Mezgani blog

February 12, 2013

Installing smog mongodb viewer

Filed under: linux, system — Tags: , — Ali MEZGANI @ 2:02 am

First of all install dependency packages
sudo apt-get update && apt-get install git-core curl build-essential openssl libssl-dev

Install Node.js & NPM
git clone https://github.com/joyent/node.git
cd node

Run git tag to show all available versions
git tag -l

select the latest stable.
git checkout v0.9.9

Run configure and make
./configure
make
sudo make install

Get npm Node package manager using curl
curl https://npmjs.org/install.sh | sudo sh

Install smog using node package manager by running
npm install smog -g

Start smog on background:
smog&

smog will start on default port 8080

Repair mongodb on a bad shutdown

Filed under: database, debian, linux — Tags: , — Ali MEZGANI @ 1:24 am

On my Debian box i run, and that should work also on Ubuntu :

sudo rm /var/lib/mongodb/mongod.lock
sudo mongod –dbpath /var/lib/mongodb –repair
sudo chown mongodb /var/lib/mongodb/*
sudo service mongodb start

February 11, 2013

How to create an Apache Module

Filed under: linux, system — Tags: , , , — Ali MEZGANI @ 8:49 pm

1. Use apxs2 to create a skeleton module named mod_hello:
apxs2 -g -n hello

2. Modify the automatically generated mod_hello.c file:
3. Run make and install the .so file into Apache’s libexec directory
apxs2 -iac mod_hello.c
4. Modify httpd.conf to load the module and to install it as the content handler for the URL of your choice:

# httpd.conf
LoadModule hello_module libexec/mod_hello.so

<Location /hello_demo>
SetHandler hello
</Location>

February 8, 2013

How to deploy PHP/MySQL web application with several external dependancies, across multiple Linux platforms

If you would create a deployment system for PHP/MySQL web application with several external dependancies, across multiple *nix platforms usually you can use rsync or may be scp, git, and pear for dependencies and some custom scripts.

In the fact, there are a nice solution and interesting one based on three tools : capistrano, jenkins and composer

Capistrano to deploy project to remote servers and be able to rollback when screw up.
Capistrano is a nice ruby application that can perform pre and post-deploy functions like restarting webserver, busting cache, renaming files, running database migrations, with capistrano we can easily copy code from source ( control repository ) to production server.

Capistrano by itself isn’t enough to make my deployment complete, that why my capistrano script will runs composer on the app to gather dependencies.

First , you can get capistrano using gem like that:
sudo gem install capistrano
sudo gem install capistrano-ext

You may get composer using git like this, run :
git clone https://github.com/composer/composer.git

In general, you’ll use Capistrano as follows:

You will create a recipe file (“capfile” or “Capfile”) usgin capify command line as follow :
capify .
This will create config directory and a deploy.rb file that we will edit
vim confing/deploy.rb

deploy.rb is ruby file with a very simple syntax, here is my recipe file that i use to deploy my blog:



set :application, "blog"
#You probably want to change this to be the location of the repo you just forked
set :repository,  "git://github.com/WordPress/WordPress.git"

set :php_bin, "/usr/bin/php"

#The following is not the document root, but just the app root 
set :deploy_to, "/home/mezgani/www/#{application}/"

set :current, "/home/mezgani/www/#{application}/current"

role :web, "server1", "server2"                          # Your HTTP server, Apache/etc
role :app, "server1", "server2"                          # This may be the same as your `Web` server
role :db,  "database-server", :primary => true # This is where Rails migrations will run
role :db,  "database-server"

set :local_path, "/home/mezgani/config/wordpress/config"

# SSH Settings
set :user, "mezgani"
#set :password, "password"
ssh_options[:keys] = %w(/home/user/.ssh/id_rsa) # SSH key
ssh_options[:port] = 22

#########################
#things you'll probably not change, unless you know what you're doing 
###########################
# If you aren't using Subversion to manage your source code, specify
# your SCM below:
# set :scm, :subversion
set :scm, :git

#the following is needed because if it's not there, for some reason we don't get
#asked to accept the key from github..annoying when deploying to a new server
default_run_options[:pty] = true

#since this is PHP, we don't really need to restart apache or anything
set :use_sudo, true 

#ssh agent forwarding..
ssh_options[:forward_agent] = true

#A lot of this stuff has been overridden for PHP/Non Rails magic

namespace :deploy do
  
  task :default do
    update
    finalize_update
    composer
  end
  
  
  task :finalize_update, :except => { :no_release => true } do
    run "chmod -R g+w #{latest_release}" if fetch(:group_writable, true)
    run "cp -fr #{current}/wp-content #{shared_path}/"
    run "cp #{current}/.htaccess #{shared_path}/"
    run "cp #{current}/wp-config.php #{shared_path}/configs/"
    run "cp #{shared_path}/configs/wp-config.php #{latest_release}/"
    run "cp -fr #{shared_path}/wp-content #{latest_release}/"
    run "chmod -R 777 #{latest_release}/wp-content"
    run "cp #{shared_path}/.htaccess #{latest_release}/"
  end
end 

task :composer do
  top.upload("#{local_path}/composer.json", "#{shared_path}/install", {:via => :scp, :recursive => true})
  run "cd #{shared_path}/install && curl -s http://getcomposer.org/installer | #{php_bin}"
  run "cd #{shared_path}/install && ./composer.phar install"
end

task :setup do
  run "sudo apt-get install curl"
  run "mkdir #{shared_path}/"
  run "mkdir #{shared_path}/install/"
  run "mkdir #{shared_path}/configs/"
  
  set(:wp_environment_ready, Capistrano::CLI.ui.ask("Is wp-config.php ready for this environment? (yes/no): "))
  if wp_environment_ready == 'yes'
    #top.upload("htdocs/wp-config.php", "#{shared_path}/configs/wp-config.php", :via => :scp)
    run "cp #{deploy_to}/wp-config.php #{shared_path}/configs/wp-config.php "
  end
  run "mkdir #{shared_path}/wp-content"
  run "mkdir #{shared_path}/wp-content/uploads"
end

Before deploy we have to define a composer.json file that defines all
the dependencies my application has, whether they’re composer enabled or not.

Edit composer.json, specify your dependencies and run composer on capistrano to get the dependencies:
vim composer.json

Finally, use the cap script to execute your recipe. Use the cap script as follows:
cap deploy

June 25, 2012

HSRP simple example

Filed under: routing — Tags: , , — Ali MEZGANI @ 12:48 am

Let’s talk about too routers A and B that use the HSRP protocole against tolerance fault and attack.

The router A use the IP address 192.168.0.2 with a mask 255.255.255.0
The router B use the IP address 192.168.0.3 with a mask 255.255.255.0

So, the virtual IP address is 192.168.0.1 and is set as default gateway as:

Router A
interface Ethernet 0/0
ip address 192.168.0.2 255.255.255.0
standby 10 priority 100 preempt
standby 10 ip 192.168.0.1

Router B
interface Ethernet 0/0
ip address 192.168.0.3 255.255.255.0
standby 10 priority 80
standby 10 ip 192.168.0.1

June 20, 2012

Upgrade FreeBSD 8.1 to 9.0 stable release

Filed under: system — Tags: — Ali MEZGANI @ 12:54 am

For upgrading my FreeBSD box i use the binary freebsd-update. Well, i logged as root and i type:

# freebsd-update upgrade -r 9.0-RELEASE
# freebsd-update fetch
# freebsd-update install
# reboot

The system will reboot with the new kernel after the reboot, run freebsd-update install again
to install userland components and rebbot

# freebsd-update install
# reboot

You also need to update all packages, type:
# portsnap fetch update
# pkg_version -vIL=
# portupgrade -a

May 16, 2012

Installation of mod_evasive on cPanel/WHM

This article is about installing of apache’s mod_evasive on cpanel/whm, to help against DOS and DDOS attack.

Get the latest source of mod_evasive
$ wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
$ tar zxvf mod_evasive_1.10.1.tar.gz
$ cd mod_evasive

Load mod_evasive into apache
$ /usr/local/apache/bin/apxs -i -a -c mod_evasive20.c

Next, distill the module to apache
$ /usr/local/cpanel/bin/apache_conf_distiller –update

Last, edit apache config file
$ vim /usr/local/apache/conf/httpd.conf

and Add this directive

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 3600
DOSEmailNotify admin@domain.tld
DOSSystemCommand “sudo /sbin/iptables -A INPUT -s %s -j DROP”
DOSLogDir “/var/log/evasive/”
</IfModule>

January 22, 2011

A Method for Transmissing PPP Over Ethernet (PPPoE) (RFC2516)

Filed under: informational, rfc — Tags: — Ali MEZGANI @ 1:48 am

Publication date : February 1999
RFC Author(s) : R.Wheeler, D.Simone, D. Carrel, J. Evarts, K. Lidl, L. Mamakos
Category : informational

The Point-to-point Protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links.

PPPoE has two differents stages, first one is PPP Discovery stage that contains four steps when a host discovers the MAC address of peer (Concentrator) and the PPPoE session ID.
In the fact, the Mac address and PPPoE_SESSION_ID uniquely define a ession.
The relationship between the peers is a simple client/server when a client asks server(Concentrator) for informations to establish
the session.

The Frame sent is a simple Ethernet frame where the ETHER_TYPE is set to either 0x8863 (Discovery Stage) or 0x8864 (PPP Session Stage).

Here is the Ethernet Payload for PPPoE:
[ VER:4 | TYPE:4 | CODE:8 | SESSION_ID:16 | LENGTH:16 | PAYLOAD:16 ]

Discovery Stage : Ethernet Frame have the ETHER_TYPE field set to 0x8863

1. Client to server: Initiation (PPPoE Active Discovery Initiation)
PADI:
* Host send a broadcast packet, with the code field set to 0x09
* The session id set to 0x0000

2. Server to client: Offer (PPPoE Active Disocvery Offer)
PADO:
* Access Concentrator reply to an unicast address, with code set to 0x07
* The session id set to 0x0000
* PADO packet contains AC-Name TAG, Service-Name TAG

3. Client to server: Request (PPPoE Active Discovery Request)
PADR:
* Host receive one or more PADO packet and has to choice one
* Choice is based on AC-Name or Services offred
* Host send one PADR packet to Concentrator
* Destination is the unicat Ethernet address of Cencentrator
* code field is set to 0x19 and session id is set to 0x0000

4. Server to client: Session-confirmation (PPPoE Active Discovery Session-confirmation)
PADS:
* When Access receive PADR it prepare to begin PPP session
* generate a unique session id
* reply with an unicat Ethernet address
* code field is set to 0x65
* contains exactly one TAG of TAG_TYPE Service-Name

5. Either end to other end: Termination (PADT)
* packet sent bu host or Access Concentrator
* session is established
* Destination address is unicast
* session is the SESSION_ID generated
* code field is set to 0xa7

Examples Using scapy:
1. PADI:
sendp(Ether(type=0x8863,src=”00:60:4c:72:e7:69″,dst=”ff:ff:ff:ff:ff:ff”)/PPPoED(code=0x09,sessionid=0x0000),iface=”nas0″)

PADO:
2. sendp(Ether(type=0x8863,src=”00:bf:12:fa:90:fd”, dst=”00:60:4c:72:e7:69″)/PPPoED(code=0x07,sessionid=0x0000),iface=”nas0″)

January 5, 2011

EtherIP: Tunneling Ethernet Frames in IP Datagrams (RFC3378)

Filed under: rfc — Ali MEZGANI @ 10:05 am

Publication date : September 2002
RFC Author(s) : R.Housley, S.Hollenbeck
Category : informational

EtherIP protocol developed in 1991, and used to tunnel Ethernet and IEEE 802.3 media access control (MAC) frames (including IEEE 802.1Q [VLAN] datagrams) across an IP internet.

The EtherIP datagrams contains 16-bit header and a variable-length encapsulated Ethernet or IEEE 802.3 frame that immediately follows IP fields.

The 16-bit of EtherIP header contains two fields, the version 4-bit that must be set to 3 (0011) and 12-bit reserved reserved for future that have to be set to zero, for encapsulation and decapsulation operations. An IP datagram with a EtherIP header must set the IPv4 protocol to 97 (decimal).

The brigde-like station must listen for IP datagram that contains the protocol 97 and ignore the rest LAN frames. if this case it extract MAC from datagrams on the LAN and calculate the (FCS) frame check sequence even the IP checksum does not provide integrity protection for Ethernet/IEEE 802.3, and append the frame as part of data link layer.

One security consideration solution is to protect the IP datagram that carry EtherIP with IPsec [RFC2401].

January 2, 2011

Sending text message using AT command

Filed under: linux, system, tools — Tags: , , — Ali MEZGANI @ 5:00 pm

Playing with my USB dongle that is a 3g modem, i felt the need to send message using this modem.
but i saw that it has no support to send message using AT command, well to check this use the AT+CSMS command before any shake.

In the case when you have a GSM/GPRS modem/mobile phone with full support of what we talk about before :
You can easily sending message using the great Kannel, or from scratch:
In this article we will focus on how to send message using AT command and we can resume this in five steps :
1. Initializing the modem
2. Setting SMSC
3. Storing the message into storage
4. Sending
5. Delete the message from storage

First of all, to interact with the device you need a serial tools like screen or may be minicom.
Well i recommend the use of screen when you work on pseudo devices :

Let’s connect to the device (ttyUSB0) using screen with a baud of 9600 :
$ screen /dev/ttyUSB0 9600

1. Send the initialize strings :
AT
OK
ATZ
OK

2. Define the service center address as follow and verify that it is correct:
AT+CSCA=”+85290000000″,145

145 means that we deal with formatted address using typical ISDN/telephony numbering plan
(ITU E.164/E.163) and it is an international number.

3. In the fact if you may send a text messages to +85291234567, write the message first to storage area, as like as:
AT+CMGW=”+85291234567″,145,”STO UNSENT”Hello world

4. And finally you can now send the message, referenced with it index:
AT+CMSS=3

You can also do this if you rather to send it to mutli destinations:
AT+CMSS=3,”91234567″
AT+CMSS=3,”97777777″
AT+CMSS=3,”96666666″

Lastly, delete the message from storage area.
5. AT+CMGD=3

To read the first message indexed with 1 :
AT+CMGR=1

Also if you need to play or list all the message in the storage
AT+CMGL=”ALL”


Great document about this can be found here

Older Posts »

The Silver is the New Black Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.