twitter
    Find out what I'm doing, Follow Me :)

Tuesday, November 19, 2013

MYSQL - How would I Export tables specifying only certain fields?

Backup mysql database table for specific date and time stamp using OUTFILE.

You need the FILE privilege to do this, and it won't overwrite files.
INTO OUTFILE has a bunch of options to it as well, such as FIELDS ENCLOSED BY, FIELDS ESCAPED BY, etc... that you may want to look up in the manual.
To produce a CSV file, you would do something like:

Example:SELECT A,B,C
INTO OUTFILE '/tmp/result.txt'
FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'
LINES TERMINATED BY '\n'
FROM X;
1. dump mysql data and output

SELECT c_tEzaudit_ID, c_tEzaudit_op, c_tEzaudit_user, c_tEzaudit_orgid, c_tEzaudit_sno, c_tEzaudit_actby, c_tEzaudit_msg, c_tEzaudit_result, c_tEzaudit_create_time INTO OUTFILE '/tmp/result.txt' FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\n' FROM tEzaudit where c_tEzaudit_create_time BETWEEN '2013-06-01 ' AND '2013-06-02';

OR

SELECT * INTO OUTFILE '/tmp/result1.txt' FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\n' FROM tEzaudit where c_tEzaudit_create_time BETWEEN '2013-06-01 ' AND '2013-06-02';

2.To load the data back in from the file, use the LOAD DATA INFILE command with the same options you used to dump it out. For the CSV format above, that would be

Example:
LOAD DATA INFILE '/tmp/result.txt'
INTO TABLE X
FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"'
LINES TERMINATED BY '\n';
LOAD DATA INFILE '/tmp/result.txt' INTO TABLE tEzaudit FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\n';

Monday, July 15, 2013

Jboss Hardening Guide

Jboss Hardening Guide

a)Secure the Jboss 4 and 5 JMX console
b)Secure the Jboss 4 and 5 Web Console


a)Secure the Jboss 4 and 5 JMX console
How to secure the JMX Console

I am using jboss-5.1.0.GA. If you are using a different version then the names of the directories and files may differ.

Step 1: jboss-web.xml
Uncomment the java:/jaas/jmx-console line in the JBOSS_HOME/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml file.

Step 2: web.xml
Uncomment the following section in the JBOSS_HOME/server/default/deploy/jmx-console.war/WEB-INF/web.xml file.

    
       HtmlAdaptor
       An example security config that only allows users with the
         role JBossAdmin to access the HTML JMX console web application
      

       /*
       GET
       POST
    

    
       JBossAdmin
    

  
Step 3: Set the username, password and role
Set the username and password in the JBOSS_HOME/server/default/conf/props/jmx-console-users.properties file. Example: admin=password


Set the role in the JBOSS_HOME/server/default/conf/props/jmx-console-roles.properties file. Example: admin=JBossAdmin,HttpInvoker

Step 4: login-config.xml
Ensure that the JBOSS_HOME/server/default/conf/login-config.xml file is configured to use the correct properties files for the jmx-console


      
                       flag = "required">
           props/jmx-console-users.properties
           props/jmx-console-roles.properties
         

      

   


Now when you try to access the jmx-console, via http://localhost:8080/jmx-console, you will be prompted to login.

b)Secure the Jboss 4 and 5 Web Console
The steps to secure the web-console are very similar to the steps above. Take note of the following:

For steps 1 and 2:
The jboss-web.xml file and the web.xml file for the web-console can be found in theJBOSS_HOME\server\default\deploy\management\console-mgr.sar\web-console.war\WEB-INF directory.

For step 3:
You can either use the same jmx-console-users.properties and jmx-console-roles.properties files or you can create new web-console-users.properties and web-console-roles.properties files to configure the username, password and role.

For step 4:
Ensure that the JBOSS_HOME/server/default/conf/login-config.xml file is configured to use the correct properties files for the web-console.

The web-console will now prompt the user to login.

Thursday, June 13, 2013

Httpd tutorial

  1. How to disable directory browsing in apache/httpd?
open httpd.conf and find the line that looks as follows:
Options Includes Indexes FollowSymLinks MultiViews
then remove word Indexes and save the file. The line should look like this one:
Options Includes FollowSymLinks MultiViews

     2. Configure httpd SSL
# yum install mod_ssl
# make a SSL certificate, go to /etc/pki/tls/certs
# openssl genrsa -des3 -out cert.key 2048
# openssl req -new -key cert.key -out cert.csr
# openssl x509 -req -in cert.csr -days 365 -signkey cert.key -out ca.crt
     2.edit ssl.conf file ( /etc/httpd/conf.d/ssl.conf)
          SSLCertificateFile /etc/pki/tls/certs/ca.crt       
          SSLCertificateKeyFile /etc/pki/tls/certs/cert.key   
          # service httpd start

   3. To enable reverse proxy in in https
add below line in end of httpd.conf file.
ProxyPass /ezmcom http://localhost:8080/ezmcom
ProxyPassReverse /ezmcom http://localhost:8080/ezmcom

Note: To redirect SSL portal 
  1. Enable htppd ssl
  2. copy and paste below line in httpd.conf file and restart
    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"


    Wednesday, December 5, 2012

    Howto: Squid proxy authentication using ncsa_auth helper Centos 6.2


    Configure an NCSA-style username and password authentication
    1.htpasswd -c /etc/squid/passwd user1
    2.chmod o+r /etc/squid/passwd

     Locate nsca_auth authentication helper
     If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
    3. rpm -ql squid | grep ncsa_auth

    4.add below line in the TOP of squid.conf file. Remember on the TOP.

    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    auth_param basic casesensitive off

    (Add this to the bottom of the ACL section of squid.conf)
    acl ncsa_users proxy_auth REQUIRED 
    (Add this at the top of the http_access section of squid.conf)
    http_access allow ncsa_users 

    e.g.
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    acl ncsa_users proxy_auth REQUIRED

    # Only allow cachemgr access from localhost
    http_access allow ncsa_users
    http_access allow manager localhost
    http_access allow our_networks
    http_access deny manager

    5. /etc/init.d/squid restart

    Wednesday, April 20, 2011

    NTP SERVER AND CLIENT CONFIGURATION

    ====================================================================
    Configure NTP Server
    ====================================================================
    Note: NTP server IP:192.168.2.40
             NTP client2 IP: 192.168.2.2
             NTP client2 IP: 192.168.2.2

    # Make sure to install ntp

    ** Step To create NTP server

    # chkconfig ntpd on

    # edit /etc/ntp.conf

        --> add this line :

                                 peer 192.168.2.2
                                 peer 192.168.2.3

    # edit /etc/sysconfig/iptables

        --> please enable port 123

    # restart ntpd

        --> /etc/init.d/ntpd restart

    # restart firewall

        --> /etc/init.d/iptables restart
    =======================================================================
    ** To configure NTP client to syn with NTP server
    =======================================================================
    # edit /etc/ntp.conf

        --> add this line :

                            restrict 192.168.2.40 mask 255.255.255.0 nomodify notrap noquery
      
                            server 192.168.2.40

                            ** comment out others restrict ..... mask 255.255.255.0 nomodify notrap noquery

    # edit /etc/ntp/ntpservers

        --> add this line :

                            192.168.2.40

                            ** comment out others server IP/url

    # edit /etc/ntp/step-tickers

        --> add this line :

                            192.168.2.40


    # edit /etc/sysconfig/iptables

         --> please enable port 123

    # restart ntpd

          --> /etc/init.d/ntpd restart

    # restart firewall

          --> /etc/init.d/iptables restart

    # fire this command to set the local date and time:

                           ntpdate -u server_IP

    # fire this command to query the NTP server-client synchronisation:

                           ntpq -pn

    ****************************************************************************
    ****************************************************************************
    TESTING

    SERVER
    # update the time and date

    CLIENT
    # fire command : ntpdate -u 192.168.2.40
    # fire comamnd : ntpq -pn

    Creadit to chikaro Natrah

    Friday, April 15, 2011

    SSL LDAP how to in Centos

    1.Install LDAP
    # yum install openldap-servers openldap-clients nss_ldap

    2.Copy DB_CONFIG
    #cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG

    3.Created encrypted password for slapd
    # slappasswd
    {SSHA}372BLnDbuRFpPdQpKi2SRISPaoQEcQW9

    4.copy and pasted above encrypted password into slapd.conf
    # rootpw                {crypt}ijFYNcSNctBYg    <--------------replace here

    5.Change rootDN and suffix accordingly like below example
    suffix          "dc=ezmcom,dc=com"
    rootdn        "cn=Administrator,dc=ezmcom,dc=com"
    6.uncomment below parts
    #vi /etc/openldap/slapd.conf
    TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
    TLSCertificateFile /etc/pki/tls/certs/slapd.pem
    TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

    7.edit ldap.conf file and change to
    #vi /etc/openldap/ldap.conf
    base dc=ezmcom,dc=com
    uri ldap://127.0.0.1:636
    TLS_CACERTDIR /etc/openldap/cacerts   
    ssl start_tls

    8.Generate an RSA key using below command.
    #openssl genrsa -out cert.key 1024
    #openssl req -new -key cert.key -out cert.csr
    Note:common name should match with ur suffix dc (ezmcom)

    9.Generate self-signing certificate using below command
    #openssl x509 -req -in cert.csr -days 365 -signkey cert.key -out cert.crt

    10.restart ldap
    #/etc/init.d/ldap restart

    Credit to chikaro Natrah. ehehe

    Wednesday, February 23, 2011

    How to Configure VPN (PPTP) Server on CentOS

    In this document you will find the steps on how to build a Linux Point to Point Tunneling Protocol (PPTP) server using Poptop.
    This allows roaming users to connect to their corporate network from anywhere on the Internet securely and inexpensively.
    It supports Windows 95/98/Me/NT/2000/XP PPTP clients and Linux PPTP clients.
    Requirements: -
    Server: CentOS 5.3
    kernel-2.6.18-128.el5
    ppp-2.4.4-2.el5
    pptpd-1.3.4-1.rhel5

    Kernel version 2.6.15 or above has MPPE built-in which is required for MSCHAPv2. CentOS 5 kernel version is 2.6.18 that means you do not need to install the MPPE module. CentOS 5comes with ppp-2.4.4-1.el5 and it is MPPE support enabled.

    Step-1: Install ppp if already not installed and Check if kernel supports MPPE
    #yum install ppp
    Run the command below to test if your kernel supports MPPE and you should get a return an “ok”: -
    #modprobe ppp-compress-18 && echo ok

    Step-2: Install PPTPD
    You cannot install the pptpd using yum utility because it’s not in yum repo. Download the RPM file pptpd-1.3.4-1.rhel5.1.i386.rpm from http://poptop.sourceforge.net/yum/stable/packages/

    #wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm
    Install the RPM by running this command: -
    #rpm -ivh pptpd-1.3.4-2.rhel5.x86_64.rpm

    Step-3: Configuration
    Change the /etc/ppp/options.pptpd as below: -
    #vi /etc/ppp/options.pptpd
    name pptpd
    refuse-pap
    refuse-chap
    refuse-mschap
    require-mschap-v2
    require-mppe-128
    proxyarp
    lock
    nobsdcomp
    novj
    novjccomp
    nologfd

    Change the following file /etc/pptpd.conf
    #vi /etc/pptpd.conf
    option /etc/ppp/options.pptpd
    logwtmp
    localip 192.168.2.1
    remoteip 192.168.2.11-15

    Add the following username (johndie) and password (passwrd) in /etc/ppp/chap-secrets as below: -
    # Secrets for authentication using CHAP
    # client server secret IP addresses

    shamsul pptpd passwrd *

    Step-4: Run the following command to enable the pptpd to start automatically in runlevel 3 and 5 as below: -
    #chkconfig --level 35 pptpd on
    Now, you can start the pptpd service as below: -
    #service pptpd start

    Step-5: For pptpd to work, the packet forwarding must be enabled. Edit /etc/sysctl.conf and change the line to below: -
    #vi /etc/sysctl.conf
    net.ipv4.ip_forward = 1

    To enable it immediately, run following command: -
    #sysctl -p
    Now test your setup by creating a vpn connection from any windows or linux pc.

    credit to: http://almamunbd.blogspot.com/2009/06/how-to-configure-vpn-pptp-server-on.html