Jun 14 2012

mysqldump: Got error: 1016: Can’t open file:

 
Issue: When you try to create a MySQL database dump, you may encounter the following error:

# mysqldump -u root -p database | gzip -9 > database.sql.gz
Enter password:
mysqldump: Got error: 1016: Can’t open file: ‘./database/some_table.frm’ (errno: 24) when using LOCK TABLES

Solution: Add --lock-tables=false to the mysqldump command:

# mysqldump -u root -p database --lock-tables=false | gzip -9 > database.sql.gz
Enter password:

Mar 26 2012

Install htop on CentOS 5.x

 
htop is an interactive process viewer for Linux, which is a powerful alternative to the ‘top’ utility. Some of the benefits of htop:

  • Supports mouse operation
  • Color formatted display
  • Scroll the list vertically and horizontally to see all processes and complete command lines
  • Kill a process through htop

To install htop on CentOS (5.X) via the yum package manager, the rpmforge package repository must be installed. Follow the instructions below to install the following RPM for your architecture (32bit or 64bit).

32-bit

# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
# rpm -Uhv rpmforge-release*.rf.i386.rpm

64-bit

# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
# rpm -Uhv rpmforge-release*.rf.x86_64.rpm

Now that the rpmforge repository is installed, you can install the htop package via yum.

# yum install htop

Oct 11 2011

Create a Self-Signed SSL Certificate with OpenSSL

 
This Self-Signed SSL Certificate was created on a server running CentOS 5.7 with Virtual Hosts and SELinux disabled.

Requirements:
– openssl
– mod_ssl
# yum install openssl mod_ssl

To begin, change to the following directory. We will temporarily create our SSL files here.

# cd /etc/pki/tls/certs/

Generate Your Private Key.

# openssl genrsa -des3 -out yourdomain_tld.key 2048

Generate Certificate Signing Request (CSR).

# openssl req -new -key yourdomain_tld.key -out yourdomain_tld.csr

Sign Certificate Signing Request (CSR).

# openssl x509 -req -days 5475 -in yourdomain_tld.csr -signkey yourdomain_tld.key -out yourdomain_tld.crt

Create a Backup of the Private Key.

# cp yourdomain_tld.key yourdomain_tld.key.secure

Remove the Pass-Phrase from the Private Key.

# openssl rsa -in yourdomain_tld.key.secure -out yourdomain_tld.key

Create the following directories.

# mkdir ssl.csr
# mkdir ssl.crt
# mkdir ssl.key

Move SSL files to the directories that were just created.

# mv yourdomain_tld.csr ssl.csr/
# mv yourdomain_tld.crt ssl.crt/
# mv yourdomain_tld.key ssl.key/
# mv yourdomain_tld.key.secure ssl.key/

Change permissions on the SSL files so they can only be read by the root user (-r--------).

# chmod 400 ssl.csr/yourdomain_tld.csr
# chmod 400 ssl.crt/yourdomain_tld.crt
# chmod 400 ssl.key/yourdomain_tld.key
# chmod 400 ssl.key/yourdomain_tld.key.secure

Edit Virtual Host Configuration File:

You will need to add the following at the top of your Virtual Host file (the asterisk can be replaced by your IP address):

NameVirtualHost *:443

Add a VirtualHost record similar to this:

<VirtualHost YourIPAddress:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ssl.crt/yourdomain_tld.crt
SSLCertificateKeyFile /etc/pki/tls/certs/ssl.key/yourdomain_tld.key
<Directory “/var/www/vhosts/yourdomain.tld/html”>
AllowOverride All
</Directory>
DocumentRoot /var/www/vhosts/yourdomain.tld/html
ServerName yourdomain.tld
</VirtualHost>

Quit and save the file and then restart Apache

# /etc/init.d/httpd restart

Configuring the firewall:

You should now have a site working over HTTPS using a self-signed certificate. If you can’t connect you may need to open the port on your firewall. To do this amend your iptables rules:

# iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# service iptables save

 

Description of Commands:

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

The genrsa command generates an RSA private key.

-des3
This option encrypts the private key with the triple DES cipher before outputting it.
-out “filename”
This specifies the output filename to write to or standard output by default.
-2048 [numbits]
The size of the private key to generate in bits. This must be the last option specified. The default is 512.

The req command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self signed certificates for use as root CAs for example.

-new
This option generates a new certificate request.
-key “filename”
This specifies the file to read the private key from.

The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a “mini CA” or edit certificate trust settings.

-req
By default a certificate is expected on input. With this option a certificate request is expected instead.
-days “arg”
Specifies the number of days to make a certificate valid for. The default is 30 days.
-in “filename”
This specifies the input filename to read a certificate from or standard input if this option is not specified.
-signkey “filename”
This option causes the input file to be self signed using the supplied private key.

The rsa command processes RSA keys.

Jul 31 2011

You down with NTP… Yeah you know me!

 
NTP stands for Network Time Protocol, and it is an Internet protocol used to synchronize the clocks of computers to some time reference.

Type the following command to install NTP.

# yum install ntp

Setup the time sync.

# echo 0.centos.pool.ntp.org > /etc/ntp/step-tickers

Set the run levels required for the ntpd service.

# chkconfig --level 345 ntpd on

Start the NTP service.

# service ntpd start

Once the clock is synchronized for the first time, run the following command to set the Hardware Clock to the current System Time.

# hwclock -w

Use either of the following commands verify if the NTP process is running:

# ps aux | grep ntpd
# pgrep -l ntpd

Description of the above commands:
ps – displays information about a selection of the active processes.
pgrep – looks through the currently running processes and lists the process IDs which matches the selection criteria to stdout.

Jul 24 2011

How to Enable AirPrint Service on Windows 7/Vista/XP (32-bit/64-bit)?

 
Requirements:

– iTunes 10.1 (or the latest version)
– iOS 4.X
– Make sure the printer is setup as a shared printer on your local PC
– Printer and iOS device should share the same Wifi connection
– Make sure you have full administrator privileges to enable/disable services on your PC

Steps to Enable AirPrint on Windows 7/Vista/XP:

1. Create an AirPrint folder.

For 64-bit Windows OS:

  • Go to C:\Program Files (x86) and create a new folder called AirPrint.

For 32-bit Windows OS:

  • Go to C:\Program Files and create a new folder called AirPrint.

2. Download AirPrint.zip and unzip it in the AirPrint folder you created in the above steps.

3. Go to Start -> run and type “cmd” to open the Windows Command Prompt.

4. Now use the following set of commands respective to your OS version:

For 64-bit Windows OS:

  • sc.exe create AirPrint binPath= “C:\Program Files (x86)\AirPrint\airprint.exe -s” depend= “Bonjour Service” start= auto
  • sc.exe start AirPrint

For 32-bit Windows OS:

  • sc.exe create AirPrint binPath= “C:\Program Files\AirPrint\airprint.exe -s” depend= “Bonjour Service” start= auto
  • sc.exe start AirPrint

5. As soon as you start the AirPrint service, Windows Firewall will prompt you to allow or deny AirPrint features to be shared over networks. Click on the Allow access button.

Finished. Now you can utilize the AirPrint feature on your iOS device to print any document, photo, email or webpage wirelessly over your Wifi connection.

 

[important]Update: 1/6/2012
Follow the instructions at the following link to enable AirPrint for Windows and your iOS 5 device.
How To: Enable AirPrint on Windows (32/64Bit) with iOS 5.x Support
[/important]

Feb 09 2011

Add Iptables Chain

 
Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel.

Add Chain Example (from command line):

Create a new chain in iptables:

# iptables -N chainname

Insert the chain into the input chain at the head of the list:

# iptables -I INPUT 1 -j chainname

Flush all the rules in the chain:

# iptables -F chainname

Some Iptables Commands in Detail:

-I, --insert chain [rulenum] rule-specification
Insert one or more rules in the selected chain as the given rule number. So, if the rule number is 1, the rule or rules are inserted at the head of the chain. This is also the default if no rule number is specified.

-L, --list [chain]
List all rules in the selected chain. If no chain is selected, all chains are listed.

-F, --flush [chain]
Flush the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one.

-N, --new-chain chain
Create a new user-defined chain by the given name.  There must be no target of that name already.

Feb 03 2011

Dynamic Firewall Rules

 
Would you like to block everyone from remotely accessing your server but still be able to access it from your dynamic IP address at home? To do this, you will need to create an account with a dynamic DNS service  provider (i.e. http://www.dyndns.com). Your home computer will tell the dynamic DNS service what your home computer’s external IP address is.

Now you will need to add rules on your firewall for the hostname.  However, since iptables does a single lookup when adding rules you will need a script to repeatedly lookup the IP for your home computer. The script below looks up up a hostname’s IP address, caches it to a directory, and adds a rule to allow it.  When the script observes that the host’s IP address has changed, the old IP is removed from iptables and the new IP is added.

You may want to put all your dynamic hosts into a separate chain. That way you can easily see what dynamic hosts are trusted.

HOST=$1
HOSTFILE=“/root/dynhosts/host-$HOST”
CHAIN=“dynamichosts” # change this to whatever chain you want.
IPTABLES=“/sbin/iptables”# check to make sure we have enough arguments passed.
if [ “${#@}” -ne “1” ]; then
echo “$0 hostname”
echo “You must supply a hostname to update in iptables.”
exit
fi

# lookup host name from DNS tables
IP=`/usr/bin/dig +short $HOST | /usr/bin/tail -n 1`

if [ “${#IP}” = “0” ]; then
echo “Couldn’t lookup hostname for $HOST, failed.”
exit
fi

OLDIP=“”
if [ -a $HOSTFILE ]; then
OLDIP=`cat $HOSTFILE`
# echo “CAT returned: $?”
fi

# save off new ip.
echo $IP>$HOSTFILE

echo “Updating $HOST in iptables.”
if [ “${#OLDIP}” != “0” ]; then
echo “Removing old rule ($OLDIP)”
`$IPTABLES -D $CHAIN -s $OLDIP/32 -j ACCEPT`

fi
echo “Inserting new rule ($IP)”
`$IPTABLES -A $CHAIN -s $IP/32 -j ACCEPT`

Now all you have to do to use this script is run:

# firewall-dynhosts.sh examplesite.dyndns.org

This would insert a rule for examplesite.dyndns.org into your firewall.

You can then create a script of trusted DNS hosts using cron.d. I have created the following cron job in the /etc/cron.d/ directory.

# Run the dynamic firewall script every (1) hour
0 * * * * root /script/location/firewall-dynhosts.sh examplesite.dyndns.org >/dev/null 2>&1

Done!

Thanks to Dave Horner’s Website for this information.

Feb 03 2011

Option to Create Virtual Private Network Connection is Grayed Out

 
Do you see the following when trying to create a Virtual Private Network Connection in Windows XP Pro?

If so, you will need to make sure that the following services are started and enabled.
– Telephony
– Remote Access Auto Connection Manager
– Remote Access Connection Manager

To check if the above services are started and enabled you will need to access Windows Services.

Listed below are a few different ways to access Windows Services using Windows XP Pro
Classic View
Start -> Control Panel -> Administrative Tools -> Services

Category View
Start -> Control Panel -> Performance and Maintenance -> Administrative Tools -> Services

Run Line
Start -> Run then type services.msc and press enter

If the Telephony column “Startup Type” is set to disabled you should right click on Telephony -> Properties and choose “Manual” from the “Startup type” drop down menu. Finally, check that “Remote Access Auto Connection Manager” and “Remote Access Connection Manager” have started.

You should now be able to create your Virtual Private Network Connection!