Hi Folks,

I’m Nakul M.  A Linux System administrator from India, I’ve created this blog as this would surely help me as well as colleagues when they’ve a task on hand.

If anyone has comments they can directly be mentioned under the post and any suggestions too.

You can contact me by emailing me at nakuls77@gmail.com I’ll be waiting for your comments & suggestions to my inbox too.

All the contents in my blog maybe found anywhere on the internet as the world is really small place especially on Google

So my request for all of you is not to think that the posts are ripped off, but just think that it’s a collection of helpful articles.

Thank you.
Nakul M.
Author nakuls77.wordpress.com

Free space on system partitions are very important.

We may get several problems if /usr /var /tmp or / partition run out of disk space.

I have created one simple shell script to check the percentage space used on different drive and sent a notification if any of partition usage exceeds the 90% you can modify it as pre needs and requirement.

#!/bin/bash

#################################################
# disk space usage alert #
#################################################

df -h | grep -v ‘Use’ | awk ‘{print $5″ : “$6}’ | replace ‘%’ ” > /tmp/disk-percent

for i in `cut -f 1 -d : /tmp/disk-percent`

do

if [ $i -ge "90" ];

then

echo partition `grep $i /tmp/disk-percent | cut -f 2 -d :` running out of disk space on `hostname` >> /tmp/disk-warning

fi

done

if [ -f /tmp/disk-warning ];
then

mail -s “URGENT `hostname` running out of disk space” administrator@mazhar.co.in /tmp/disk-percent

with

df -h | grep -v ‘home\|Use’ | awk ‘{print $5″ : “$6}’ | replace ‘%’ ” > /tmp/disk-percent

Create a file say /home/disk-monitoring.sh give executable permissions and add a cron to execute it after specific time intervals (say 3 hours)

0 */3 * * * /home/disk-monitoring.sh

If you are running apache, you will want to use our iframe filtering countermeasures. To do so, you will need to

downloads two files:

remove-bad-iframes.txt

and

00_ASL_iframe_protection.conf

This will automatically clean all your websites and remove any iframes that would include trojans, etc. targeted at your users. Install the 00_ASL_iframe_protection.conf file in your /etc/httpd/conf.d directory, and the remove-bad-iframes.txt in /etc/asl.

Originally posted on : gotroot.com

Iframe attacks seem to be taking a hold with many vulnerable websites. The problem obviously being vulnerable ap plications, which we would all like to see fixed. However, not everyone can be so lucky as to have either perfect applications, or perfect countermeasures against these vulnerabilities. Enter output filtering. We’ve put together a special set of rules for anyone running apache. This will filter out all your iframe attacks.

More info about Iframes;

IFrame (from Inline Frame) is an HTML element which makes it possible to embed an HTML document inside another HTML document.

The size of the IFrame can be specified in the surrounding HTML page, so that the surrounding page can already be presented in the browser while the IFrame is still being loaded. The IFrame behaves much like an inline image and the user can scroll it out of view. On the other hand, the IFrame can contain its own scroll bar, independent of the surrounding page’s scroll bar.

While regular frames are typically used to logically subdivide the content of one website, IFrames are more commonly used to insert content (for instance an advertisement) from another website into the current page.

The following is an example of an HTML document containing an IFrame:

====================================================
<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”
“http://www.w3.org/TR/html4/loose.dtd”>
<html>
<head>
<title>Example</title>
</head>
<body>
The material below comes from the website http://example.com
<iframe src=”http://example.com” height=”200″>
Alternative text for browsers that do not understand IFrames.
</iframe>
</body>
</html>
====================================================

The embedded document can be changed without reloading the surrounding page, by using the “target” attribute of an HTML anchor or by employing JavaScript. This makes many interactive applications possible, and IFrames are therefore commonly used by Ajax applications. The main alternative to using an IFrame in these situations is editing a document’s DOM tree. Sometimes invisible IFrames are also used for asynchronous communication with the server, as an alternative to XMLHTTPRequest.

More recently, Mozilla Firefox, Opera and Microsoft Internet Explorer introduced contentEditable and designMode, which enables users to edit the contents of the HTML contained in an IFrame. This feature has been used to develop rich text (WYSIWYG) editors within an IFrame element like FCKeditor or TinyMCE. Popular web applications which make use of this feature include Google Docs & Spreadsheets (formerly Writely), JotSpot Live, and Windows Live Hotmail, to name a few.

First introduced by Microsoft Internet Explorer in 1997 and long only available in that browser, iframes eventually became supported by all major brands.

Security Issues

IFrames have been implicated in many malicious code attacks, due to a series of common vulnerabilities. This was evident in many 2007 web based threats, notably the so-called Italian Job of June, 2007.[1] An IFrame can be planted on an unsuspecting legitimate website, leading the casual viewer into an infection threat. This may happen when a site is cracked, or more easily, when a site forwards results of local searches to global search engines. On such a site, the cracker only needs to perform a search that includes a malicious IFrame; a user who clicks the search result in the global search engine will be infected.

Hello Folks,

Been busy fro the last couple of months, so didn’t get time to place new posts. But I’ve started again where I left this blog behind and I do promise that I’ll keep this blog updated.

I’ve also received many comments since I started publishing this blog and it’s always great to know that people know you over the Internet and also praise for what you do, the experience is always exciting.

Recently I got a book gifted from packtpub for creating this blog. I’m really thankful to them, I was able to discover new things, I wasn’t aware while using PHPMyAdmin.

I was great receiving a fantastic book which can provide extensive knowledge. I’ve read the book and I’m sure that people who read this book would also be the same and would also like to thank the great author of this book Mr. Marc Delisle

Info about the Author;

Marc Delisle is a member of the MySQL Developers Guild – which regroups community developers – because of his involvement with phpMyAdmin. He started to contribute to this popular MySQL web interface in December 1998, when he made the first multi-language version. He has been actively involved with the phpMyAdmin project since May 2001 as a developer and project administrator. He has worked since 1980 at Collège de Sherbrooke, Québec, Canada, as an application programmer and network manager. He has also been teaching networking, security, Linux servers, and PHP/MySQL application development. In one of his classes, he was pleased to meet a phpMyAdmin user from Argentina

Info about the publishers;

Packt is a unique publishing company specializing in highly focused books on specific technologies and solutions.

You can also review the book on Amazon.com

Last but not the least I would really thank Packtpub for gifting me such a wonderful resource and the author of this book who’s been writing such great stuff. I would also like everyone interested in exploring PHPMyAdmin should get this book.

Regards,
Nakul M.

==== pre-SVN configuration ====

* Plesk 8.0

* CentOS

* Root access via SSH

* Subdomain setup via Plesk 8.0 Administrator page. In my case, I used svn.my-domain.com as the sub domain

* A folder /var/svnrepo/ is used to house my SVN repository.

After you created the subdomain for your domain, you can proceed to the next step: installing Subversion

==== A. Installing Subversion ====

To install subversion, all you have to do is SSH into the box as the root user. (# denotes the root prompt)

* #yum install subversionThis command will painlessly install the subversion package to the CentOS.

* #cd /etc/httpd/modulesChange the current directory to the modules folder of Apache, where all the plugins of Apache are installed.

* #yum mod_dav_svnThis command will install the mod_dav_svn to apache

* #svn –versionThis command will ensure that you have successfully installed subversion. (At the current time of writing, the version of this SVN package is 1.1.4, while the current version of SVN is 1.4 — maybe another article on how to upgrade SVN?)

* #mkdir /var/svnrepoThis is our root repository.

* #svnaddmin create /var/svnrepoThis command will create a subversion repository in the /var/svnrepo folder.

* #chmod -R 777 /var/svnrepoChanging the permision of svnrepo folder to allow Apache/Subversion to have read/write rights. Without changing the permissions, you will get an error when you are trying to access the repository via your browser.

==== B. Configuring Apache ====

So with the painless installation of Subversion, now we can configure Apache to begin to serve our repository. First of all, you will need to make sure that Apache is loading the mod_dav_svn.so file. Personally, I like to use mc (Midnight Commander) for text-editting ((( *) I can use VI but it’s not on my list of user-friendly software so I opt for a more “notepad-like” text editor. If you don’t have Midnight Commander installed, run **#yum install mc** and that should take care of it. The nto run Midnight Commander, just type in #mc. If you use Putty like I do, use **#mc -a** instead to get a nicer frame instead of the weird ASCII characters.)).

* Open the file **/etc/httpd/conf/httpd.conf**

* Search for **mod_dav_svn.so** in the Modules section. If you don’t find this line in **httpd.conf**, then check the folder /etc/httpd/conf.d/ for other .conf files. I have a subversion.conf file here which is included in the main **/etc/httpd/conf/httpd.conf** at initialization time. In this subversion.conf file, there are these 2 lines to make sure that Apache loads the SVN modules:

#File: /etc/httpd/conf.d/subversion.conf

LoadModule dav_svn_module modules/mod_dav_svn.so

LoadModule authz_svn_module modules/mod_authz_svn.so

Cool! Apache does load the Subversion modules. Now we need to configure our subdomain created using Plesk earlier to use with Subversion. But let’s go over how Plesk organizes our file system.

==== C. Working with Plesk: The primer ====

If you’d like to by-pass the web-based administration page of Plesk and do some advanced customization, then here is how Plesk is organizing the files system:

* Web-docs (your domains) are stored under **/var/www/vhosts/**

* Custom configuration for your domain is stored under **/var/www/vhosts/[you_domain_name]/conf/vhost.conf**

* The **httpd.include** file in **/var/www/vhosts/[you_domain_name]/conf/** will be overwritten everytime you use the web-based Plesk to update your domain configuration. Hence manual updates of this file is NOT advisible. Your changes will be lost, so why bother. If you want to customize the domain, create a **vhost.conf** file in the conf/ folder instead.

* Similarly, for sub-domains, the main .conf file are **/var/www/vhosts/[you_domain_name]/subdomains/[you_subdomain_name]/conf/vhost.conf**. All you have to do is to create this vhost.file and it will be automatically included in the main httpd.conf file of apache.

Also,

* Only **Root users** can create vhost.conf files.

* After you make changes to the conf files, you have to tell Plesk to reload the new configuration. To do so, run#/usr/local/psa/admin/sbin/websrvmng –reconfigure-vhost –vhost-name=

For more information, please consult the [[http://download1.swsoft.com/Plesk/Plesk7.5/Doc/plesk-7.5r-admins-guide-html/apas02.html|Plesk’s Admins Guide on sub-domain customization]]

==== D. Customizing Sub-Domain configurations ====

As I created a subdomain “svn” for my site, makefun.us, I had to create a vhost.conf file under **/var/www/vhosts/makefun.us/subdomains/svn/conf/vhost.conf**. Also, my repository is under **/var/svnrepo/**, so here is the content of the vhost.conf file

#svn.makefun.us — vhost.conf file

DAV svn

SVNPath /var/svnrepo/

AuthType Basic

AuthName “Makefun.us Subversion Repository”

AuthUserFile /etc/svn-auth-file

Require valid-user

First of all, with **DAV svn** we ask Apache to hand over to the mod_dav_svn module when there’s a request to **http://svn.makefun.us** (the location /). Then we specify the **repository’s root** at **/var/svnrepo/**. Then we specify that this is a private repository by asking Apache to provide **Basic Authorization** (which means the authenticated password will be transmitted as text via the wire). Well, we name our private zone the “Makefun.us Subversion Repositor” and the user accounts are stored in **/etc/svn-auth-file**. Finally, to access the repository via the web, the user must be able to authenticate — as we only allow valid-user to access (Require valid-user)

Next, I created a new user account for myself so that I can access the repository:

#htpasswd -c /etc/svn-auth-file my_user_name

At this point, you can either restart Apache by running **#server httpd restart** or just use the **websrvmng** of Plesk to pick up the new configuration. I just restarted Apache.

If everything works out correctly for you, if you point your browser to **http://svn.yourdomain.com**, you would see a prompt for username and password. Enter your just created account, you can access to your very own the SVN repository

 

This is a quick summary for this process so that I can refer to it later on, and hopefully someone will find it useful as well.

Memcached requires libevent to handle its network IO stuff. The bundled libevent in the standard yum repository is old so it’s pretty useless. The newer versions memcached runs on newer libevent library so I ended up compiling libevent and memcached from the latest stable sources. I’m using libevent-1.4.4-stable and memcached-1.2.5.

First off, uninstall the libevent that yum may have installed on your machine

# sudo yum remove libevent

Download the sources for libevent and memcached , unzip( # gunzip *.gz ), untar (# tar -xvf *.tar), CD to the libevent folder. We will compile the libevent first.

# ./configure –prefix=/usr/local

# make

# make install

Basically we are telling libevent to install itself under /usr/local/lib/. When we compile memcached, we need to point it to the correct location as well. Once libevent is done installing (it’s really quick), we can move on and complie memcached.

CD to the un-tar memcached folder,

# ./configure –with-lib-event=/usr/local/

# make

# make install

After memcached is installed, you can try

# memcached

In my situation, I ran into an error

error while loading shared libraries: libevent-1.4.so.2: cannot open shared object file: No such file or directory

It turned out that the new libevent get installed, it doesn’t “register” the actual library file (similar to DLL on Windows) with the system. When Memcached runs, it tries to look for the libevent-1.4.so.2 file but since libevent is still playing hide and seek somewhere, memcached cries.

To fix this, we need to manually load the libevent library file into the system via the ld configuration. From the man page of ld:

ld combines a number of object and archive files, relocates their data and ties up symbol references. Usually the last step in compiling a program is to run ld.

I like to think ld as the regsrv32 used to register DLL’s on Windows. Now to fix up the reference to the libevent so file, we need to create a file under /etc/ld.so.conf.d/

# vi /etc/ld.so.conf.d/libevent-i386.conf

then enter

/usr/local/lib/

Write and quit (:wq!)

The path in the libevent-i386.conf is the path where the actual .so files are located at. We set this path when we run the ./configure –prefix=/usr/local/ during the libevent compilation. Reloading the ld configuration with

# ldconfig

now, you can start memcached in verbose mode (-vv) for testing

# memcached -vv

If you see something like ..

slab class 1: chunk size 104 perslab 10082

slab class 2: chunk size 136 perslab 7710

slab class 3: chunk size 176 perslab 5957

slab class 4: chunk size 224 perslab 4681

slab class 5: chunk size 280 perslab 3744

….

slab class 37: chunk size 367192 perslab 2

slab class 38: chunk size 458992 perslab 2

<6 server listening

<7 send buffer was 126976, now 268435456

<7 server listening (udp)

Congratulations! Memcached is up and running!

This installs:

MySQL 4.0.23

OpenSSL 0.9.7e

Apache 1.3.33

  + mod_ssl 2.8.22-1.3.33

  + mod_perl 1.29 (static)

  + mm 1.3.1

Perl 5.8.5 (plus RT-required modules)

PHP 4.3.10

Request Tracker 3.2.3
 

GET ALL REQUIRED SOURCE PACKAGES AND UNPACK

mkdir -p /usr/local/src

cd /usr/local/src

wget http://www.perl.com/CPAN/src/perl-5.8.5.tar.bz2

wget http://mysql.he.net/Downloads/MySQL-4.0/mysql-4.0.23.tar.gz

wget http://www.openssl.org/source/openssl-0.9.7e.tar.gz

wget ftp://ftp.ossp.org/pkg/lib/mm/mm-1.3.1.tar.gz

wget http://www.modssl.org/source/mod_ssl-2.8.22-1.3.33.tar.gz

wget http://perl.apache.org/dist/mod_perl-1.29.tar.gz

wget http://apache.swift-networks.com/httpd/apache_1.3.33.tar.gz

wget http://us2.php.net/distributions/php-4.3.10.tar.bz2

wget http://download.bestpractical.com/pub/rt/release/rt-3.2.3.tar.gz

wget http://easynews.dl.sourceforge.net/sourceforge/expat/expat-1.95.8.tar.gz

tar zxf mysql-4.0.23.tar.gz

bunzip2 perl-5.8.5.tar.bz2

tar xf perl-5.8.5.tar

tar zxf openssl-0.9.7e.tar.gz

tar zxf mm-1.3.1.tar.gz

tar zxf mod_ssl-2.8.22-1.3.33.tar.gz

tar zxf mod_perl-1.29.tar.gz

tar zxf apache_1.3.33.tar.gz

bunzip2 php-4.3.10.tar.bz2

tar xf php-4.3.10.tar

tar zxf rt-3.2.3.tar.gz

tar zxf expat-1.95.8.tar.gz

chown -R root.root *

ADD RT USER/GROUP

groupadd rt

useradd -g rt -c “RT User” -d /dev/null -s /sbin/nologin rt
 

INSTALL/UPGRADE PERL

cd /usr/local/src/perl-5.8.5

rm -f config.sh Policy.sh

sh Configure \

-Duseshrplib=y \

-des

make && make test && make install

/usr/local/bin/perl -MCPAN -eshell

# manual steps here:

# – selecting the “follow” option during initial Perl setup will make

# installation of RT dependency Perl modules later much easier and

# more automated.

# – install Bundle::CPAN

# – install LWP::UserAgent (mod_perl will need this later)
 

Install MySQL 4.0.23

groupadd mysql

useradd -g mysql -c “MySQL Server” -d /dev/null -s /sbin/nologin mysql

cd /usr/local/src/mysql-4.0.23

./configure \

–prefix=/opt/mysql \

–localstatedir=/opt/mysql/data \

–disable-maintainer-mode \

–with-mysqld-user=mysql \

–with-unix-socket-path=/tmp/mysql.sock \

–without-comment \

–without-debug \

–without-bench

make && make install

./scripts/mysql_install_db

chown -R root:mysql /opt/mysql

chown -R mysql:mysql /opt/mysql/data

cp support-files/my-medium.cnf /etc/my.cnf

chown root:sys /etc/my.cnf

chmod 644 /etc/my.cnf

echo “/usr/local/mysql/lib/mysql” >> /etc/ld.so.conf

ldconfig

cd /opt/mysql/bin

for file in *; do ln -s /opt/mysql/bin/$file /usr/bin/$file; done

# manual step – edit /etc/my.cnf for security reasons

# see my notes (http://www.lamphowto.com/linux/lampssl.htm) for info

# DO NOT remove the test database yet – we’ll need it later to install DBD::Mysql

cd ~

/etc/rc.d/rc3.d/S90mysql start

mysqladmin -u root password new-password
 

BUILD OPENSSL

cd /usr/local/src/openssl-0.9.7e

./config \

–prefix=/usr/local/openssl \

-fPIC

make && make test && make install
 

BUILD MM

cd ../mm-1.3.1

./configure \

–disable-shared \

–with-pic

make && make install

echo “/usr/local/lib” >> /etc/ld.so.conf

ldconfig
 

CONFIGURE MOD_SSL

cd ../mod_ssl-2.8.22-1.3.33

./configure \

–with-apache=../apache_1.3.33 \

–with-ssl=../openssl-0.9.7e \

–with-mm=../mm-1.3.1
 

CONFIGURE MOD_PERL

cd ../mod_perl-1.29

perl Makefile.PL \

EVERYTHING=1 \

APACHE_SRC=../apache_1.3.33/src \

USE_APACI=1 \

PREP_HTTPD=1 \

DO_HTTPD=1

make && make install
 

CONFIGURE APACHE

cd ../apache_1.3.33

SSL_BASE=../openssl-0.9.7e \

EAPI_MM=../mm-1.3.1 \

./configure \

–prefix=/usr/local/apache \

–enable-module=ssl \

–enable-shared=ssl \

–enable-module=rewrite \

–enable-module=most \

–enable-module=so \

–enable-shared=max \

–activate-module=src/modules/perl/libperl.a \

–enable-module=perl

make

make certificate TYPE=custom

make install
 

INSTALL PHP

cd ../php-4.3.10

CFLAGS=’-O2 -I/usr/local/src/openssl-0.9.7e -DEAPI’ \

./configure \

–with-apxs=/usr/local/apache/bin/apxs \

–disable-debug \

–enable-calendar \

–enable-exif \

–enable-ftp \

–enable-inline-optimization \

–enable-magic-quotes \

–enable-mbstring \

–enable-safe-mode \

–enable-sockets \

–enable-track-vars \

–enable-trans-sid \

–enable-wddx=shared \

–enable-xml \

–with-bz2 \

–with-gd \

–with-gettext \

–with-jpeg-dir \

–with-mime-magic \

–with-mysql=/opt/mysql \

–with-mysql-sock=/tmp/mysql.sock \

–with-openssl=/usr/local/openssl \

–with-pear \

–with-png-dir \

–with-regex=system \

–with-xml \

–with-zlib \

–with-zlib-dir=/usr/lib

make && make install

cp php.ini-dist /usr/local/lib/php.ini

# manual step – wrote PEAR system config file at: /usr/local/etc/pear.conf

# Add /usr/local/lib/php to /usr/local/lib/php.ini (include_path)
 

INSTALL RT DEPENDENCY PERL MODULES

# first install expat (http://sourceforge.net/projects/expat/)

cd /usr/local/src/expat-1.95.8

./configure

make && make install

Install CORE dependencies

cd /usr/local/src

perl -MCPAN -e’install URI’

wget http://cpan.org/modules/by-module/Net/Net_SSLeay.pm-1.25.tar.gz

tar zxf Net_SSLeay.pm-1.25.tar.gz

cd Net_SSLeay.pm-1.25

echo “/usr/local/openssl” >> openssl_path

perl Makefile.PL /usr/local/openssl -t

make && make test

# an error on www.ubs.com is ok

make install

RT does provide an ‘auto-install‘ script that should get all the Perl modules in place for you. Try it with the command:

make fixdeps

If it doesn’t work for you, here is a list of the Perl modules you will need, grouped in some semblance of order and sequence to eliminate dependency errors:

perl -MCPAN -e’install IO::Socket::INET’

perl -MCPAN -e’install IO::Socket::SSL’

perl -MCPAN -e’install Module::Build’

perl -MCPAN -e’install Params::Validate’

perl -MCPAN -e’install DBI’

perl -MCPAN -e’install Apache::DBI’

perl -MCPAN -e’install Test::Inline’

perl -MCPAN -e’install Class::ReturnValue’

perl -MCPAN -e’install DBIx::SearchBuilder’

perl -MCPAN -e’install Text::Template’

perl -MCPAN -e’install HTML::Entities’

perl -MCPAN -e’install HTML::Scrubber’

perl -MCPAN -e’install Log::Dispatch’

perl -MCPAN -e’install Locale::Maketext::Lexicon’

perl -MCPAN -e’install Locale::Maketext::Fuzzy’

perl -MCPAN -e’install MIME::Entity’

perl -MCPAN -e’install Mail::Mailer’

perl -MCPAN -e’install Text::Wrapper’

perl -MCPAN -e’install Time::ParseDate’

perl -MCPAN -e’install Text::Autoformat’

perl -MCPAN -e’install Text::Quoted’

perl -MCPAN -e’install Tree::Simple’

perl -MCPAN -e’install Module::Versions::Report’

perl -MCPAN -e’install XML::Parser’

perl -MCPAN -e’install FCGI’
 

DEV dependencies:

perl -MCPAN -e’install Regexp::Common’

perl -MCPAN -e’install Test::Inline’

perl -MCPAN -e’install Test::Memory::Cycle’

perl -MCPAN -e’install Test::Pod’

perl -MCPAN -e’install Test::Pod::Coverage’

perl -MCPAN -e’install Test::Taint’

perl -MCPAN -e’install Test::Warn’

perl -MCPAN -e’install Apache::Test’

 

# enter /usr/local/apache/bin/httpd for httpd location

# enter /usr/local/apache/bin/apxs for apxs location

perl -MCPAN -e’install HTML::Form’

# answer ‘y’ to libwww app installation

perl -MCPAN -e’install HTML::TokeParser’

wget http://cpan.org/modules/by-module/WWW/WWW-Mechanize-1.12.tar.gz

tar zxf WWW-Mechanize-1.12.tar.gz

cd WWW-Mechanize-1.12

perl Makefile.PL

make && make install
 

MAILGATE dependencies

perl -MCPAN -e’install HTML::TreeBuilder’

perl -MCPAN -e’install HTML::FormatText’
 

MASON dependencies

perl -MCPAN -e’install Params::Validate’

perl -MCPAN -e’install Cache::Cache’

perl -MCPAN -e’install Exception::Class’

perl -MCPAN -e’install HTML::Mason’

perl -MCPAN -e’install MLDBM’

perl -MCPAN -e’install FreezeThaw’

perl -MCPAN -e’install Apache::Session’

perl -MCPAN -e’install XML::RSS’
 

MYSQL dependency

# this step requires the ‘test’ database to still be installed for MySQL

wget http://cpan.org/modules/by-module/DBD/DBD-mysql-2.9005_3.tar.gz

tar zxf DBD-mysql-2.9005_3.tar.gz

cd DBD-mysql-2.9005_3

perl Makefile.PL \

–libs=”-L/opt/mysql/lib/mysql -lmysqlclient -lz” \

–cflags=-I/opt/mysql/include/mysql \

–testuser=xxx \ # <- enter your MySQL root username (usually ‘root’)

–testpassword=yyy # <- enter your MySQL root user password

make && make test && make install
 

INSTALL REQUEST TRACKER

cd /usr/local/src/rt-3.2.3

./configure \

–prefix=/opt/rt \

–exec-prefix=/opt/rt \

–with-bin-owner=root \

–with-db-database=tickets \ <- this is the database name RT will use

–with-db-dba=sqladmin \ <- put in your MySQL root username here

–with-db-host=localhost \

–with-db-rt-host=localhost \

–with-db-rt-pass=t1cket \ <- this is the password for the RT MySQL user

–with-db-rt-user=rt_user \ <- this is the username for the RT MySQL user

–with-db-type=mysql \

–with-libs-owner=root \

–with-libs-group=bin \

–with-rt-group=rt \

–with-web-group=httpd \ <- this needs to match httpd.conf

–with-web-user=httpd <- this needs to match httpd.conf

make testdeps

make install

make initialize-database

cd /opt/rt/etc

cp RT_Config.pm RT_SiteConfig.pm

#edit RT_SiteConfig.pm and make relevant changes

# – rtname, Organization, Timezone, OwnerEmail, RTAddressRegexp,

# CanonicalizeEmailAddressMatch, CanonicalizeEmailAddressReplace,

# FriendlyFromLineFormat, FriendlyToLineFormat,

# RT::WebPath
 

CONFIGURE APACHE

Edit /usr/local/apache/httpd/conf/httpd.conf, and add:

NameVirtualHost ip.ad.re.ss

<VirtualHost xx.xx.xx.xx:80>

ServerName host.domain.tld

ServerAdmin email@host.domain.tld

DocumentRoot /home/rt/share/html

AddDefaultCharset UTF-8

PerlModule Apache::DBI

PerlRequire /home/rt/bin/webmux.pl

ErrorLog /var/log/httpd/rt-error_log

CustomLog /var/log/httpd/rt-access_log common

<Location />

SetHandler perl-script

PerlHandler RT::Mason

</Location>

</VirtualHost>

# need to add the step for SSL vsite as well

/usr/local/apache/bin/apachectl stop

/usr/local/apache/bin/apachectl start

Remember that when logging into RT for the first time, use the username

root with password password (and then change the password right away!)
Originally posted on : brucetimberlake.com

SSH to your server as root and change directory to:
/usr/share/zoneinfo

Perform an ls –l on the directory and you will see a variety of timezones. To set the server’s local timezone, you will want to copy the timezone file for your timezone and replace the file called /etc/localtime.

For example:
cp EST /etc/localtime

Now that you have configured the proper timezone for your server, you will want to have the time adjusted for your timezone. Perform the following command to have your server contact a remote NTP server and re-establish the proper time:

rdate -s time.nist.gov

Afterwards, you will want to set your hardware clock to the same as well. Use the following command to do this:
/sbin/hwclock –systohc

And that’s it you’ve sucessfully set the date & time as per your preferance.

City	Country	GMT +/- Hrs
Abu Dhabi	UAE	+4
Addis Ababa	Ethiopia	+3
Amsterdam	Netherlands	+1
Anchorage	Alaska	-10
Antigua	West Indies	-4
Athens	Greece	+2
Auckland	New Zealand	+12
Baghdad	Iraq	+3
Bahrain	Bahrain	+4
Bangkok	Thailand	+7
Barbados	Bermuda	-4
Bogotá	Colombia	-4
Bombay	India	+5.5
Boston	USA	-5
Brisbane	Australia	+10
Brisbane	Belgium	+1
Budapest	Hungry	+1
Cairo	Egypt	+2
Calcutta	India	+5.5
Caracas	Venezuela	-4
Chicago	USA	-6
Colombo	Sri Lanka	+5.5
Copenhagen	Denmark	+1
Dacca	Bangladesh	+6
Darwin	Australia	+9.5
Delhi	India	+5.5
Detroit	USA	-5
Dhahran	Saudi Arabia	+3
Dubai	U.A.E.	+4
Entebbe	Uganda	+3
Frankfurt	Germany	+1
Georgetown	Guyana	+1
Hong Kong	Hong Kong	+8
Honolulu	Hawaii	-10
Istanbul	Turkey	+2
Jeddah	Saudi Arabia	+3
Khartoum	Sudan	+2
Kingston	Jamaica	-5
Kuala Lumpur	Malaysia	+8
Kuwait	Kuwait	+3
Leningrad	Russia	+2
Lima	Peru	-5
London	England	0
Los Angeles	USA	-8
Lusaka	Zambia	+2
Madrid	Spain	+1
Mauritius	Mauritius	+4
Melbourne	Australia	+10
Mexico City	Mexico	-6
Miami	USA	-5
Montreal	Canada	+5
Manila	Philippines	+8
Moscow	Russia	+3
Nairobi	Kenya	+3
Nadi	Fiji	+12
New York	USA	-5
Nicosia	Cyprus	+2
Osaka	Japan	+9
Oslo	Norway	+1
Paris	France	+1
Perth	Australia	+8
Prague	Czechoslovakia	+1
Rome	ltaly	+1
St. Lucia	West Indies	-4
Seychelles	Seychelles Island	+4
Singapore	Singapore	+8
Stockholm	Sweden	+1
Sydney	Australia	+10
Tokyo	Japan	+9
Toronto	Canada	-5
Valetta	Malta	+1
Vienna	Austria	+1
Washington	USA	+5
Zurich	Switzerland	+1

Changing the SSH port & disabling root login is something that everyone should do as it adds an extra level of protection to your server.

Login to your server using root

Edit /etc/sshd/sshd_config

At the top of the file, you will see something similar to:
Port 22
Protocol 2, 1

Change the Protocol line to 2

The port option, it really is up to you what port you use. Just make sure with netstat that it is not being used for anything else. Some common secondary SSH ports are 1024 or 2222.

Scroll down and disable direct root login
PermitRootLogin no

If there is a # in front of the line, make sure to remove it. Now just save the file and exit your editor.

Restart SSH:
/etc/init.d/sshd restart

That’s it, try opening a new session without closing the existing one, just in case you need to roolback the changes or edit anything and check ifi t’s done.