasugu ägedaid asju on võimalik teha, näiteks ICMP rate ära limiteerida - -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT (samamoodi saab TCP SYN floodi limiteerida)

Nüüd on leiutatud rünnakud, millega on võimalik eemalt võrgukaardi firmware üle võtta ja panna kaart tegema mida hing ihkab. Arusaadavalt on tarkvara sedasorti rünnakute vastu võimetu - nagu esimesena viidatud jutust lugeda võib, minnakse niimoodi rahulikult läbi ka armastatud CheckPointi tulemüürist.

http://www.links.org/?p=330 http://www.eusecwest.com/speakers.html#PhlashDance

Protsessi keskkond FreeBSD's

ps uewwwp 1403
ps: Process environment requires procfs(5)
USER   PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
root  1403  0.0  0.2 25520  6820  ??  S     2:06PM   0:00.29  /usr/local/sbin/smbd -D -s   /usr/local/etc/smb.conf 
ymiseja# mount -t procfs proc /proc
ymiseja# ps uewwwp 1403
USER   PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
root  1403  0.0  0.2 25520  6820  ??  I     2:06PM   0:00.29 HOME=/ PATH=/sbin:/bin:/usr/sbin:/usr/bin  RC_PID=22 PWD=/ /usr/local/sbin/smbd -D -s /usr/local/etc/smb.conf


lihtne funktsioon, mis vahetab kaks faili omavahel:

function xchg {
  if test -f "$1" -a -f "$2" ; then
    if mv "$1" "tmp:xchg" && mv "$2" "$1" && mv "tmp:xchg" "$2"; then
      echo "  $1 <-> $2"
    else
      echo "Failed to xchg: $1 <-> $2"
    fi
  else
    echo "Usage: xchg file1 file2"
  fi
}


TMP automaatseks kustutamiseks FreeBSDs /etc/periodic.conf:

daily_clean_tmps_enable="YES"
daily_clean_tmps_dirs="/var/tmp"
daily_clean_tmps_days="7"

Tänapäeval loetakse turvaauguks, kui bind laseb rekursiivseid päringuid võõrastel teha. Soovitatakse

options {
  allow-recursion { localnets; localhost; };
  allow-query-cache { localnets; localhost; };
};

http://support.menandmice.com/jforum/posts/list/25.page

RH Enterprise Virtualization on KVM-i kommertsialiseeritud versioon, mida koos enterprais-haldusliidesega müüakse. Allpool viidatud dokument on aga huvitav selle poolest, et väidetavalt suudab mitme virtuaalmasina peale määritud rakendus riistvara ressursi paremini ära kasutada, kui samale rakendusele kogu riista otse kätte andes. http://www.redhat.com/f/pdf/rhev/DOC034R3-LAMP-Scaling.pdf

Kõrvataha panemiseks, kui kunagi vaja peaks olema. Mingi tegelane korjas netist kokku hunniku erinevaid regexpe ja testis neid kõiksugu korrektsete ja vigaste e-postiaadressite suhtes, et selgitada välja parimat: http://fightingforalostcause.net/misc/2006/compare-email-regex.php

Google uuring mäluvigadest http://www.zdnet.com/blog/storage/dram-error-rates-nightmare-on-dimm-street/638

Staatiline veeb

Kuskil oli sellest just hiljaaegu juttu, et see on uus trend. Nüüd komistasin ka mingi innovaatilise töövahendi otsa, mis põhimõtteliselt kasutab MVC põhimõtet sisu loomiseks, kuid genereerib nendest staatilised veebilehed, mis salvestatakse HTML-ina eraldi kausta. Kasutada saab kõiksugu aspekte, alates templaatidest, kuni partialite ja helperiteni välja.

http://staticmatic.rubyforge.org/

Veebiserveri testimise vahendid

1. ab        http://httpd.apache.org/docs/2.2/programs/ab.html
2. httest    http://htt.sourceforge.net/
3. httperf   http://code.google.com/p/httperf/
4. webbench  http://home.tiscali.cz/~cz210552/webbench.html
5. siege     http://www.joedog.org/index/siege-home
6. jmeter    http://kuutorvaja.eenet.ee/wiki/JMeter 

To compress a big video file, movie.avi and split it into multiple files, each size up to 12MB,

rar a -m5 -v12m myarchive movie.avi

A list of files (myarchive.part1.rar, myarchive.part2.rar, ..) will be created in current directory. You may change the compression quality, -m5 is the best and the slowest, while -m0 do no compression at all (-m3 is default). If you prefer the old file naming style (myarchive.rar, myarchive.r00, myarchive.r01, ..), add one extra switch -vn before the archive name. To uncompress the files (myarchive.part1.rar, myarchive.part2.rar, ..),

rar e myarchive.part1.rar

Sissejuhatus

Bindi seadistus

Selleks ,et nimeserveris domeen siduda ipv6 aadressiga on vaja kasutada AAAA kirjet

Näiteks

www6 AAAA mingi_ipv6_aadress


http://forskningsnett.uninett.no/ipv6/IPv6hostsfreebsd.html

Lingid

http://www.eenet.ee/EENet/ipv6.html

http://www.ipv6.estpak.ee/?tunnel

http://math.ut.ee/~mroos/ipv6/ipv6fw.pdf

http://6to4.version6.net/

http://vallaste.ee/index.htm?Type=UserId&otsing=2308

http://www.hot.ee/mego1/materjalid/interneti_referaat.htm

http://www.hot.ee/raffas/ipv6fw.pdf

http://math.ut.ee/~mroos/ipv6/

http://www.inet6.dk/firewall.html

---

Võrk rc.conf


HOSTNAME="test_db"
eth0="eth0 192.168.100.2 netmask 255.255.255.0 broadcast 192.168.100.255"
INTERFACES=(eth0)
gateway="default gw 192.168.100.1"
ROUTES=(gateway)

Mitu kaarti

INTERFACES=(eth1 eth0)

Uuendab andmebaasi pakkidel

pacman -Syy

uuendused teeb

pacman -Su

Paketi paigaldamine

pacman -S openssh

sshd käivitamine

/etc/rc.d/sshd start

Info paketi kohta

#  pacman -Si mysql
Repository     : extra
Name           : mysql
Version        : 5.1.54-1
URL            : http://www.mysql.com/
Licenses       : GPL
Groups         : None
Provides       : None
Depends On     : mysql-clients
Optional Deps  : perl-dbi
                 perl-dbd-mysql
Conflicts With : None
Replaces       : None
Download Size  : 7856.18 K
Installed Size : 68804.00 K
Packager       : Andrea Scarpino <andrea@archlinux.org>
Architecture   : x86_64
Build Date     : Mon 03 Jan 2011 06:14:49 PM EET
MD5 Sum        : 507d442b82e53eb09dbb37c3b3ad836a
Description    : A fast SQL database server

Mysql serveri installimiseks

# pacman -S mysql
# /etc/rc.d/mysqld start && mysql_secure_installation

Vaikimisi seadistatud /etc/hosts.allow tühi ja hosts.deny kõiki ühendusi blokeerima.

/etc/rc.conf faili täiendada

DAEMONS=(syslog-ng network netfs crond mysqld sshd)


A Socket is the place where you plug in the CPU. So normaly you use: cores: 1 socket: 1

Not to beat the subject to death, but let me ask this as well. Assuming the sofrware license is for one CPU and in the computer I have 2 quad core CPUs. Can I tell KVM 1 CPU Socket with 8 Socket/Cores?

---

Use TCP syn-proxy for mysql port - normally when a client initiates a TCP connection to a mysql server, PF will pass the handshake packets between the two endpoints as they arrive. PF has the ability, however, to proxy the handshake. With the handshake proxied, PF itself will complete the handshake with the client, initiate a handshake with the server, and then pass packets between the two. The benefit of this process is that no packets are sent to the server before the client completes the handshake. This eliminates the threat of spoofed TCP SYN floods affecting the server because a spoofed client connection will be unable to complete the handshake.

pass in on $ext_if proto tcp from any to $mysql_server port 3306 flags S/SA synproxy state

Google tegi Apachele mooduli, mis sisaldab hunnikut filtreid lehekülgede järeltoimetamiseks, et brauserisse laadimine oleks kiirem:

Host/Subnet Quantities Table

Class B                   Effective  Effective
# bits        Mask         Subnets     Hosts
-------  ---------------  ---------  ---------
  1      255.255.128.0           2     32766
  2      255.255.192.0           4     16382
  3      255.255.224.0           8      8190
  4      255.255.240.0          16      4094
  5      255.255.248.0          32      2046
  6      255.255.252.0          64      1022
  7      255.255.254.0         128       510
  8      255.255.255.0         256       254
  9      255.255.255.128       512       126
  10     255.255.255.192      1024        62
  11     255.255.255.224      2048        30
  12     255.255.255.240      4096        14
  13     255.255.255.248      8192         6
  14     255.255.255.252     16384         2

Class C                   Effective  Effective
# bits        Mask         Subnets     Hosts
-------  ---------------  ---------  ---------
  1      255.255.255.128      2        126 
  2      255.255.255.192      4         62
  3      255.255.255.224      8         30
  4      255.255.255.240     16         14
  5      255.255.255.248     32          6
  6      255.255.255.252     64          2

C klass 193.40.45.0/24

  1. gw ise 193.40.45.1/245 (cisco)
  2. ruuteri esimene kaart 193.40.45.2/252 (2 aadressiga võrk, st niipalju läheb kaduma)
  3. ruuteri teine kaart 193.40.45.32/192 (62 aadressi)
  4. teisel kaardil olev klient 193.40.45.34/192 ja gw 193.40.0.32

Ja

gateway_enable="YES"

Traceroute

# traceroute www.ut.ee
traceroute to www.ut.ee (193.40.5.73), 64 hops max, 52 byte packets
 1  193.40.45.32 (193.40.45.32)  0.364 ms  0.373 ms  0.352 ms
 2  193.40.45.1 (193.40.45.1)  0.785 ms
 3  ut-gw1.bb.eenet.ee (193.40.133.210)  1.269 ms  1.189 ms  1.141 ms
 4  sein.ut.ee (193.40.12.10)  1.088 ms  1.221 ms  1.203 ms
 5  ak-gw.ut.ee (193.40.12.14)  1.171 ms  1.321 ms  1.051 ms
 6  www.ut.ee (193.40.5.73)  1.135 ms  1.025 ms *

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml lisalugemiseks klassidest ja ruutingust.

IPMI seadistamine FreeIPMI abil.

Salvestame hetke ipmi seadistusfaili kettale nimega ipmi.conf

# bmc-config --checkout --filename=ipmi.conf

Teeme muudatused failis ja laadime selle tagasi ipmi seadmesse

# bmc-config --commit -f ipmi.conf 
ERROR: Failed to commit `Lan_Conf:MAC_Address': Read Only Field

Errorit võib ignoreerida.

# bmc-config -D open -o --section=User2        
Section User2
	## Give Username
	Username                                      admin
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	## Enable_User                                
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             Yes
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
 	Lan_Privilege_Limit                           Administrator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            No
EndSection

I’ve got a FreeBSD system which is lacking some of the tools which I’ve gotten used to having, whether from Linux or Solaris.

I’ll often use the GNU tool seq to iterate through things on the command line… for example, if I’m going to ping 192.168.1.20-40, I might, at my bash prompt,

for i in `seq 20 40`; do ping 192.168.1.${i}; done

Quite handy, though FreeBSD doesn’t have it, and I haven’t installed whatever port contains it.

So… I’ll use jot, now that I’ve once again looked up what it is and how it works.

The equivalent line to that above?

for i in `jot 21 20`; do ping 192.168.1.${i}; done

Mis ubuntu serveril viga ?

Lühidalt saan seda ühe sõnaga öelda -- upstart :-)

Natukese pikemalt kirjeldades on lugu selline, et upstart käivitab teenuseid sõltuvalt teatud tingimustest (teiste tööde käivitamisest ja süsteemi olekust tingitud sündmused jms) ning võimalikult paralleelselt. Osad asjad aga hakkavad selle tulemusel aeg-ajalt katki minema.

Paar huvitavat bugi sel teemal: https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/543506?comments=all https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/478392

Kirjutada tõrvajasse apache seadistamise probleemidest FreeBSD opsüsteemis.

Kasutaja loomise skript

adduser.sh

 #!/usr/local/bin/bash
 
 if [ "$ID" == "0" ]; then
         echo Must be root for now.
         exit 1
 fi
 
 echo "----- ----- ----- -----"
 echo "kirjuta kasutajanimi:"
 read username
 echo "kirjuta grupinimi kuhu kasutaja lisatakse:"
 read grp
 echo "kirjuta ees ja perenimi:"
 read userfullname
 
 while [ $pass1 != $pass2 ]
 do
   echo "...."
   echo "parool #1:"
   read -s pass1
   echo "parool #2:"
   read -s pass2
 done
 
 echo $username $grp $userfullname # $pass1 $pass2
 
 echo "----- ----- ----- -----"
 
 cp /usr/home/samba/netlogon/k.bat /usr/home/samba/netlogon/"$username".bat
 
 echo $pass1 | pw add user $username -c "$userfullname" -d "/usr/home/$grp/$username" -G $grp -m -s \
 /usr/local/bin/bash -h0 (echo $pass1; echo $pass1 ) | smbpasswd -s -a $username
 chmod 750 /usr/home/$grp/$username

Väikekooli arvutivõrku sobiv konf

Võrk ise

 [ COMP1 ]    [ COMP3 ]
     |            |                               
  ---+------+-----+------- em0 [ Server ] em0 -------- ( Internet )
            |
        [ COMP2 ]

tulemüüri fail meeles tuleb pidada, et reegleid tuleb kirjutada sellises järjestuses

  • MAKROS. Makrod ehk anname maakeeli muutujatele väärtusi, näiteks
  • TABLES, tabelid milles hoiame igasuguseid põnevaid ja pahasid IP aadresse
  • GLOBAL OPTIONS globaalsed ühendustele seatavad seaded
  • TRAFFIC NORMALIZATION
  • QUEUEING RULES, liikluse prioritiseerimiseks mõeldud järjekorrad
  • TRANSLATION RULES (ehk NAT)
  • FILTER RULES, ehk siis reeglid mis keelvad ja lubavad ühendusi, näiteks lubame kõik liikluse igas suunas selliselt
 pass in log all keep state 
 pass out log all keep state 

Reaalne seadistusfail

 # välimine (rl0) ja sisemine (em0) võrguseade 
 ext_if="rl0"
 int_if="em0"
 
 icmp_types = "echoreq"
 
 # arvutiklassi IP aadressid
 klass="{192.168.1.201, 192.168.1.202, 192.168.1.203 }"
 
 set skip on lo0
 # set optimization high-latency # aeglastel võrkudel
 set optimization aggressive
 set timeout tcp.established 7200
 set timeout { udp.first 20, udp.single 5, udp.multiple 30 }
 set limit states 1000000 # vaikimisi 10000, pool miljonit ei tohiks tänapäeval mingi number olla
 
 scrub in all
 scrub out all random-id max-mss 1440
 
 # suuname kogu veebiliikluse squid vahendusserverile
 rdr on $int_if inet proto tcp from any to any port www -> 127.0.0.1 port 3128
 
 # NAT välisvõrgust
 nat on $ext_if inet from 192.168.0.0/16 to any -> ($ext_if) 

 # blokeerime esialgu kõik
 block log all label "blocked"
 
 # vaatame, et sisevõrgust saaks ühenduda vaid meie enda mailiserveriga, see vähendab rämpsposti teadmatut saatmist 
 pass in quick on $int_if inet proto tcp from $int_if:network to 192.168.1.1 port 25 keep state
 block in quick on $int_if inet proto tcp from $int_if:network to any port 25
 
 # blokeerime arvutiklassis toimuva õppetöö jaoks ühe ohtliku aadress :)
 block in quick on $int_if inet proto tcp from $klass to 58.35.11.23
 
 #spoofikaitse
 antispoof for $ext_if inet
 
 # lubame vaid ühe icmp tüübi, ehk pingi
 pass in inet proto icmp all icmp-type $icmp_types
 
 # avame serverile hulga porte teenuste kasutamiseks
 pass in on $ext_if proto tcp from any to $ext_if port 22 keep state label "ssh"
 pass in on $ext_if proto tcp from any to $ext_if port 80 keep state label "www"
 pass in on $ext_if proto tcp from any to $ext_if port 25 keep state label "mail"
 pass in on $ext_if proto tcp from any to $ext_if port 143 keep state label "imap"
 pass in on $ext_if proto tcp from any to $ext_if port 443 keep state label "https"
 pass in on $ext_if proto tcp from any to $ext_if port 993 keep state label "imaps"
 
 # lubame välja kõik tcp ja udp ühendused
 pass out on $ext_if all keep state
 # lubame sisevõrgus kogu liikluse
 pass quick on $int_if all label int

Parandusideed vormistamise mõttes:

1. rakendaksin selgelt vaikimisi block reeglid kõigil suundadel (st neljal suunal kui tal on kaks liidest)

2. kasutaksin tag'isid, nii on lihtsam tihedat tulemüüri kirjeldada

http://kuutorvaja.eenet.ee/wiki/Kahe_v%C3%B5rgukaardiga_aadressteisendav_tulem%C3%BC%C3%BCr

---

Jälle noSQL rindelt teateid, kuid seekord pisut teise suunitlusega.

GlusterFS alternatiivina võiks äkki kaaluda Facebooki arendatud Cassandrat: http://cassandra.apache.org/

Niipalju kui mina aru sain, siis see on neil (ja Diggil ja Twitteril ja Redditil jne) kasutusel, et talletada terabaite andmeid klastrisse, nii et see on kättesaadav igast nodest ja ka kirjutatav igast nodest (lihtsalt proxytakse, kuhu vaja), samas on selle peamine eesmärk skaleeruvus (O(1)) ja huvitaval kombel, tehnoloogilistel põhjustel on kirjutamine isegi kaks suurusjärku kiirem kui lugemine, mis võrreldes nt MySQL-iga on ka suurusjärgu võrra kiirem.

Cassandrale on pea kõigis levinuimates keeltes kõrgtaseme-teegid ja läbi Thrifti veel tosinale keelele madala-taseme teegid.

Tuunida saab CAP (Consistency, Availability, Partition tolerance) osas korraga kahe väärtuse nõuet, nt konsistentsuse vajaduse puhul nõuda, et 1/2 + 1 vajalikest koopiatest oleks alati kirjutatud, enne kui operatsioon lõpetab jne.

Kirjelduse järgi tundub, et Cassandra sobiks väga hästi klastris kasutamiseks, eriti juhul, kui igast nodest on vaja kogu andmehulgale kiiresti ligi pääseda.

Ainuke miinus on, et see tähendaks failidesse kirjutamise asemel pisukest progemistööd rakenduse arendajale. Esmane guugeldamine ei andnud ka tulemust, et keegi näiteks FUSE peal Cassandra failisüsteemiga valmis oleks saanud (mõnel oli vaid idee).

PS. kui failisüsteem oleks olemas, siis võiks isegi mõelda, et KVM masinate sisemised kettad niiviisi kokku ühendada ja moodustada terviklik storage masinate endi kõhus. Kui masinaid on piisavalt palju (nt 4-5) peaks selline süsteem isegi 1-2 hosti kokkuvarisemise üle elama.

---

Väga huvitav andmete salvestamise meetod on "dokumendiadmebaas", mille keyword guugeldamiseks on noSQL.

Tegemist on andmebaasidega, mis ei ole relatsioonilised, st objektide vahel ei ole otseselt seoseid, igaüks moodustab ise tervikliku dokumendi koos kõikide väärtustega. Andmebaas ei ole tihti normaalkujul (vahel vähendatakse normaalsust meelega - denormaliseerimine), objektid vastavad enamasti üks-ühele mingisuguse andmestruktuuriga programmeerimiskeeles - sellest dokument.

Näiteks sellistest: Redis, Memcached (kuigi see on rohkem cache, kui admebaas), MongoDB jt. Neist viimane on väga huvitav, kuna on iseenesest JavaScripti objektide hoidla (JSON), millega suhtlemine käib JavaScripti kaudu (loomulikult on sellele teegid kõikidesse peamistesse progekeeltesse ka olemas). Kiirustestides on ta ikka tohutult kiirem kui MySQL ja isegi Memcachedil sammub kannul või mõnes testis ka kiirem, olles samas ikkagi täisväärtuslik, indekseeritud andmebaas.

http://www.mongodb.org/

Kõige silmatorkavam erinevus relatsioonilise baasiga on selles, et kahel ühes "kollektsioonis" oleval objektil ei pruugi mitte ükski atribuut kokku langeda ja atrbuutide väärtused võivad olla mh ka massiivid.

Kes hakkab asja vastu lähemat huvi tundma, siis esimene segadust tekitav koht nende dokumentatsioonis oli minu jaoks Map/Reduce selgitus. See on MongoDB töövahend, mis keedab mune, peseb autot ja toob lapse lasteaiast ära. Kahjuks dokumentatsiooni järgi läks mul kaua aega, enne kui pihta sain, kuidas seda kasutada.

Map/Reduce kasutusvaldkonnaks on näiteks artiklite kogumi pealt kõigi tag-ide kogumi genereerimine (arvestades, et tagid on ilmselt artikli objekti sees olev massiiv).

Rubysti jaoks on alternatiivne selgitus: Map/Reduce on sama, mis Rubys on map/inject - map funktsioon käib üle kõigi leitud objektide ja tagastab neist igaühekohta mingi alternatiivse tulemuse; reduce funktioon käbi üle kõikide tagastatud tulemuste ja arvutab mingisuguse uue väärtuse nende pealt, kasutades selleks kaasa veetavat vahemuutujat (nagu inject).

Üks koht, kus seda katsetada annaks, olekski just see nn kesksüsteem, mis haldaks mingit tsentraalset objekti (asutus, isik, domeen, teenus vmt) ja koondaks linke ning andmeid meie teistest süsteemidest, mida me ükskord arutasime. Sel puhul oleks just abi dokumendibaasi paindlikkusest, kuna objektid on erineva sisuga.

MongoDB ja Rails: http://www.mongodb.org/display/DOCS/MongoDB+Data+Modeling+and+Rails

MongoMapper ja MongoID on mh railscastis, suht huvitav oli kuulata/vaadata:

http://railscasts.com/episodes/194-mongodb-and-mongomapper http://railscasts.com/episodes/238-mongoid


Probleem spamassassini uuendamisega

_die can t locate mail spamassassin compiledregexps body_0 pm  
# sa-compile
# sa-update -D
Dec  6 20:44:57 muheleja amavis[14891]: extra modules loaded after daemonizing/chrooting:   Mail/SpamAssassin/CompiledRegexps/body_0.pm, Mail/SpamAssassin/Plugin/FreeMail.pm


 568  mergemaster -p
 569  mergemaster -a

http://forum.nginx.org/read.php?23,41517 openssl freebsd baasi ülekirjutamine

http://www.ibm.com/developerworks/linux/library/l-linux-kernel/index.html?S_TACT=105AGX03&S_CMP=ART

http://www.ibm.com/developerworks/linux/library/l-linux-filesystem/index.html S_TACT=105AGX03&S_CMP=ART

http://selectparks.net/~julian/levelhead/install.html


# freshclam 
ClamAV update process started at Mon Nov 29 16:06:25 2010
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
daily.cld is up to date (version: 12333, sigs: 6732, f-level: 54, builder: ccordes)
bytecode.cld is up to date (version: 93, sigs: 16, f-level: 54, builder: edwin)

Kataloogi kontrollimiseks

# clamscan -ri /kataloog

Vsftp conf

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
ftpd_banner=FTP.ZOO.TARTU.EE
chroot_local_user=YES
file_open_mode=0755
ascii_download_enable=YES
ascii_upload_enable=YES
syslog_enable=YES

ssl_enable=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
force_local_data_ssl=NO
force_local_logins_ssl=NO

pasv_min_port=12400
pasv_max_port=12500

Mysql upgrademisel on soovitus proovida esmalt mõned nädalad slaves joosta. Panna ta nt db slaveks (ütlasi ka mingi backup variant või nii).

see masterite info, mida slave sikutab, on binary log, mis sisaldab endas kõiki käske, mis muutsid masteris andmeid, st insert ja update jne. Ehk põhimõtteliselt saab ta sama andmete muutmise koormuse, mis master.

Kui asi ilusti toimib, siis jättagi nii ja kunagi hiljem uuendada ka teised 5.1 peale.


slavede kontrollimiseks, resünkroniseerimiseks ja üleüldse on Maatkit väga abiks asi. http://www.maatkit.org/

http://www.xaprb.com/blog/2007/11/08/how-mysql-replication-got-out-of-sync/ http://www.xaprb.com/blog/2007/01/20/how-to-make-mysql-replication-reliable/

http://feedblog.org/2008/12/04/destroying-mysql/

Kui selle loo esimesest poolest kähku üle libiseda, siis edasi läheb huvitavaks. OurDelta asjad ka täitsa vabalt saadaval - http://ourdelta.org/patches

Veel vihjeid tuunimise ja pätsimise kohta.

http://blogs.smugmug.com/don/2008/12/23/great-things-afoot-in-the-mysql-community/

Pulseaudi abil heli saatmine üle võrgu http://equima.pfpfree.net/2009/sharing-sound-between-pulseaudio-instances-in-ubuntu-karmic-9-10/

Java ehk jre16 FreeBSD peale häkkimine

Miskipärast viidatud suni/orakli saidis pole vajalikku faili saada mida ports nõuab seega häkk internetiavarustest

wget http://www.badcode.net/tzupdater-1_3_29-2010f.zip
mv tzupdater-1_3_29-2010f.zip /usr/ports/distfiles/

seejärel lehele http://www.freebsdfoundation.org/downloads/java.shtml ja sealt diablo-latte-freebsd7-i386-1.6.0_07-b02.tar.bz2 tõmmata distfailidesse

ja siis

cd /usr/ports/java/diablo-jre16/ && make install

Siis uuesti veebisaidile tõmbama http://www.FreeBSDFoundation.org/cgi-bin/download?download=diablo-caffe-freebsd7-i386-1.6.0_07-b02.tar.bz2 tõmbama ja saadud pakett liigutada distfiles alla

cd diablo-jdk16/ && make install

# tcpdump 'tcp port 25'

või

# tcpdump host zoo.tartu.ee

anname käsu

# echo test| jj@eenet.ee

Loeme tulemust

peaks nt -s 1600 võtmega kogu paketi sisu salvestama

Proovime korrata mida tegime

Paneme tcpdumbi uuesti kuulama ja seekord salvestame faili

# tcpdump -w port.25.send.txt 'tcp port 25'
tcpdump: listening on nge0, link-type EN10MB (Ethernet), capture size 96 bytes
29 packets captured
1462 packets received by filter
0 packets dropped by kernel

Saime fali mis sisaldab kogu sessiooni infot

Kogutud info edasi saatmiseks bittwist

# bittwist -i nge0 port.25.send.txt 
sending packets through nge0
trace file: port.25.send.txt

29 packets (5249 bytes) sent
Elapsed time = 0.268020 seconds


http://www.cyberciti.biz/faq/tcpdump-capture-record-protocols-port/

http://bittwist.sourceforge.net/doc/bittwist.1.html saadab pcap faili tagasi kust tuli

http://danielmiessler.com/study/tcpdump/


http://www.faqs.org/docs/iptables/newnotsyn.html

Lühikokkuvõte: MS Windowsi vigane TCP stack saadab peale lõpetatud ühendust veel ühe paketi, mis siis meie tulemüüris kinni jääb. Arvatavalt see ühenduseprobleeme ei tekita.


Zopenurk

Instants tuleks tekitada /srv kataloogi, katsetasi natuke nendega ja võtsin praegu enda proovid maha /usr/local/etc/rc.d/zope210 restart abil toimub nende restart /etc/rc.conf'i saab lisada zope210_instances reale täisrajaga neid vajadusel lisaks või muuta midagi vajadusel.

Uut zope instantsi saab luua minnes kausta /usr/ports/www/zope210 ja andes käsu make instance ZOPEINSTANCEBASE=/home/mingikataloog

Praegu on make.conf'i kirjutatud sisse PYTHON_DEFAULT_VERSION=python2.4, kui oleks vaja uuemad pythonit kasutada tuleb see rida sealt /etc all olevast failist kustutada

Vana zope serveri sisu asub kaustas /X/Z-Instance1/ arvatavasti sealt muud vaja ei lähegi kui ainult /X/Z-Instance1/var/Data.fs faili ? Mul on seal katsetamiseks vanem data.fs versioon mis 43G suur, hetkel on nimetatud fail paisunud producion serveris 60G ringi.


Pisikesed asjad

du -h | sort -n -r

http://www.askapache.com/htaccess/apache-ssl-in-htaccess-examples.html

Hea näide vanast programeerimise õpikust, ehk kulub kuskil ära

//Näärivana1
 Korrata kuni kell pole veel 18.00
 oodata üks minut
 Siseneda ruumi; pidada tervituskõne
 
 //kingituste jagamine
 korrata kui kotis 1 on veel pakk
 võtta kotist 1 mingi pakk
  Käesoleva pakiga seotud tegevus
  kui pakil pole nime siis
   panna pakk kotti 2
  muidu
   lugeda pakil olev nimi
    //paki kätteandmine
     kui pakk on näärivanale siis
      tänada saadud paki eest; panna pakk kotti 2
     muidu
       kutsuda nimetu; nõuda pala
        kui pala esitati siis
         valida nimestikust M mingi kõne
        pidada valitud kõne; anda pakk
 Pidada lahkumiskõne; väljuda ruumist


iconv -f ISO-8859-1 -t UTF-8 filename.txt utf8 to latin
iconv -t utf-8 /etc/passwd  
iconv -t latin /etc/passwd  
iconv --from-code= --to-code=UTF-8 ./fail1 > ./fail2
ImportError: No module named ImplPython

Start with a new site-packages folder

cd Python-2.4.4/lib/python2.4 mv site-packages/ site-packages_old mkdir site-packages

Move over some of the stuff needed

mv site-packages_old/PIL site-packages

http://cb.vu/unixtoolbox.xhtml

Ketaste liigutamine linuxist

http://fritzthomas.com/overall/491-how-to-cleaning-up-gentoo-to-get-more-free-disk-space/

http://www.brandonhutchinson.com/Moving_Linux_to_a_new_hard_disk.html

http://www.rhyolite.com/dcc/ spämmiõrjet

lanis olevate arvutite liikluse joonistamiseks bandwithd, paistab ainult kaua arendamata seisnud projekt http://bandwidthd.sourceforge.net/

Selinux nsa toel arendatud http://www.nsa.gov/research/selinux/

Failimuudatuste jooksev vaatamine

http://en.wikipedia.org/wiki/Inotify

#spam viirus
content_filter = smtp-amavis:[127.0.0.1]:10024

ja faili master.cf lõppu lisada

smtp-amavis     unix -        -       n     -       5  smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n        -       n     -       -  smtpd
 -o content_filter=
 -o local_recipient_maps=
 -o relay_recipient_maps=
 -o smtpd_restriction_classes=
 -o smtpd_client_restrictions=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o strict_rfc821_envelopes=yes
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000 



do sysctl -a | grep nonoptimal_volumes this should find an oid somewhere under mpt branch, and it should reflect the number of raid volumes in state other than "optimal". in most cases this means that a disk has gone bad.

FreeBSD all erinevate raidide monitooringud

http://www.nico.schottelius.org/docs/freebsd-raid-monitoring/

http://www.freebsdwiki.net/index.php/Megarc


Nagu nimi jutustab

http://nixify.blogspot.com/2009/10/getting-reports-on-intrusion-attempts.html

viiskümmend suurimat kausta sorteerituna

du -k . | sort -nr | head -50

Paging http://en.wikipedia.org/wiki/Paging



Pikk lohisev käsk abiks liiga pikkade vanade rippuvate protsesside tarbeks

for P in `links --dump http://nw.eenet.ee/server-status | egrep "space:+Kspace:+digit:\.digit:{2}space:+digit:{3,}" | cut -c 6- | cut -d ' ' -f 1`; do echo "$P tapetakse"; kill -USR2 $P; done 

http://www.mastershaper.org/index.php/Main_Page linuxil powertool neti koormuste kontrolliks

http://l7-filter.sourceforge.net/ filtreerida teenuseid ja nt muula, torrentit blokeerida

õpetussõnu

https://help.ubuntu.com/community/Servers lugeda ja kirjutada ka ise huvitavatest ideedest

http://www.defcon1.org/html/articles.html

http://www.freebsd.org/cgi/url.cgi?ports/www/rt36/pkg-descr

http://wiki.bestpractical.com/view/FreeBSDInstallGuide

RIPE aadressid LIRidel

ftp://ftp.ripe.net/pub/stats/ripencc/membership/alloclist.txt

Saadetud ideed

Lingid

http://geektechnique.org/projectlab/796/how-to-build-a-fully-encrypted-nas-on-openbsd

http://akadeemia.kakupesa.net/VR1/loengud

http://www.cinepaint.org/

http://www.openmaniak.com/inline_final.php

http://www.bsdcan.org/2007/schedule/track/Tutorial/index.en.html

http://sourceforge.net/projects/snoop/


bsd suuruse kontroll

If you

# cd /usr/src
# make buildworld
# make buildkernel
# make DESTDIR=/some/empty/dir installworld
# make DESTDIR=/some/empty/dir distribution
# make DESTDIR=/some/empty/dir installkernel 

Then you'll see that

# du -d 1 /some/empty/dir

adds up to less than 200MB. This can be reduced further if you in your make.conf remove NIS, LPR, GAMES and other stuff you won't need.

1GB should be enough for everything, but remember that log files may eat up a lot of space.

minibsd väike 80mega umbkaudu

FWIW - I run 4.11 in 20M of a 32M Compact Flash card with the build described here

forward net.inet.ip.fastforwarding tells the network code to send packets through a different code path through the kernel, one which can forward packets more quickly than the default code path. The fast forwarding path does minimal checks on packets that are not destined for the computer acting as a router before forwarding the packet. The necessary checks are made, but no more than those that are necessary, this speeds up packet processing when packets are being routed between interface.

net.inet.ip.forwarding controls whether or not the computer acting as a router will forward packets at all. The default value is false, which means that packets are NOT forwarded. This variable must be set explicitly by the user or administrator for FreeBSD to act as a router.

When activated on a router it gives a very nice speed boost. Process completion pays off very well here. It has got a lot of testing at various ISP's on their production routers. For hosts it doesn't really hurt but is totally pointless.

geom mirror juttu

http://people.freebsd.org/~rse/mirror/


ggated -- GEOM Gate network daemon http://www.freebsd.org/cgi/man.cgi?query=ggated&apropos=0&sektion=0&manpath=FreeBSD+6.0-RELEASE&format=html

`netstat -i' returns _packets_, how can I get statistics using _bytes_?

netstat -i -b 

FreeBSD busdma and SMPng driver conversion project http://www.freebsd.org/projects/busdma/

here are some lines from my .pinerc; smtp-server=mail.myisp.net.au inbox-path={pop.myisp.net.au/pop3}inbox

bsd vs linux http://www.over-yonder.net/~fullermd/rants/bsd4linux/bsd4linux1.php

freebsd has a vga framebuffer? http://kgi-wip.sourceforge.net/ http://people.freebsd.org/~nsouch/kgi4BSD/


procmail

et koopiaid teha postfixis kõigist mailist mis liigub

   always_bcc = 
   recipient_bcc_maps = 
   sender_bcc_maps = 

Creating a Postfix Secondary MX with Mailbox Replication and MySQL Replication under FreeBSD http://www.freebsdfreaks.net/articles/postfix_secondary_mx_mailbox_replication_mysql_replication_under_freebsd_failover_mx.html

et näha proc failisüsteemi freebsds

mount -t procfs /proc /proc

freebsd ufd failisüsteem implementation called UDFclient: http://www.13thmonkey.org/udfclient/ As I understand it, UDF is an extension of ISO9660. An explanation of UDF can be found here: http://homepage.mac.com/wenguangwang/myhome/udf.html http://en.wikipedia.org/wiki/Universal_Disk_Format

mount -t udf /device /mount point 
or mkisofs -dvd-video -udf -o test.iso /location 


lihtsalt rõõmuks

cat file | while read f ; do rm -f "$f" ; done


lisaswap

There is another solution: you can use a file that extends your swap partition.

  1. create an empty 256 MB file
dd if=/dev/zero of=/usr/swapfile bs=1024k count=256
  1. add an appropriate line to rc.conf
echo 'swapfile="/usr/swapfile"' >> /etc/rc.conf
  1. add swap
/etc/rc.d/addswap start

'swapinfo' shows information about your current swap partition and files.

partitsioonid

bsdlabel -w /dev/ad2
newfs -U -O 2 /dev/ad2
mount /dev/ad2 /mnt/ad2


gruppide arvu suurendamine in src/sys/sys/syslimits.h there is a constant named 'NGROUPS_MAX'. > > change it to however many you need (within reason), rebuild/install world > > and kernel.


kiire route vahetus

route change 0.0.0.0 new.ip.def.route
route change 0.0.0.0 10.0.0.254

populaarsused http://www.google.com/trends?q=freebsd%2C+ubuntu%2C+debian%2C+redhat%2C+solaris&ctab=0&geo=all&date=all

installida zope http://www.iosn.net/Members/platypus/blog/74

find /home/gigi -name '*.c' -print | xargs grep 'hello' /dev/null
fstat mis failid kasutuses

cd kirjutamine

  1. mkisofs -r -T -v -o cdimage.iso dir
  2. burncd -f /dev/acd0 -s max data cdimage.iso fixate