Hodžův blog » Scriptíky

HowTo block facebook with iptables

admin — Sun, 18 Mar 2012 10:50:48 +0000

Insert these lines into your firewall:
iptables -t filter -I FORWARD -s 192.168.0.0/24 -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 443 -j DROP iptables -t filter -I FORWARD -s 192.168.0.0/24 -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 443 -j DROP iptables -t filter -I FORWARD -s 192.168.0.0/24 -m tcp -p tcp -m iprange --dst-range 69.171.220.0-69.171.234.255 –dport 443 -j DROP iptables -t filter -I FORWARD -s 192.168.0.0/24 -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 443 -j DROP iptables -t filter -I FORWARD -s 192.168.0.0/24 -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 80 -j DROP iptables -t filter -I FORWARD -s 192.168.0.0/24 -m tcp -p tcp -m iprange --dst-range 69.171.220.0-69.171.234.255 –dport 80 -j DROP iptables -t filter -I FORWARD -s 192.168.0.0/24 -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 80 -j DROP iptables -t filter -I FORWARD -s 192.168.0.0/24 -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 80 -j DROP
Pretty simply eh?

Update 1.4.2012:
Registered Facebook subnets (ARIN)

HowTo Install Latest Redmine on Debian 6 (Squeeze, Ruby-on-Rails, Apache2 Passenger)

admin — Thu, 15 Mar 2012 14:13:32 +0000

This is a short .bash_history manual…

First install fresh Debian Squueze from businesscard (when selecting packages uncheck ALL).

Correct hostname:
# vi /etc/hostname server.example.com

# hostname -F /etc/hostname # exit

Edit hosts file (delete all IPv6 entries):
# vi /etc/hosts 127.0.0.1 localhost.localdomain localhost localdomain 1.2.3.4 server.example.com server

Install ssh server and best editor :
# aptitude -y install ssh fail2ban vim-nox

Set default system editor (select /usr/bin/vim.nox):
# update-alternatives --config editor

Add contrib and non-free repositories:
# perl -i -pe 's/main/main contrib non-free/;' /etc/apt/sources.list # aptitude update # aptitude full-upgrade

Disable IPv6 globally:
# echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf # /sbin/sysctl -p /etc/sysctl.conf

Remove unwanted packages:
# /etc/init.d/mpt-statusd stop # aptitude -y purge mpt-status

Fix Locales and Time Zone:
# dpkg-reconfigure locales # dpkg-reconfigure tzdata

Install NTP server:
# aptitude -y install ntpdate # ntpdate tik.cesnet.cz # aptitude install ntp
# vi /etc/ntp.conf driftfile /var/lib/ntp/ntp.drift statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable server 0.debian.pool.ntp.org iburst server 1.debian.pool.ntp.org iburst server 2.debian.pool.ntp.org iburst server 3.debian.pool.ntp.org iburst restrict -4 default kod notrap nomodify nopeer noquery restrict 127.0.0.1

# /etc/init.d/ntp restart # ntpq -p

Install Postfix mail server:
# apt-get -y install postfix bsd-mailx

# vi /etc/postfix/main.cf inet_interfaces = all inet_protocols = all mynetworks_style = host mynetworks = 127.0.0.0/8 myhostname = server.example.com mydomain = example.com myorigin = $mydomain smtpd_banner = $myhostname ESMTP mydestination = localhost, localdomain, localhost.localdomain append_dot_mydomain = no append_at_myorigin = yes alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases biff = no recipient_delimiter = + mailbox_size_limit = 0 mailbox_command = procmail -a "$EXTENSION" smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit_mynetworks, permit_sasl_authenticated smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient, permit smtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining

Restart mail server:
# /etc/init.d/postfix restart

Send test email:
# echo "Test message" | mailx example@example.com

Install MySQL server:
# aptitude install mysql-server mysql-client libmysqlclient-dev

Fine tunnig MySQL server:
# mysql_secure_installation

Create MySQL database and user for Redmine:
mysql -u root -p
CREATE DATABASE redmine CHARACTER SET utf8; CREATE USER 'redmine'@'localhost' IDENTIFIED BY 'my_password'; GRANT ALL privileges ON redmine.* TO 'redmine'@'localhost'; quit

Install Ruby & unnecessary tools:
# aptitude install ruby libruby libopenssl-ruby libpgsql-ruby rubygems apache2 libapache2-mod-passenger subversion # cd /var/www/ # svn co http://redmine.rubyforge.org/svn/branches/1.3-stable redmine # cd redmine/ # cp config/database.yml.example config/database.yml

Configure redmine database:
# vi config/database.yml production: adapter: mysql database: redmine host: localhost username: redmine password: my_password encoding: utf8

Install Rails & populate database & fix permission:
# gem install rails -v 2.3.14 # gem install rake -v 0.8.7 # gem uninstall rake -v 0.9.2.2 # gem install i18n # gem install mysql # gem install rdoc # RAILS_ENV=production /var/lib/gems/1.8/bin/rake config/initializers/session_store.rb # /var/lib/gems/1.8/bin/rake generate_session_store # RAILS_ENV=production /var/lib/gems/1.8/bin/rake db:migrate # RAILS_ENV=production /var/lib/gems/1.8/bin/rake redmine:load_default_data # cd /var/www/redmine # chown -R www-data:www-data ./* # chmod -R 755 files log tmp public/plugin_assets

Configure Apache Web server:
# vi /etc/apache2/sites-available/default ServerName example.com Serveralias www.example.com ServerAdmin example@example.com DocumentRoot /var/www/redmine/public PassengerDefaultUser www-data RailsEnv production RailsBaseURI /redmine SetEnv X_DEBIAN_SITEID "default" Order allow,deny Allow from all AllowOverride all Options -MultiViews

Fine tunning Apache:
# perl -i -pe 's/TraceEnable Off/#TraceEnable Off/;' /etc/apache2/conf.d/security # perl -i -pe 's/#TraceEnable On/TraceEnable On/;' /etc/apache2/conf.d/security # perl -i -pe 's/ServerSignature On/#ServerSignature On/;' /etc/apache2/conf.d/security # perl -i -pe 's/#ServerSignature Off/ServerSignature Off/;' /etc/apache2/conf.d/security # perl -i -pe 's/ServerTokens OS/#ServerTokens OS/;' /etc/apache2/conf.d/security # perl -i -pe 's/#ServerTokens Minimal/ServerTokens Minimal/;' /etc/apache2/conf.d/security
# /etc/init.d/apache2 restart

That’s all folks…

HowTo install Oracle Instant Client and PHP OCI8 module under Debian Squueze (Ubuntu) 64bit

admin — Mon, 01 Aug 2011 12:22:29 +0000

1) Download the Basic and the SDK packages from http://www.oracle.com (registration needed).
# mkdir -p /opt/oracle/instantclient # cd /opt/oracle/instantclient # wget http://download.oracle.com/otn/linux/instantclient/112020/instantclient-basic-linux-x86-64-11.2.0.2.0.zip # wget http://download.oracle.com/otn/linux/instantclient/112020/instantclient-sdk-linux-x86-64-11.2.0.2.0.zip"

2) Unzip files, move it in correct location and delete unnecessary archives
unzip instantclient-basic-linux-x86-64-11.2.0.2.0.zip unzip instantclient-sdk-linux-x86-64-11.2.0.2.0.zip mv instantclient_11_2/* ./ rm -r instantclient_11_2/ instantclient-basic-linux-x86-64-11.2.0.2.0.zip instantclient-sdk-linux-x86-64-11.2.0.2.0.zip

3) Craate missing simlinks
ln -s libclntsh.so.10.1 libclntsh.so ln -s libocci.so.10.1 libocci.so

4) Install packages
# aptitude install build-essential php5-dev php-pear libaio1
# pecl install oci8 (on question reply: instantclient,/opt/oracle/instantclient)

5) Enable the oci8 module in the php.ini
# vi /etc/php5/apache2/php.ini extension=oci8.so (put this line after the examples starting with ;Dynamic Extension).
# vi /etc/php5E/cli/php.ini extension=oci8.so (put this line after the examples starting with ;Dynamic Extension).

6) Restart Apache Web server
/etc/init.d/apache2 restart

Now stop and start Apache. You should see the oci8 module in the output of phpinfo().

HowTo fix a problem „DeprecationWarning: the sha module is deprecated; use the hashlib module instead import sha“ in Pyzor

admin — Sat, 30 Jul 2011 18:02:54 +0000

After a fresh Pyzor install I’m getting this error message:
# aptitude install pyzor # pyzor discover /usr/lib/pymodules/python2.6/pyzor/__init__.py:11: DeprecationWarning: the sha module is deprecated; use the hashlib module instead import sha /usr/lib/pymodules/python2.6/pyzor/client.py:12: DeprecationWarning: the multifile module has been deprecated since Python 2.5 import multifile downloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x

A simple fix for this problem exists. Open file /usr/bin/pyzor.
# vi /usr/bin/pyzor

Delete line
#!/usr/bin/python

And insert this new one
#!/usr/bin/python -Wignore::DeprecationWarning
Test it
# pyzor discover downloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x

That’s all folks!

HowTo fix a problem „loading from master file managed-keys.bind failed: file not found“ under Debain Squeeze

admin — Sat, 30 Jul 2011 16:30:09 +0000

# touch /var/cache/bind/managed-keys.bind # chown root:bind /var/cache/bind/managed-keys.bind # /etc/init.d/bind9 restart # tail -n 50 /var/log/daemon.log

HowTo remove unwanted whitespace with vim

admin — Sun, 24 Jul 2011 05:20:07 +0000

Delete all trailing whitespace (a space or a tab) at the end of each line with:
:%s/\s\+$//

HowTo restore the ‘Show Desktop’ shortcut in Windows XP or Windows 2003

admin — Thu, 21 Jul 2011 19:06:18 +0000

1) Open notepad.
2) Copy the below code.

[Shell] Command=2 IconFile=explorer.exe,3 [Taskbar] Command=ToggleDesktop

3) Save the file with the name ShowDesktop.scf some where on your system or on your desktop.
4) Drag and drop the file to the Quick launch area.

That’s it…

HowTo install TSM Backup client in Debian Squeeze (Ubuntu) 64bit

admin — Wed, 15 Jun 2011 12:09:07 +0000

1. Update Debian system and install required packages
# aptitude update # aptitude full-upgrade # aptitude install alien libstdc++6 ksh ia32-libs

2. Go to directory /usr/src/ and download latest package from IBM web site. After download unpack archive.
# cd /usr/src/ # wget "ftp://service.boulder.ibm.com/storage/tivoli-storage-management/maintenance/client/v6r2/Linux/LinuxX86/v622/6.2.2.0-TIV-TSMBAC-LinuxX86.tar" # tar -xvf 6.2.2.0-TIV-TSMBAC-LinuxX86.tar

3. Unpack RPM files
# alien -g -c TIVsm-API.i386.rpm # alien -g -c TIVsm-API64.i386.rpm # alien -g -c TIVsm-BA.i386.rpm # alien -g -c gskcrypt32-8.0.13.4.linux.x86.rpm # alien -g -c gskcrypt64-8.0.13.4.linux.x86_64.rpm # alien -g -c gskssl32-8.0.13.4.linux.x86.rpm # alien -g -c gskssl64-8.0.13.4.linux.x86_64.rpm

4. Make a correct path for debian build script
# mv TIVsm-API-6.2.2/debian TIVsm-API-6.2.2/DEBIAN # mv TIVsm-API64-6.2.2/debian TIVsm-API64-6.2.2/DEBIAN # mv TIVsm-BA-6.2.2/debian TIVsm-BA-6.2.2/DEBIAN # mv gskcrypt32-8.0/debian gskcrypt32-8.0/DEBIAN # mv gskcrypt64-8.0/debian gskcrypt64-8.0/DEBIAN # mv gskssl32-8.0/debian gskssl32-8.0/DEBIAN # mv gskssl64-8.0/debian gskssl64-8.0/DEBIAN

5. Make a correct file permissions for debian build script
# chmod 755 TIVsm-API-6.2.2/DEBIAN/{postinst,prerm} # chmod 755 TIVsm-API64-6.2.2/DEBIAN/{postinst,prerm} # chmod 755 TIVsm-BA-6.2.2/DEBIAN/{postinst,prerm} # chmod 755 gskcrypt32-8.0/DEBIAN/postinst # chmod 755 gskcrypt64-8.0/DEBIAN/postinst # chmod 755 gskssl32-8.0/DEBIAN/{postinst,prerm} # chmod 755 gskssl64-8.0/DEBIAN/{postinst,prerm}

6. Edit control files for each package
# vi TIVsm-API-6.2.2/DEBIAN/control Package: tivsm-api Version: 6.2.2 Architecture: amd64 Maintainer: Milan Kozak <hodza@hodza.net> Section: alien Priority: extra Description: IBM Tivoli Storage Manager API

# vi TIVsm-API64-6.2.2/DEBIAN/control Package: tivsm-api64 Version: 6.2.2 Architecture: amd64 Maintainer: Milan Kozak <hodza@hodza.net> Section: alien Priority: extra Description: IBM Tivoli Storage Manager API

# vi TIVsm-BA-6.2.2/DEBIAN/control Package: tivsm-ba Version: 6.2.2 Architecture: amd64 Maintainer: Milan Kozak <hodza@hodza.net> Section: alien Priority: extra Description: IBM Tivoli Storage Manager Client

# vi gskcrypt32-8.0/DEBIAN/control Package: gskcrypt32 Version: 8.0 Architecture: amd64 Maintainer: Milan Kozak <hodza@hodza.net> Section: alien Priority: extra Description: IBM GSKit Cryptography Runtime

# vi gskcrypt64-8.0/DEBIAN/control Package: gskcrypt64 Version: 8.0.13.4 Architecture: amd64 Maintainer: Milan Kozak <hodza@hodza.net> Section: alien Priority: extra Description: IBM GSKit Cryptography Runtime

# vi gskssl32-8.0/DEBIAN/control Package: gskssl32 Version: 8.0.13.4 Architecture: amd64 Maintainer: Milan Kozak <hodza@hodza.net> Section: alien Priority: extra Description: IBM GSKit SSL Runtime With Acme Toolkit

# vi gskssl64-8.0/DEBIAN/control Package: gskssl64 Version: 8.0.13.4 Architecture: amd64 Maintainer: Milan Kozak <hodza@hodza.net> Section: alien Priority: extra Description: IBM GSKit SSL Runtime With Acme Toolkit

7. Build deb packages
# dpkg -b TIVsm-API-6.2.2 # dpkg -b TIVsm-API64-6.2.2 # dpkg -b TIVsm-BA-6.2.2 # dpkg -b gskcrypt32-8.0 # dpkg -b gskcrypt64-8.0 # dpkg -b gskssl32-8.0 # dpkg -b gskssl64-8.0

8. Install all deb packages
# dpkg -i TIVsm-API-6.2.2.deb # dpkg -i TIVsm-API64-6.2.2.deb # dpkg -i TIVsm-BA-6.2.2.deb # dpkg -i gskcrypt32-8.0.deb # dpkg -i gskcrypt64-8.0.deb # dpkg -i gskssl32-8.0.deb # dpkg -i gskssl64-8.0.deb

9. Create missing symlinks
# ln -s /opt/tivoli/tsm/client/api/bin/libgpfs.so /lib32/ # ln -s /opt/tivoli/tsm/client/api/bin/libdmapi.so /lib32/ # ln -s /usr/lib/libgsk8cms.so /lib32/ # ln -s /usr/lib/libgsk8ssl.so /lib32/ # ln -s /usr/lib/libgsk8sys.so /lib32/ # ln -s /usr/lib/libgsk8iccs.so /lib32/

10. Test TSM Client
# dsmc

Generování Self-Signed Certifikátu skriptem

admin — Tue, 09 Jun 2009 07:23:11 +0000

Už mě to nebaví pořád psát, takže:

#!/bin/bash SERVER_NAME=$1 OPENSSL_PATH=/usr/bin/openssl $OPENSSL_PATH genrsa -des3 -out $SERVER_NAME.key 1024 $OPENSSL_PATH genrsa -out $SERVER_NAME.key 1024 $OPENSSL_PATH rsa -in $SERVER_NAME.key -out $SERVER_NAME.pem $OPENSSL_PATH req -new -key $SERVER_NAME.pem -out $SERVER_NAME.csr $OPENSSL_PATH x509 -req -days 365 -in $SERVER_NAME.csr -signkey $SERVER_NAME.pem -out $SERVER_NAME.crt

iptables v1.3.6: X Couldn’t load match `ipp2p’

admin — Thu, 13 Sep 2007 07:03:41 +0000

Také se Vám stalo, že kompilace IPP2P proběhla v pořádku, ale pčesto iptables hlásí při zavádění modulu chybové hlášení „iptables v1.3.6: X Couldn’t load match `ipp2p’„? Řešení je jednoduché – v souboru makefile zaměňte při vytváření knihovny ld za gcc. Celý postup s mým patchem naleznete zde:

apt-get install patch cd /usr/src wget http://ipp2p.org/downloads/ipp2p-0.8.2.tar.gz tar -xzf ipp2p-0.8.2.tar.gz cd ipp2p-0.8.2 wget http://hodza.net/wp-content/files/ipp2p-0.8.2.patch patch Makefile < ipp2p-0.8.2.patch make ...