posted Feb 8, 2013, 11:03 AM by Chris Franklin
[
updated Feb 8, 2013, 11:04 AM
]
Edit the file :
File/etc/security/limits.conf Add the fallowing : Add* - nofile 1024000 root soft nofile 824000 root hard nofile 1024000
Just Adding the "*" entery won't work, as it does not apply to the root users (aka super user).
TEMP FIX Run the Fallowing command as root: |
posted Feb 8, 2013, 4:10 AM by Chris Franklin
Script#!/bin/bash
/usr/bin/mysql -N -e "SELECT DISTINCT CONCAT('SELECT SQL_CACHE ',ndxcollist,' FROM ',db,'.',tb,' ORDER BY ',ndxcollist,';') SelectQueryToLoadCache FROM (SELECT engine,table_schema db,table_name tb,index_name,GROUP_CONCAT(column_name ORDER BY seq_in_index) ndxcollist FROM (SELECT B.engine,A.table_schema,A.table_name,A.index_name,A.column_name,A.seq_in_index FROM information_schema.statistics A INNER JOIN (SELECT engine,table_schema,table_name FROM information_schema.tables WHERE engine IN ('InnoDB','MyISAM')) B USING (table_schema,table_name) WHERE B.table_schema NOT IN ('information_schema','mysql') AND A.index_type <> 'FULLTEXT' ORDER BY table_schema,table_name,index_name,seq_in_index) A GROUP BY table_schema,table_name,index_name) AA ORDER BY engine DESC,db,tb;" | while read LINE; do
/usr/bin/mysql -N -e "${LINE}" > /dev/null
done; |
posted Jan 22, 2013, 5:31 AM by Chris Franklin
[
updated Jan 22, 2013, 5:33 AM
]
Text Boxecho "noop" > /sys/block/sda/queue/scheduler
cat /sys/block/sda/queue/scheduler |
posted Oct 5, 2012, 2:19 AM by Chris Franklin
Open a power shell (with admin rights!), then run the command commandwevtutil el | foreach { wevtutil cl $_ } |
posted Sep 3, 2012, 5:27 AM by Chris Franklin
[
updated Sep 3, 2012, 5:27 AM
]
echo "1" > /proc/sys/kernel/sysrq echo "b" > /proc/sysrq-trigger
Options for sysrp‘k’ – Kills all the process running on the current virtual console. ‘s’ – This will attempt to sync all the mounted file system. ‘b’ – Immediately reboot the system, without unmounting partitions or syncing. ‘e’ – Sends SIGTERM to all process except init. ‘m’ – Output current memory information to the console. ‘i’ – Send the SIGKILL signal to all processes except init ‘r’ – Switch the keyboard from raw mode (the mode used by programs such as X11), to XLATE mode. ‘s’ – sync all mounted file system. ‘t’ – Output a list of current tasks and their information to the console. ‘u’ – Remount all mounted filesystems in readonly mode. ‘o’ – Shutdown the system immediately. ‘p’ – Print the current registers and flags to the console. ’0-9′ – Sets the console log level, controlling which kernel messages will be printed to your console. ‘f’ – Will call oom_kill to kill process which takes more memory. ‘h’ – Used to display the help. But any other keys than the above listed will print help. Options for sysrq-trigger'r' - unraw (take control of keyboard back from X11, 'e' - terminate (send SIGTERM to all processes, allowing them to terminate gracefully), 'k' - kIll (send SIGILL to all processes, forcing them to terminate immediately), 's' - sync (flush data to disk), 'u' - Unmount (remount all filesystems read-only), reBoot. |
posted Apr 12, 2012, 5:52 AM by Chris Franklin
[
updated Apr 12, 2012, 5:55 AM
]
Servers- Open Regedit
- Goto
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
- Create a new DWORD called
- Values are
- 0 = Disable oplocks
- 1 = Enable oplocks
- Reboot
|
posted Apr 12, 2012, 5:41 AM by Chris Franklin
Disabling on the stations acting as OR in a client setup (Vista,win7,2008+). Clientssc config lanmanworkstation depend= bowser/mrxsmb10/nsi sc config mrxsmb20 start= disabled Disabling it on anything acting as a SERVER. Server- Run "regedit" on Windows Server 2008 based computer.
- Goto
- KLM\System\CurrentControlSet\Services\LanmanServer\Parameters
- Add a new REG_DWORD key name it
- The Values are as fallows
- Reboot the server.
|
posted Mar 13, 2012, 7:16 AM by Chris Franklin
[
updated Mar 20, 2012, 11:25 AM
]
my.cnf[mysqld] wait_timeout=52000 thread_cache_size=800 set-variable=max_connections=4000 datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql ## I dont use innodb skip-innodb old_passwords=1 log-slow-queries long_query_time = 2 long_query_time log-queries-not-using-indexes max_connect_errors = 1000 log_slow_queries=/var/log/mysqld.slow.log max_tmp_tables=2048 tmp_table_size=2000M max_heap_table_size=2000M read_buffer_size=1000M myisam_sort_buffer_size=1024M thread_concurrency=8 innodb_file_per_table=1 query-cache-type=1 query-cache-size=2000M
[mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid
Now just to force a quiery to be cached Example force cacheSELECT SQL_CACHE name,password,gid FROM groups
Create a PRE-Cache all indexed sql file PRE-Cache-SQL-FileSELECT DISTINCT CONCAT('SELECT SQL_CACHE ',ndxcollist,' FROM ', db,'.',tb,' ORDER BY ',ndxcollist,';') SelectQueryToLoadCache FROM ( SELECT engine,table_schema db,table_name tb,index_name, GROUP_CONCAT(column_name ORDER BY seq_in_index) ndxcollist FROM ( SELECT B.engine,A.table_schema,A.table_name, A.index_name,A.column_name,A.seq_in_index FROM information_schema.statistics A INNER JOIN (SELECT engine,table_schema,table_name FROM information_schema.tables WHERE engine IN ('InnoDB','MyISAM')) B USING (table_schema,table_name) WHERE B.table_schema NOT IN ('information_schema','mysql') AND A.index_type <> 'FULLTEXT' ORDER BY table_schema,table_name,index_name,seq_in_index ) A GROUP BY table_schema,table_name,index_name ) AA ORDER BY engine DESC,db,tb ;
|
posted Jan 5, 2010, 1:47 PM by Chris Franklin
We all know Squidguard can is used to “filtering” outbound web traffic. For out sites tat have things like ads,porn??,malware,proxies,etc. But I’ve come up with a way to use squidguard to protect my webserver from outside “would be” hackers. And best of all it’s easy to setup !!! Things you’ll need - Squid
- Squidguard
- iptables
- Possiably “yum” or “apt” if you don’t installing things from source
Steps: - install squid
- Install squidguard
yum install squidgaurd- or to save your self some time, you can install squidguard which has the Dependency of squid. So simply installing squidGuard 1st will install both.
- install iptables
Ok now for there configuration of each: - Squid : /etc/squid/squid.conf
- Setup squid to work as a normal transparent proxy for your domain. Do this even if your not going to use it as a “caching proxy”.
- Next setup the needed entries for allowing the outside access to use squid (but only to access your website(s) / domain(s) like so:
# Retain all the fully used incoming url (helps with debugging and seeing
# what the little buggers are up too).
strip_query_terms off
# Tells squid to listen on all ips using port 3128 and work in transparent mode
# Yes this should have already been set, but I figured why not cover it anyways
http_port 3128 transparent
# Change 10.1.97.0/24 to reflect your ip address range
acl mynetwork src 10.1.97.0/24
# change this to reflect your server external IP (unless it's nat'ed)
# then you'll want to set this to the nat'ed IP
acl mysite1 dst 66.93.12.247
# Delete this is you don't need a second IP
acl mysite2 dst 66.93.12.17
## Change these to say your DOMAIN name
## make sure the second one is YOUR domain name
## but then a . in front of it
acl mydomain1 dstdomain nomadcf.com
acl mydomain2 dstdomain .nomadcf.com
## These disable caching are website for the outside
## you way want to NOT do this. There are some pretty
## good gains from doing this. Your choice.
always_direct allow mydomain1
always_direct allow mydomain2
## Allow access to squid FROM
# Your network
http_access allow mynetwork
# to this ip from outside (anywhere really)
http_access allow mysite1
# to this second ip from outside (anywhere really)
http_access allow mysite2
# stop EVERY one else from using squid
http_access deny all
# Stops YOUR network from going though squidgaurd
# But it doesn't have to be this way, you can pass all
# side though squidguard and have squidguard filter
# differently based on src ip addresses / ip address ranges
# AND OR destinations domain,ip,url OR expressions.
url_rewrite_access deny mynetwork
## Allows the outsiders to go though the filter
url_rewrite_access allow mysite1
url_rewrite_access allow mysite2
# Tells squid where to and how to use squidguard
redirect_program /usr/bin/squidGuard -c /etc/squid/squidguard.conf
# Tells squid how many copies of squidguard to start (squidguard is
# single threaded you'll to might need a few of them)
redirect_children 15
# If all the squidguard copies are in use, we'll have to allow unfiltered
# access to YOUR site(s) / domain(s). Or you could set this to "Off"
# which would just stop people from access your site(s) / domain(s)
# until a squidguard thread was freeded up.
# "I" recommend leving this on, but watching your squid logs. And if
# need be increasing your redirect_children to match whats needed
# plus some room to grow. Then when YOU feel comfortable turn this
# to "Off".
redirector_bypass on
- Setup squidguard : /etc/squid/squidguard.conf
# location of where you want to store your
# ip address lists, expressions, etc
dbhome /var/lib/squidguard
# location of where you want it to write
# out it's log files
logdir /var/log/squidguard
# This will be how squidguard knows of the
# ip addresses or ranges we want block
src hacker_ipaddresses {
# this is the name of the file
# relative to dbhome location
iplist hacker_ips
# log all thoughs we catch this way
log hacker_ipaddresses.log
}
# this is how squidguard knows what
# expressions to look for and block in
#the incoming URLs
dest hacker_expressions {
# this is the name of the file
# relative to dbhome location
expressionlist hacker_expressions
# log all thoughs we catch this way
log hacker_expressions.log
}
# YOUR networks ip addreses and ranges
# along with localhost
src network {
ip 10.1.97.0/24
ip 127.0.0.1/255.255.255.255
}
acl {
network {
# do not filter YOUR network
pass all
}
hacker_ipaddresses {
# Block all though who come from ip
# addresses we don't like
pass none
# Redirect them to some other site,
# with some info about them
redirect http://www.google.com/?caddr=%a&cname=%n&user=%i&group=%s&url=%u&target=%t
}
default {
# Block only those with expressions we don't want
# and let every one in
pass !hacker_expressions all
# Redirect them to some other site,
# with some info about them
redirect http://http://www.google.com/?caddr=%a&cname=%n&user=%i&group=%s&url=%u&target=%t
}
}
- Setup iptables : /etc/rc.d/rc.proxy
#!/bin/bash
#This is the location of iptables
IPTABLES=/sbin/iptables
# This is the ip address of the of your squid server
SquidAddress=10.1.97.4
# Redirect <strong>all</strong> traffic going to port 80 to squid
$IPTABLES -t nat -A PREROUTING -s ! $SquidAddress -p tcp --dport 80 -j DNAT --to $SquidAddress:3128
Now your almost done, from here you only need to populate the files - /var/lib/squidguard/hacker_expressions
- /var/lib/squidguard/hacker_ips
Heres an example of /var/lib/squidguard/hacker_expressions Config_absolute_path
includepath
GALLERY_BASEDIR
passwd
\.\.\/ The above will BLOCK any all these exmaple: http://www.nomadcf.com/?includepath=http://www.google.com
http://www.nomadcf.com/?open=../../passwd
http://www.nomadcf.com/?includepath=/tmp/hacked.txt
http://www.nomadcf.com/?look=here&Config_absolute_path=&tom=chris
http://www.nomadcf.com/?something=thisthing&GALLERY_BASEDIR=anything Heres an example of /var/lib/squidguard/hacker_ips 25.224.0.0-125.231.255.255
125.232.0.0-125.233.255.255
134.208.0.0-134.208.255.255
139.175.0.0-139.175.255.255
139.223.0.0-139.223.255.255
140.92.0.0-140.92.255.255
140.96.0.0-140.96.255.255
140.109.0.0-140.109.255.255
140.110.0.0-140.110.255.255
|
|
