Java/Tomcat Installation

Java Installation:
======================

I chose to install Sun’s Java 2 Platform, Standard Edition, which can be downloaded from http://java.sun.com/j2se/). I chose the J2SE v1.4.2 SDK Linux self-extracting binary file.

Change to the directory where you downloaded the SDK and make the self-extracting binary executable:

chmod +x j2sdk-1_4_2-linux-i586.bin

Run the self-extracting binary:

./j2sdk-1_4_2-linux-i586.bin

here should now be a directory called j2sdk1.4.2 in the download directory. Move the SDK directory to where you want it to be installed. I chose to install it in /usr/java. Create /usr/java if it doesn’t exist. Here is the command I used from inside the download directory:

mv j2sdk1.4.2 /usr/java

Set the JAVA_HOME environment variable, by modifying /etc/profile so it includes the following:

JAVA_HOME=”/usr/java/j2sdk1.4.2″
export JAVA_HOME

/etc/profile is run at startup and when a user logs into the system, so you will need to log out and log back in for JAVA_HOME to be defined.

You should have to logout from the server to check whether its workgin fine.

exit
su –

Check to make sure JAVA_HOME is defined correctly using the command below. You should see the path to your Java SDK.

Check to make sure JAVA_HOME is defined correctly using the command below. You should see the path to your Java SDK.

TOMCAT Installation:
=========================

Download it from

http://tomcat.apache.org/

You will install and configure Tomcat as root; however, you should create a dedicated group and user account for Tomcat to run under as follows:

groupadd tomcat

useradd -g tomcat tomcat

tar xvzf apche-tomcat-5.0.28.tar.gz

mv jakarta-tomcat-5.0.28 /usr/local/

chown -R tomcat.tomcat /usr/local/apache-tomcat-5.0.28

cd /usr/local/apache-tomcat-5.0.28/bin

tar -xvzf jsvc.tar.gz

cd jsvc-src

chmod +x configure

./configure

make

cp jsvc ..

cd ..

./startup.sh

open web browser and type http://localhost:8080/ you should see the Tomcat Administration page

go to webapps/ROOT in the tomcat directory and create page hello.html and write in it

Hello Tomcat

open the URL http://localhost:8080/hello.html you should see your page

* Make JSP page

go to webapps/ROOT in the tomcat directory and create page hello.jsp and write in it the following lines

save and run the following URL http://localhost:8080/hello.jsp you should see the texy “Hello World”

* Monitor Tomcat

you can see the log file in the logs directory

* Stop Tomcat

go to the tomcat bin directory

#./shutdown.sh

You can add users in

cd /usr/local/tomcat/conf
vi tomcat-users.xml

And access it at

http://localhost:8080/manager/html

Username : from tomcat-users.xml
Password : l…

🙂

Read Full Post »

Apache2 mod_fastcgi: Connect to External PHP via UNIX Socket or TCP/IP Port:

Apache2 mod_fastcgi: Connect to External PHP via UNIX Socket or TCP/IP Port
==============================================

Required utilities:
=======================

You can spawn FastCGI processes using a dispatcher script or using spawn-fcgi utility, which is used to spawn remote FastCGI processes. spawn-fcgi included with lighttpd web server. You can grab source code from lighttpd.net or simply install it using lighttpd as follows (you need EPEL repo enabled under RHEL / CentOS / Fedora Linux):
# yum install lighttpd-fastcgi
# cp /usr/bin/spawn-fcgi /tmp
# yum remove lighttpd-fastcgi
# mv /tmp/spawn-fcgi /usr/bin/spawn-fcgi

lighttpd-fastcgi is FastCGI module and spawning helper for lighttpd and PHP configuration.

How do spawning php as TCP/IP remote app?
==========================================

Use /usr/bin/spawn-fcgi as follows, enter:

# /usr/bin/spawn-fcgi -f /usr/bin/php-cgi -a 192.168.1.10 -p 9000 -P /var/run/php-cgi.fastcgi.pid -u apache -g apache
You can also jail php, using following syntax (make sure /var/run/ and /usr/bin/php-cgi exists inside jail directory):
# /usr/bin/spawn-fcgi -c /httpdjail -a 192.168.1.10 -p 9000 -P /var/run/php-cgi.fastcgi.pid -u apache -g apache — /usr/bin/php-cgi

Where,

* -f /usr/bin/php-cgi: Filename of the fcgi-application
* -a 192.168.1.10 : Bind to ip address
* -p 9000 : Bind to tcp-port
* -P /var/run/php-cgi.fastcgi.pid: Name of PID-file for spawed process
* -c /httpdjail : Chroot to directory (security feature)
* -u apache : Change to user-id (security feature – drop root user privileges to apache user)
* -g apache : Change to group-id (security feature – drop root group privileges to apache group)

Configure Apache 2 mod_fastcgi connect to external PHP fcgi application:
============================================

Above command will run php fcgi on 192.168.1.10:9000. Here is our sample setup:

1. 192.168.1.10 port 9000 : PHP FastCGI server
2. 192.168.1.11 port 9000 : Python or Ruby on rails cgi process
3. 202.54.1.20 port 80 : Apache 2 running mod_fastcgi (DocumentRoot set to /webroot/http)

Open your httpd.conf on 202.54.1.20, enter:

# vi /etc/httpd/conf/httpd.conf

Locate your domain VirtualHost configuration and append following two directives:

AddHandler php5-fastcgi .php
FastCgiExternalServer /webroot/http -host 192.168.1.10:9000

Here is complete snippet from one my box:
=========================

ServerAdmin webmaster@abcd.com
DocumentRoot /webroot/http
ServerName abcd.com
ErrorLog logs/abcd.com-error_log
CustomLog logs/abcd.com-access_log common
AddHandler php5-fastcgi .php
FastCgiExternalServer /webroot/http -host 192.168.1.10:9000

Save and close the file. Restart httpd:
# service httpd restart
Make sure iptables is configured to allow communication between public and private fastcgi server.

How do I configure PHP FastCGI via UNIX sockets?
==============================

UNIX sockets are faster as compare to TCP/IP sockets. However, they do not support remote spawning. Create /tmp/php.socket as follows:
# /usr/bin/spawn-fcgi -f /usr/bin/php-cgi -s /tmp/php.socket -u apache -g apache
Add following configuration to your httpd.conf virtual host:

AddHandler php5-fastcgi .php
FastCgiExternalServer /webroot/http -socket /tmp/php.socket

Save and close the file. Restart httpd, type:
# service httpd restart

mod_fastcgi has lots of other options. Please refer to Apache and mod_fastcgi documentation for further information.

🙂

Read Full Post »

Top 10 Linux Virtualization Software:

Top 10 Linux Virtualization Software:
=====================================

Virtualization is the latest buzz word. You may wonder computers are getting cheaper every day, why should I care and why should I use virtualization? Virtualization is a broad term that refers to the abstraction of computer resources such as:

1. Platform Virtualization
2. Resource Virtualization
3. Storage Virtualization
4. Network Virtualization
5. Desktop Virtualization

This article describes why you need virtualization and list commonly used FOSS and proprietary Linux virtualization software.

Why should I use virtualization?
==================================

* Consolidation – It means combining multiple software workloads on one computer system. You can run various virtual machines in order to save money and power (electricity).
* Testing – You can test various configuration. You can create less resource hungry and low priority virtual machines (VM). Often, I test new Linux distro inside VM. This is also good for students who wish to learn new operating systems and programming languages / database without making any changes to working environment. At my work place I give developers virtual test machines for testing and debugging their software.
* Security and Isolation – If mail server or any other app gets cracked, only that VM will be under control of the attacker. Also, isolation means misbehaving apps (e.g. memory leaks) cannot bring down whole server.

Open Source Linux Virtualization Software:
========================================

1. OpenVZ is an operating system-level virtualization technology based on the Linux kernel and operating system.
2. Xen is a virtual machine monitor for 32 / 64 bit Intel / AMD (IA 64) and PowerPC 970 architectures. It allows several guest operating systems to be executed on the same computer hardware concurrently. XEN is included with most popular Linux distributions such as Debian, Ubuntu, CentOS, RHEL, Fedora and many others.
3. Kernel-based Virtual Machine (KVM) is a Linux kernel virtualization infrastructure. KVM currently supports native virtualization using Intel VT or AMD-V. A wide variety of guest operating systems work with KVM, including many flavours of Linux, BSD, Solaris, and Windows etc. KVM is included with Debian, OpenSuse and other Linux distributions.
4. Linux-VServer is a virtual private server implementation done by adding operating system-level virtualization capabilities to the Linux kernel.
5. VirtualBox is an x86 virtualization software package, developed by Sun Microsystems as part of its Sun xVM virtualization platform. Supported host operating systems include Linux, Mac OS X, OS/2 Warp, Windows XP or Vista, and Solaris, while supported guest operating systems include FreeBSD, Linux, OpenBSD, OS/2 Warp, Windows and Solaris.
6. Bochs is a portable x86 and AMD64 PC emulator and debugger. Many guest operating systems can be run using the emulator including DOS, several versions of Microsoft Windows, BSDs, Linux, AmigaOS, Rhapsody and MorphOS. Bochs can run on many host operating systems, like Windows, Windows Mobile, Linux and Mac OS X.
7. User Mode Linux (UML) was the first virtualization technology for Linux. User-mode Linux is generally considered to have lower performance than some competing technologies, such as Xen and OpenVZ. Future work in adding support for x86 virtualization to UML may reduce this disadvantage.

Proprietary Linux Virtualization Software:
=======================================

1. VMware ESX Server and VMWare Server – VMware Server (also known as GSX Server) is an entry-level server virtualization software. VMware ESX Server is an enterprise-level virtualization product providing data center virtualization. It can run various guest operating systems such as FreeBSD, Linux, Solaris, Windows and others.
2. Commercial implementations of XEN available with various features and support.
* Citrix XenServer : XenServer is based on the open source Xen hypervisor, an exceptionally lean technology that delivers low overhead and near-native performance.
* Oracle VM : Oracle VM is based on the open-source Xen hypervisor technology, supports both Windows and Linux guests and includes an integrated Web browser based management console. Oracle VM features fully tested and certified Oracle Applications stack in an enterprise virtualization environment.
* Sun xVM : The xVM Server uses a bare-metal hypervisor based on the open source Xen under a Solaris environment on x86-64 systems. On SPARC systems, xVM is based on Sun’s Logical Domains and Solaris. Sun plans to support Microsoft Windows (on x86-64 systems only), Linux, and Solaris as guest operating systems.
3. Parallels Virtuozzo Containers – It is an operating system-level virtualization product designed for large-scale homegenous server environments and data centers. Parallels Virtuozzo Containers is compatible with x86, x86-64 and IA-64 platforms. You can run various Linux distributions inside Parallels Virtuozzo Containers.

Personally, I’ve used VMware ESX / Server, XEN, OpenVZ and VirtualBox.

🙂

Read Full Post »

Preventing Brute Force Attacks

Blocking and preventing brute force attacks is one of the main things you want to do on your web server to add a layer of security.

–How the brute force attack works
Hackers can try to get into your system using a few different methods.

1) Manual login attempts, they will try to type in a few usernames and passwords

2) Dictionary based attacks, automated scripts and programs will try guessing thousands of usernames and passwords from a dictionary file, sometimes a file for usernames and another file for passwords.

3) Generated logins, a cracking program will generate random usernames set by the user. They could generate numbers only, a combination of numbers and letters or other combinations.

–Signs of a brute force attempt
You can easily spot a brute force attempt by checking your servers log files. You will see a series of failed login attempts for the service they’re trying to break into.

# pico /var/log/secure
or
# tail –f /var/log/secure

Check for failed login attemps such as:
Apr 11 19:02:10 fox proftpd[6950]: yourserver (usersip[usersip]) – USER theusername (Login failed): Incorrect password.

–How to prevent a brute force attack
There are a few main ways to stop a brute force attack we’ll cover;

1) restricting the amount of login attempts that a user can perform

2) banning a users IP after multiple failed login attempts

3) keep a close eye on your log files for suspicious login attempts

–Tools to stop and prevent brute force hack attempts
Never enable demo or guest accounts as they will be the first way an attacker will get access into your system and further exploit it.
Never have more than one user in the root group.
APF & BFD
LogWatch
Report Attackers

For a full view of this article and more helpful information regarding security please visit: http://www.webhostgear.com/240.html

Read Full Post »

Upgrading PostgreSQL to 8.1

Warning:
=====

First, do it by your risk and IF you know what your doing AND IF you do really need and AND IF your customers do not use postgres on this server yet.

DO NOT UPGRADE IT ON PRODUCTION SERVERS UNLESS YOU’RE SURE ABOUT DOING IT. THERE IS NO WAY TO GO BACK!!!!

ALSO, USING POSTGRES WITH CPANEL ISN’T RECOMMENDED WITHOUT ANOTHER BACKUP SYSTEM: CPANEL CURRENTLY IS BUGGED AND DOES NOT MAKE BACKUPS OF POSTGRES 8.1 DATABASES!!!

Currently I’m on testing phase on a RHEL3.

Using this howto:
==========

# logged as root
$ logged as postgres user

Backuping-up your databases:
==================

Let get a fresh postgres data backup:

# su – postgres
$ pg_dumpall > /tmp/dbdo28.out
$ exit

If an error like ‘pg_dumpall: could not connect to database template1: FATAL: Password authentication failed for user “postgres”‘ appear, you’ll need to do section 1.1 above, otherwise skip next section..

Downloading PostgreSQL 8.1:
=================

go to http://www.postgresql.org/download/ download following rpm on some temporary place like /root/src:

* postgresql-8.1.x.rpm
* postgresql-libs-8.1.x.rpm
* postgresql-devel-8.1.x.rpm
* postgresql-python-8.1.x.rpm
* postgresql-server-8.1.x.rpm

Moving postgresql database and removing old install:
================================

1. mv -f /var/lib/pgsql /root/pgsql.old
2. rpm -e rh-postgresql rh-postgresql-devel rh-postgresql-python rh-postgresql-server

Do not remove rh-postgresql-libs. It is needed to courier-authlib compatibily.

Installing new version:
==============

rpm -ivh postgresql-*

Restarting Postgres”
============
Restart postgres with

# service postgresql restart

Restoring your backup:
==============
# su – postgres
$ psql -f /tmp/dbdo28.out template1
$ exit

Changing Postgres config at cPanel:
=====================

change pgsql password on cpanel “postgres config” option to something random and click on intall config.

Moving old Postgres databases to a safer place:
============================

make sure you have an old copy

# mv /tmp/dbdo28.out /root

Restarting Postgres again:
================

Restart postgres with

# service postgresql restart

Recompiling apache/php:
===============

If you do have PHP compiled with Postgres, you need to recompile it by cPanel WHM.

Making daily postgres backups:
==================

Installing PostgreSQL 8.1 breake cPanel backup for now. So, we do need to use an alternative.

Getting postgres login:

su -l postgres

Put following content on /var/lib/pgsql/backup.sh

#!/bin/sh
DATA=`/bin/date +%F`
BKPFILE=/var/lib/pgsql/dbback-${DATA}.sql
pg_dumpall > ${BKPFILE}
umask 077
gzip ${BKPFILE}

Add exec privileges to backup script:

chmod 0700 /var/lib/pgsql/backup.sh

Add it to crontab with: crontab -e -u postgres

10 2 * * * /var/lib/pgsql/backup.sh

It will run every day at 2:10 AM.

Note that this backup solution is just a copy of all postgres databases.

We hope cPanel fix postgres in /script/pckgact backup .
🙂

Read Full Post »

How-To: Copy of incoming and outgoing mails of specific users sent to other user on Exim..

Outgoing email:
=========
Turning on system_filter

Just check if on exim.conf there should be a line:

system_filter = /etc/antivirus.exim

So, edit /etc/antivirus.exim.

There should be a line on the top of this file:

if not first_delivery
then
finish
endif

Ingoing email:
=========

if $header_to contains “@yourdomain.com” or $header_cc contains “@yourdomain.com” or $header_bcc contains “@yourdomain.com” or $header_envelope_to contains “@yourdomain.comr”
then
unseen deliver you@otherdomain.com
endif

Adding a domain copy:
==============

if $sender_address_domain is “yourdomain.com”
then
unseen deliver you@otherdomain.com
endif

* you@otherdomain.com is the email which will recive the copies
* yourdomain.com is the domain which will be copied

Adding an email specific copy:
===================

if $sender_address is “email@yourdomain.com”
then
unseen deliver you@otherdomain.com
endif

* you@otherdomain.com is the email which will recive the copies
* email@yourdomain.com is the email which will be copied

Read Full Post »

Installing SVN

SVN is a version management tool “much like CVS”. It is used to develop many large sites online, amongst them LastFM (http://www.last.fm) and Flickr (http://www.flickr.com/). It has been in development for many years and there are a wide range of OS compatible versions available.

In this example, we will show you how to install using the RPM’s and Source for Red Hat Enteprise 3, others can be found in the directories at SummerSoft (http://summersoft.fay.ar.us/pub/subversion/latest/). Each version page provides the end user with some guidance notes on what to install and the requirements.

Setting up Source Directory:
=================

Create a source directory

mkdir /usr/local/src/subversion

Navigate to the directory created above

cd /usr/local/src/subversion

Using RPM’s:
=========

Use WGET to retrieve via HTTP each of the following files:

wget http://summersoft.fay.ar.us/pub/subversion/latest/rhel-3/bin/subversion-1.2.3-1.rhel3.i386.rpm
wget http://summersoft.fay.ar.us/pub/subversion/latest/rhel-3/bin/subversion-devel-1.2.3-1.rhel3.i386.rpm
wget http://summersoft.fay.ar.us/pub/subversion/latest/rhel-3/bin/subversion-debuginfo-1.2.3-1.rhel3.i386.rpm
wget http://summersoft.fay.ar.us/pub/subversion/latest/rhel-3/bin/neon-0.24.7-1.i386.rpm
wget http://summersoft.fay.ar.us/pub/subversion/latest/rhel-3/bin/mod_dav_svn-1.2.3-1.rhel3.i386.rpm

Run the RPM install command:

rpm -Uvh *rpm

Installing Source:
==========
1. Download and extract the source tarball of subversion.

# wget http://subversion.tigris.org/downloads/subversion-1.4.3.tar.gz
# tar -xzf subversion-1.4.3.tar.gz

2. Download and extract subversion dependency package to the same directory where subversion-1.4.3 resides.

# wget http://subversion.tigris.org/downloads/subversion-deps-1.4.3.tar.gz
# tar -xzf subversion-deps-1.4.3.tar.gz

3. Install Subversion

# cd subversion-1.4.3
# ./configure
# make
# make install

That’s all..

Read Full Post »

Apache 2 / cPanel

In this article, you can find lot of information about Apache 2 / cPanel 11+, mainly how to change things on httpd.conf on the right way.

FILE SCRIPTS:
=========

/var/cpanel/userdata/USER/
store individual vhosts information

/usr/local/apache/conf/httpd.conf
main httpd.conf – do not edit it directly, as cPanel rebuilt it from templates

/usr/local/cpanel/bin/build_apache_conf
cPanel script to rebuild httpd.conf from templates

/usr/local/cpanel/bin/apache_conf_distiller –update
cPanel script that try to guess what you changed on last edit on httpd.conf, do not work in all the cases

/var/cpanel/templates/apache2/
directory of httpd.conf templates

/usr/local/apache/conf/includes/
directory of includes:

* post_virtualhost_2.conf – included at end of virtualhosts
* pre_main_2.conf – included at top of httpd.conf
* pre_virtualhost_2.conf – included before virtualhosts

/usr/share/ssl/certs/
all certificates requests (*.csr) and public certificates files (*.crt)

/usr/share/ssl/private
all certificates private keys (*.key)

Creating Apache userdata skel:
===================

Sometimes when upgrading Apache cPanel doesn’t create userdata directories, nether users directories inside userdata. So, run these commands (they won’t remove any data)

mkdir /usr/local/apache/conf/userdata/ssl/1 -p
mkdir /usr/local/apache/conf/userdata/ssl/2 -p
mkdir /usr/local/apache/conf/userdata/std/1 -p
mkdir /usr/local/apache/conf/userdata/std/2 -p

To create a user specific directory to store it configuration, for example, on std (http) and apache 2:

mkdir /usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN -p

Where USERNAME is domain unix user and domain is it domain.

Store your virtualhost configuration inside /usr/local/apache/conf/userdata/std/2/USERNAME/DOMAIN/foo.conf

Where foo.conf is something you can remember, as svn.conf

After that:

/usr/local/cpanel/bin/build_apache_conf

Uninstalling a SSL:
===========

Easy way:: Just call:

/scripts/killsslvhost DOMAIN

Hard way:

* move /var/cpanel/userdata/USER/*_SSL to a safe place

mkdir /root/oldssl
mv /var/cpanel/userdata/USER/*_SSL /root/oldssl

* run build_apache_conf:

/usr/local/cpanel/bin/build_apache_conf

* restart httpd:

service httpd restart

Read Full Post »