Vargas Emmanuel Weblog

Comment a block of text in VIM

Manu — Thu, 17 Jul 2008 13:33:44 +0000

it’s easy to comment a large text zone in VIM:

switch in visual mode (CTRL + V)
press touch I (upcase i)
Enter the comment caractere (# for exemple or // for exemple)
And now press ESC.

Et voilà!

Dell OpenManage 5 (OMSA) on Debian setup.

Manu — Thu, 17 Jul 2008 09:32:41 +0000

Cet aricle est tiré du site de john parnefjord. Merci à lui pour ce fabuleux article!
Dell OpenManage 5 (OMSA) est maintenant disponible en package .deb. Rien de plus facile pour l’installer dorénaveant. A condition d’avoir toutes les informations nécessaires!
Dans ce tutoriel nous verrons comment l’installer rapidement.

This article come from the john parnefjord website. Many thanks to him!
Since the advent of the debianized version of Dell OMSA installation has been a breeze.
Follow this tut to install quickly Dell OpenManage on a Debian system.

Francais Version
English Version

Français

Ajouter les lignes suivants dans le fichier /etc/apt/sources.list

# OMSA deb http://ftp.sara.nl/pub/sara-omsa dell sara

Installer OMSA en utilisant apt-get (aptitude installera beaucoup de paquets non nécessaires. je vous conseille d’utiliser apt-get pour éviter d’installer des paquets non nécessaires)

apt-get update apt-get install dellomsa

Si vous utilisez un SAS controleur mpt vous devez charger le module mptctl. Je ne l’ai pas testé mais j’ai eu des retours d’utilisateurs du SAS 5/i storage controllers. Merci pour l’info!
Il vous suffit de charger le module et de redémarrer OMSA et les informations disques seront accessibles.

modprobe mptctl /etc/init.d/instsvcdrv restart

Attention: sur un noyau 64bits vous ne pourrez pas vous logguer sur l’interface web tant que vous n’aurez pas rajouter quelques librairies 32bits et éditer le fichier de conf qui va bien. Si vous avez un kernel 64bits, copiez les fichiers suivants d’une install 32bits:

/lib/libselinux.so.1 /lib/libsepol.so.1 /lib/security/pam_nologin.so /lib/security/pam_unix.so

John a crée un zip avec tt les librairies si vous n’avez pas d’install 32bits sous la main. (voir le lien à la fin de l’article).
Si il n’existe pas, crée le répertoire /lib32 et copiez y les fichiers. Vous aurez également besoin du paquet ia32-libs qui permet de faire tourner la plupart des applis 32bis avec un noyau 64.

Editez le fichier /etc/pam.d/omauth et remplacez /lib par /lib32:

#%PAM-1.0 #auth required pam_stack.so service=system-auth #auth required /lib/security/pam_nologin.so #account required pam_stack.so service=system-auth auth required /lib32/security/pam_unix.so nullok auth required /lib32/security/pam_nologin.so account required /lib32/security/pam_unix.so nullok

Redémarrer les services:

/etc/init.d/instsvcdrv restart

Démarrer l’interface web:

/etc/init.d/dsm_om_connsvc start

Si vous voulez la lancer automatiquement au démarrage:

update-rc.d dsm_om_connsvc defaults 95

Et voilà!
Vous n’avez plus qu’a vous connecter:

https://192.168.0.10:1311/

Si vous ne pouvez pas vous logguer, vérifiez dans votre syslog. Vous devriez pouvoir vous connecter en utilisant un compte user du serveur. En vous logguant en root, vous devriez avoir accès à toutes les informations.

English

Just add the following lines to /etc/apt/sources.list

# OMSA deb http://ftp.sara.nl/pub/sara-omsa dell sara

and then install using

apt-get update apt-get install dellomsa
(using aptitude instead apt-get will install a lot of uneeded packages)

In case you have the mpt-based SAS controller you need to load the mptctl module. I haven’t tested this myself but I had some feedback from user using the SAS 5/i storage controllers. Thanks for that info! Well, just load the module and restart OMSA and the storage information should be available.

modprobe mptctl /etc/init.d/instsvcdrv restart

On a 64-bit machine you will not be able to login to the web interface unless you add some files from a 32-bit installation and edit a configuration file. So if you have a 64-bit installation of Etch then copy these files from a 32-bit version of an Etch installation:

/lib/libselinux.so.1 /lib/libsepol.so.1 /lib/security/pam_nologin.so /lib/security/pam_unix.so

john have put up the files from a Debian Etch 32-bit in case you don’t have a 32-bit system. See link below.

Start with copying the following libraries to /lib32/. You might need to install the package ia32-libs to get 32-bit applications playing on a 64-bit system.

Edit /etc/pam.d/omauth and replace /lib with /lib32 so the end result looks like this:

Restart the services after this change:

/etc/init.d/instsvcdrv restart

The web service hasn’t started yet.

/etc/init.d/dsm_om_connsvc start

If you want it to start after a reboot then run:

update-rc.d dsm_om_connsvc defaults 95

After this you should be able to login to your server.

https://192.168.0.10:1311/

Check the syslog for errors if you can’t login. You can login using a ordinary user account on the machine and if logging in as root you will be able to do some more stuff. I believe I don’t have to tell you that you should be very restrictive about who is having access to this service.

WordPress 2.6 is available

Manu — Tue, 15 Jul 2008 13:27:55 +0000

New WordPress version is available right now:
Download WordPress 2.6

More information on this brief video tour presentation of 2.6:

Post Revisions: Wiki-like tracking of edits

With the power of modern computers, it’s silly that we still use save and editing metaphors from the time when the most common method of storage was floppy disks. WordPress has always respected the importance of your writing with auto-save, and now we’re taking that to another level by allowing you to view who made what changes when to any post or page through a super-easy interface, much like Wikipedia or a version control system.
This is handy on any blog in case you make a mistake and want to go back to an older version of a post, and it’s super handy for multi-author blogs where you can see every change tracked by person.

Press This!: Post from wherever you are on the web

A few months ago on my blog we started a conversation about the posting bookmarklet in WordPress and which systems we should look to for inspiration, like Flock, FriendFeed, Facebook, Tumblr, and Delicious. From these suggestions and the Quick Post plugin by Josh Kenzer, we developed a Press This bookmark you can add to your toolbar that provides a fast and smart popup to do posts to your WordPress blog:

For example, if you click “Press This” from a Youtube page it’ll magically extract the video embed code, and if you do it from a Flickr page it’ll make it easy for you to put the image in your post. On my blog I’ve been experimenting with using different categories and the in_category() function — such as video, quote, aside, et cetera — to create a more tumblelog-like format.

Shift Gears: Turbo-speed your blogging

Gears is an open source browser extension project started by Google that developers like us can use to give you features we wouldn’t normally be able to. There are a lot of things we can do with Gears in the future, but in this release we’ve stuck to using what’s called a “Local Server” to cache or keep a copy of commonly-used Javascript and CSS files on your computer, which can speed up the loading of some pages by several seconds (they just pop right up!). You can install Gears for Firefox or Internet Explorer, with support for Safari and Opera pending. WordPress works just fine without it, you just get a little extra juice when you have it installed.

Theme Previews: See it before your audience does

Now when you select a theme it pops up a window that shows the theme live with all your content, instead of immediately making it active on your site. This is great for just test driving themes before making a switch over publicly, and it is also helpful when you are developing a theme and need to test it but don’t want everybody to see your ongoing mistakes development.

Here are some of the smaller features and improvements in 2.6:

* Word count! Never guess how many words are in your post anymore.
* Image captions, so you can add sweet captions like Political Ticker does under your images.
* Bulk management of plugins.
* A completely revamped image control to allow for easier inserting, floating, and resizing. It’s now fully integrated with the WYSIWYG.
* Drag-and-drop reordering of Galleries.
* Plugin update notification bubble.
* Customizable default avatars.
* You can now upload media when in full-screen mode.
* Remote publishing via XML-RPC and APP is now secure (off) by default, but you can turn it on easily through the options screen.
* Full SSL support in the core, and the ability to force SSL for security.
* You can now have many thousands of pages or categories with no interface issues.
* Ability to move your wp-config file and wp-content directories to a custom location, for “clean” SVN checkouts.
* Select a range of checkboxes with “shift-click.”
* You can toggle between the Flash uploader and the classic one.
* A number of proactive security enhancements, including cookies and database interactions.
* Stronger better faster versions of TinyMCE, jQuery, and jQuery UI.
* Version 2.6 fixes approximately 194 bugs.

Ethernet bonding (aggregating multiple ethernet channels)

Manu — Mon, 30 Jun 2008 17:15:47 +0000

Ethernet bonding refers to aggregating multiple ethernet channels together to form a single channel. This is primarily used for redundancy in ethernet paths or for load balancing.

To use Bonding Ethernet for High-Availability (fail-over) on Debian you need to:

install package ifenslave-2.6.To install this package follow this command
#apt-get install ifenslave-2.6

edit /etc/network/interfaces to look like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto bond0
iface bond0 inet static
address 192.168.1.14
netmask 255.255.255.0
gateway 192.168.1.1
dns-search MyDomain.net
dns-nameservers 192.168.1.1
up ifenslave bond0 eth0 eth1
down ifenslave -d bond0 eth0 eth1

comment or borrow the lines referring to your real NICs in the same file
add the following lines to your /etc/modprobe.d/bonding:

alias bond0 bonding
alias eth0 e1000
alias eth1 e1000
options bonding mode=0 miimon=100

Export/Import an existing list of packages

Manu — Mon, 30 Jun 2008 14:14:08 +0000

It is possible to export a list of all packages on a server and import this list to a new one.
It’s very usefull if you have a big server farm to manage.

Il est possible d’exporter la liste de toutes les packages d’un serveur et d’importer cette liste sur un autre serveur. Cette commande est très pratique si vous avez une ferme de serveurs à gérer.

Export packages list from the primary server:
dpkg –get-selections > mes_paquetages

Import the list on the new server:
dpkg –set-selections < mes_paquetages

And finally install the packages:
apt-get dselect-upgrade

Importons la liste des packages sur le serveur primaire:
dpkg –get-selections > mes_paquetages

Sur le nouveau serveur importons la liste des packages du serveur primaire:
dpkg –set-selections < mes_paquetages

Et enfin installons les paquets:
apt-get dselect-upgrade

Alienware M15x and Ubuntu

Manu — Mon, 02 Jun 2008 18:49:31 +0000

Just received my Alienware M15x and install Ubuntu 8.04 on it.
No problem except for the sound.
Need to add the line
options snd-hda-intel model=mbp3
in file
/etc/modprobe.d/alsa-base

Another little issue if you’re using AMsn and you don’t have sounds when you receive a message or when someone connect:
Go to Accound / Preferences / Others and replace
play $sound
with
aplay $sound

to use alsa sound server instead default library.

Get the Dell Service Tag number with Linux

Manu — Tue, 27 May 2008 09:35:52 +0000


[root@SERVER ~]# dmidecode | grep “Serial Number”
                Serial Number: 8HZZ42C

The Horrorist Live @ Paris 2008 04 01

Manu — Sat, 12 Apr 2008 14:29:01 +0000

All pictures available here:
http://www.crapules.com/gallery2/main.php/v/concerts/Horrorist/

JO: un journaliste de FR2 viré par des officiels chinois

Manu — Sat, 12 Apr 2008 13:45:05 +0000

Je ne suis pas fan de morandini, mais une vidéo intéressante lors de la flamme à paris:
Un journaliste de France2 qui filmait les manifestants et les officiels chinois c’est fait sortir par les officiels chinois qui visiblement demandaient à la police et obtenaient ce qu’ils voulaient.

Setup Sendmail without DNS

Manu — Fri, 04 Apr 2008 15:04:59 +0000

Configure Sendmail is not very funny.
In my case I have several box in a DMZ and i would like these box will be available to send email from my mail server. But sendmail need a valid MX reply to relay emails.
Without this valid MX you should have this error in the log file

Apr 4 15:46:32 SERVER-01 sendmail[2422]: [ID 801593 mail.info] m34DdKJC002400: to=,, delay=00:07:12, xdelay=00:00:00, mailer=relay, pri=240354, relay=mail, dsn=4.0.0, stat=Deferred: Name server: mailhost: host name lookup failure

When DNS doesn’t arrive for the party, sendmail gets mad.

How to solve this?

Linux (Redhat, Fedora, Debian)
First make sure you have the sendmail-cf package installed. Either install it and use yum/up2date/apt-get to get it.

rpm -Uvh sendmail-cf-8.13.1-3.fc2.i386.rpm

Next, add your smart relay host to your /etc/hosts file (your mail server)

192.168.1.100 mail mail.yourdomain.com

Go into /etc/mail/ and vi the sendmail.mc file. Add the following lines:

FEATURE(`accept_unresolvable_domains')dnl
FEATURE(`accept_unqualified_senders')dnl
FEATURE(nocanonify)
define(`confSERVICE_SWITCH_FILE', `/etc/mail/service.switch')dnl
define(`SMART_HOST',`mail')

Of course, replace the mail with the host you entered in your /etc/hosts file.
Now create a file in /etc/mail called service.switch and add the following:

root@SERVER-01 # cat /etc/mail/service.switch
hosts files
root@SERVER-01 #

Edit the submit.mc file in /etc/mail and add the following line:

define(`confDIRECT_SUBMISSION_MODIFIERS', `C')dnl

Now that we’re done making our file modifications, simply type make while in the /etc/mail directory.

Restart sendmail

/etc/init.d/sendmail restart

That’s it!

just need to test it:

mail -s test toto@mydomain.com < /dev/null 2>&1 >> /dev/null

Solaris

More easy on solaris 10 (same thing on V8 and V9)
Edit the files /etc/mail/sendmail.cf and /etc/mail/submit.cf
and uncomment the following lines:

# service switch file (name hardwired on Solaris, Ultrix, OSF/1, others)
O ServiceSwitchFile=/etc/mail/service.switch

# hosts file (normally /etc/hosts)
O HostsFile=/etc/hosts

root@SERVER-01 # more service.switch
hosts files

don’t forget to setup your host file


127.0.0.1       localhost       SERVER-01.mydomain.com
192.168.1.100    mail    mail.mydomain.com

Check in your /etc/nsswitch.conf file the line “hosts” like this:


hosts:      files

Check in your sendmail conf file (main.cf, sendmail.cf, subsidiary.cf) your relay host is setup


# "Smart" relay host (may be null)
DSmail

In the same files replace the following lines


# pass to name server to make hostname canonical
R$* $| $* < @ $* > $*          $: $2 < @ $[ $3 $] > $4
R$* $| $*                      $: $2


# pass to name server to make hostname canonical
R$* $| $* < @ $* > $*           $: $2 < @ $3 > $4
R$* $| $*                       $: $2

Be VERY carreful with the tabulations!

Just relaunch sendmail

svcadm refresh network/smtp:sendmail

And test again …

recursive mass rename script

Manu — Mon, 24 Mar 2008 13:47:57 +0000

Hello,

here a little script called myrename.pl to mass rename all the file of a directory and all the sub-directory and all files.
I need this script to delete the space character in the filename

The script:


#!/usr/bin/perl
#
# Usage: rename perlexpr [files]

($regexp = shift @ARGV) || die "Usage:  rename perlexpr [filenames]\n";
#print "REGEXP :$regexp:\n";

if (!@ARGV) {
    @ARGV = ;
    chomp(@ARGV);
}


foreach $_ (@ARGV) {
    $old_name = $_;
    eval $regexp;
#    print "Regexp after :$regexp:\n";
    die $@ if $@;
####   rename($old_name, $_) unless $old_name eq $_;
    rename($old_name, $_) unless $old_name eq $_; #or
####    warn "Couldn't rename $old_name to $_: $!\n";
    print "$old_name ----> $_\n";
}

exit(0);

Using the script:


find ./ -print | tac | /usr/bin/myrename.pl '($file) = (m|.+/(.+)|); $file = $_ if (!defined($file));($newfile = $file) =~ s/ /_/g;$file2=quotemeta($file); s/$file2/$1$newfile/;'

listing & zip Dir on the Fly

Manu — Wed, 05 Mar 2008 11:30:16 +0000

Hello,
Sometime I need to access my music from work.
To do this I have made a quick php script to print my private collection hosted on my own server and added a script to create archive file (.zip) on the fly.

J’ai développé une petite page php pour gerer ma musique sur mon server perso. Ce script me permet de créer un fichier zip a la volée pour chaque album que je veux prendre chez moi.

Prequesities:
you need the package zipArchives for php5
On Fedora:

yum install php-pecl-zip

On Debian

apt-get install php5-zip

Let me explain: if you go to http://www.crapules.com/test.zip this will create a test.zip file on the fly with all the content of http://www.crapules.com/test directory.
To do this you need to change your .htaccess file like this.

Le principe est simple. Lorsque un utilisateur utilise une URL avec une extension .zip dans certain répertoire, le script créer un fichier archive contenant l’intégralité du repertoire. Par exemple http://www.crapules.com/test.zip, créera un zip avec l’intégralité de http://www.crapules.com/test.
La première étape est de créer un fichier .htaccess dans ledit répertoire comme suit:


RewriteEngine On
Options +FollowSymlinks
RewriteCond %{REQUEST_URI} .zip$ [NC]
RewriteRule ^(.*).zip$ download.php?download=$1 [L]

This change will redirect all the link like

http://www.crapules.com/test.zip

http://www.crapules.com/download.php?download=test

Now you need to create a download.php in the same directory:
On crée un fichier download.php dans le même répertoire:


addFile($dir.$file,$extdir.$file);
                    myCreateArchive($dir.$file.'/' , $zip, $extdir.$file.'/');

                }
                else
                {
                    $zip->addFile($dir."/".$file,$extdir.$file);
                }
            }
        }
        closedir($rs);
    }
    return true;
}

# Prepare variables
if ( !isset($_GET['download']) )
    exit('no download');
$download = $_GET['download'];

$this_dir_path = dirname(__FILE__);
$this_dir_path = realpath($this_dir_path);

$parent_dir_path = $this_dir_path.'/../';
$parent_dir_path = realpath($parent_dir_path);

$dir_path = $this_dir_path.'/'.$download;
$dir_path = realpath($dir_path);

if ( $this_dir_path && $parent_dir_path && $dir_path )
{    /* Ok, variables are set we can continue*/    }
else {
    exit('something went wrong...');
}

if ( substr($dir_path, 0, strlen($parent_dir_path)) === $parent_dir_path )
{    /* good */    }
else
    exit('stop hacking '."[$dir_path][$parent_dir_path]");

$file_path = $this_dir_path.'/'.$download.'.zip';

# Remove old file
if ( is_file($file_path) )
    unlink($file_path);

# Create Zip
$zip = new ZipArchive();
if ( $zip->open($file_path, ZIPARCHIVE::CREATE) !== TRUE )
        exit("cannot open <$filename>\n");

# Add file to Zip
myCreateArchive($dir_path, $zip);

$zip->close();

# Download
echo "file_path:$file_path
\n";
myDownloadFile($file_path, 'archive/zip');
die;

You can try you script with the following url:
http://youwebsite.com/download.php?download=test to download the content of your “test” directory for example.
If it’s work, you can test your .htaccess file with the url

http://youwebsite.com/test.zip

Now you can do a cute index page like this:






Crapules

















Crapules.com Listing Access






Please be patient if you try to DL a ZIP file. It's took take more than 40 secondes 



\n");
print("FilenameDownloadFiletypeFilesize\n");
for($index=0; $index < $indexCount; $index++) {
        $extension = array_pop(explode(".", $dirArray[$index]));
        if (substr("$dirArray[$index]", 0, 1) != "."){ // don't list hidden files
                if ($extension != "php") {
                        print("$dirArray[$index]");
                        print("DL .zip");
                        print("");
                        print(filetype($dirArray[$index]));
                        print("");
                        print("");
                        print(filesize($dirArray[$index]));
                        print("");
                        print("\n");
                }
        }
}
print("\n");
?>
Logo designed by [A]ura. ©2004-2008 Crapules.com. All Rights Reserved.

Force (W)SUS to update

Manu — Tue, 13 Feb 2007 11:48:38 +0000

Below a batch to force WSUS , windows update to update automaticaly.


@echo off
Echo This batch file will Force the Update Detection from the AU client:
Echo 1. Stops the Automatic Updates Service (wuauserv)
Echo 2. Deletes the LastWaitTimeout registry key (if it exists)
Echo 3. Deletes the DetectionStartTime registry key (if it exists)
Echo 4. Deletes the NextDetectionTime registry key (if it exists)
Echo 5. Restart the Automatic Updates Service (wuauserv)
Echo 6. Force the detection
Pause
@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow
@echo off
Echo This AU client will now check for the Updates on the Local WSUS Server.
Pause

resize, add border&watermark

Manu — Sun, 17 Dec 2006 17:19:10 +0000

Hello,

Imagemagick is a very powerfull program to modify picture with a simple comand line.
For example, we can write a script to automatically resize, add a border and watermark to many picture in the same directory.


#/bin/sh
for img in `ls *.jpg`
do
convert $img -resize 20% rez_$img
convert -bordercolor "#000000" -border 2x2 -bordercolor "#FFFFFF" -border 4x4 -bordercolor "#000000" -border 2x2 rez_$img border_$img
convert border_$img -font /usr/share/fonts/default/ghostscript/bchri.pfa -fill white -pointsize 16 -draw "gravity southeast text 10,7 '(c) Vargas Emmanuel http://www\
.crapules.com'" final_$img
/bin/rm -f rez_$img
/bin/rm -f border_$img
done

RIP Linux Server

Manu — Mon, 25 Sep 2006 16:03:09 +0000

First Time I need to definitively shutdown a Production Linux Server.

RIP.

Solaris tips

Manu — Thu, 07 Sep 2006 10:19:09 +0000

Solaris tips

recursively Search keywords


find . -type f -print | xargs grep chaine_a_chercher

Reboot


shutdown -i 6 -g 2 -y "bye"

List the files in current directory sorted by size


ls -l | grep ^- | sort -nr

Delete blank lines in a file ?


cat sample.txt | grep -v '^$' > new_sample.txt

Display the Disk Usage of file sizes under each directory in currentDirectory ?


du -k * | sort –nr 
or 
du –k . | sort -nr

Set the Display automatically for the current new user ?


export DISPLAY=`eval 'who am i | cut -d"(" -f2 | cut -d")" -f1?`

List some Hot Keys for bash shell ?


Ctrl+l – Clears the Screen. 
Ctrl+r – Does a search in previously given commands in shell.
Ctrl+u - Clears the typing before the hotkey. 
Ctrl+a – Places cursor at the beginning of the command at shell. 
Ctrl+e – Places cursor at the end of the command at shell. 
Ctrl+d – Kills the shell. 
Ctrl+z – Places the currently running process into background.

How do you find out drive statistics ?


iostat -E

Display top ten largest files/directories ?


du -sk * | sort -nr | head

How much space is used for users in kilobytes ?


quot -af

Display Ethernet Address arp table ?


arp -a

Display the no.of active established connections to localhost ?


netstat -a | grep EST

Display the state of interfaces used for TCP/IP traffice ?


netstat -i

Show the working directory of a process ?


pwdx

Display the processes current open files ?


pfiles

Alternative for top command ?


prstat -a

VIM shortcuts

Manu — Thu, 07 Sep 2006 09:58:20 +0000

Some tips and shortcuts for VIM

Search and replace:


:%s/toto/tata/g

"k" up
"h" left
"l" right (lowercase L)
"j" down
"D" Delete to the end of the line from the current cursor position.
"dd" delete whole line
"x" delete character under cursor
"ZZ" exit and save
":quit!" quit without saving

Force autoshare on Windows

Manu — Thu, 07 Sep 2006 08:27:05 +0000

Change this key to 1 and reboot

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareServer
Data Type: REG_DWORD
Value: 0

Port Knocking Configuration

Manu — Sun, 03 Sep 2006 02:09:50 +0000

This articles describe how to configure a port knocking. We will use Knockd
Cet articles décrit la mise en place d’un port knocking. Nous utiliserons Knockd

Port knocking is a method of “message transmission across closed ports.” It works like this: initially a firewall blocks all ports on the server. The client issues a series of connection requests (knocks) to different ports; these are, of course, dropped since the ports are blocked. However, there is a daemon that monitors the log files for connection requests, and the sequence of requests serves as an encrypted code. If the code makes sense to the daemon, it enables SSH or another service (for a particular IP address and on a particular port encoded by the knock sequence).
Le port knocking est une forme d’authentification réseau. Le Port Knocking fonctionne actuellement en suivant constamment les fichiers de log du firewall afin d’en extraire les tentatives de connexions sur les ports concernés. Si une séquence est reconnue, alors les commandes correspondantes seront exécutées, notamment des modifications “à chaud” des règles du firewall, mais aussi le lancement ou l’arrêt d’un service ou l’éxecution d’une commande quelconque. En interne, le serveur garde une liste des ports sur lesquels ont été tentés des connexions en fonction de l’adresse IP de l’émetteur. A chaque tentative de connexion sur un port surveillé par Port Knocking, le port est ajouté à la liste des ports pour cette adresse IP. Si la nouvelle liste contiens une séquence, les commandes de la séquence sont exécutées.

First step juste download and install knockd sources
Télécharger les sources de knockd et l’installer
Knockd Sources


[root@pussycat ~]# wget http://www.invoca.ch/pub/packages/knock/knock-0.5-3.src.rpm
[root@pussycat ~]# rpm -Uvh knock-0.5-3.src.rpm

Just compil knockd-server


[root@pussycat ~]# [root@pussycat ~]# rpmbuild -bb /usr/src/redhat/SPECS/knock.spec
....
[root@pussycat ~]# rpm -Uvh /usr/src/redhat/RPMS/i386/knock-server-0.5-3.i386.rpm

It’s important to understand more your sequence is complex and more is complex a brute force attack.
Just need to setup the /etc/knockd.conf


[root@pussycat ~]# more /etc/knockd.conf
[options]
        logfile = /var/log/knockd.log
        pidfile = /var/run/knockd.pid

[openWEBMIN]
        sequence      = 10001:tcp,9007:udp,10512:tcp,4078:udp
        seq_timeout   = 90
        tcpflags      = syn
        start_command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 9935 -j ACCEPT

[closeWEBMIN]
        sequence      = 10001:tcp,9007:udp,10512:tcp,4079:udp
        seq_timeout   = 90
        tcpflags      = syn
        start_command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 9935 -j ACCEPT

[opencloseSSH]
        sequence      = 11001:tcp,10007:udp,10512:tcp,4078:udp
        seq_timeout   = 90
        tcpflags      = syn
        start_command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
        cmd_timeout   = 10
        stop_command  = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
[root@pussycat ~]#

sequence: Sequence will be enable the command defined in the start_command
seq_timeout: Timeout (in sec) for termintated the squence
start_command: Command will be executed if the sequence is COMPLETED
cmd_timeout: Is a “stop_command” is defined, it’s the timeout between start_command and stop_command
stop_command: Command executede at the end of the cmd_timeout

In this example if a user try to telnet on the port 10001:tcp,9007:udp,10512:tcp,4078:udp knockd will allow port 9935 which is the webmin port.
User could close this port with the sequence 10001:tcp,9007:udp,10512:tcp,4079:udp
If a sequence 11001:tcp,10007:udp,10512:tcp,4078:udp is detected knockd open port 22 during 10secondes.
Well check if you have defined this in your iptables configuration:


-A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed -m state --state ESTABLISHED

This rule let’s open port 22 when a connection is etablished.
It’s very important if you don’t want SSH doesn’t close in use after 10 secondes!
You can find an IPTables example here :
http://www.crapules.com/wordpress/2006/09/03/firewall-setup-with-a-frontend-server/

So if you want to open ssh port for exemple please use the port knocking client (windows or linux!).
You can find it here for example.
If you have only tcp port in you sequence you can use a simple telnet too.

Please let me know if you have any question.

Setup a server in FW

Manu — Sun, 03 Sep 2006 01:33:39 +0000

This firewall script is very interesting with a web/ftp server directly connected to Internet.
We are in the “easiest” IPTables mode without nat or mangle.
Please comment if you have any suggestion!

Here is my/etc/sysconfig/iptables (Don’t forget to replace “VOTRE_IP_PUBLIQUE” by your outgoing ip address)


# Mangle and NAT doesn't matter
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed

#Defaut policies
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]

# Create separate chains for ICMP, TCP and UDP to traverse
:allowed - [0:0]
:tcp_packets - [0:0]
:OUTPUT DROP [0:0]
:udp_packets - [0:0]
:icmp_packets - [0:0]
:bad_tcp_packets - [0:0]
:SPOOFED - [0:0]
:test_manu - [0:0]

# We rejected bad tcp packets
-A bad_tcp_packets -p tcp -m state --tcp-flags SYN,ACK SYN,ACK --state NEW -j REJECT --reject-with tcp-reset
-A bad_tcp_packets -p tcp -m state --state NEW -j LOG  ! --syn --log-prefix "New not syn:"
-A bad_tcp_packets -p tcp -m state --state NEW -j DROP  ! --syn

# allowed chain
-A allowed -p TCP -j ACCEPT  --syn
-A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
-A allowed -p TCP -j DROP

#TCP Rules:
#We allowed some tcp port (web, ftp)
#BE CARREFUL : SSH port is not allowed here
-A tcp_packets -p TCP -s 0/0 --dport auth -j allowed
-A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
-A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
-A tcp_packets -p TCP -s 0/0 --dport 25 -j allowed
-A tcp_packets -p TCP -s 0/0 --dport 60000:60200 -j allowed

#We don't close open session. Especially for PortKnocking
-A tcp_packets -p TCP -s 0/0 --dport 9912 -j allowed -m state --state ESTABLISHED --comment "Pour Webmin"
-A tcp_packets -p TCP -s 0/0 --dport 14213 -j allowed -m state --state ESTABLISHED --comment "Pour ssh"

#ICMP request are allowed
-A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
-A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT

#Bad tcp packets refused
-A INPUT -p tcp -j bad_tcp_packets

#Allow local request
-A INPUT -p ALL -s 127.0.0.1 -i lo -j ACCEPT
-A INPUT -p ALL -s VOTRE_IP_PUBLIQUE -i lo -j ACCEPT

#Rules for the Internet Request
-A INPUT -p ALL -m state -d VOTRE_IP_PUBLIQUE --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p TCP -i eth0 -j tcp_packets
-A INPUT -p UDP -i eth0 -j udp_packets
-A INPUT -p ICMP -i eth0 -j icmp_packets

#We log umatched packets
-A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG  --log-level DEBUG --log-prefix "IPT INPUT packet died: "
-A FORWARD -p tcp -j bad_tcp_packets
-A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG  --log-level DEBUG --log-prefix "IPT FORWARD packet died: "

# Flood  protection
-A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
-A FORWARD -p udp -m limit --limit 1/second -j ACCEPT

#Rules pour determiner les ip autorisees a sortir
-A OUTPUT -p tcp -j bad_tcp_packets
-A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
-A OUTPUT -p ALL -s VOTRE_IP_PUBLIQUE -j ACCEPT

#We log umatched packets
-A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG  --log-level DEBUG --log-prefix "IPT OUTPUT packet died: "

# Spoof protection
#-A SPOOFED -s 127.0.0.0/8 -j DROP
-A SPOOFED -s 169.254.0.0/12 -j DROP
-A SPOOFED -s 172.16.0.0/12 -j DROP
-A SPOOFED -s 192.168.0.0/16 -j DROP
-A SPOOFED -s 10.0.0.0/8 -j DROP
-A INPUT -j SPOOFED

COMMIT

Configuration Firewall avec serveur en frontend

Manu — Sun, 03 Sep 2006 00:57:13 +0000

Dans mon cas, la dedibox est directement relié au net avec une IP publique.
On est dans le cas le plus “simple” ou IPTables joue uniquement un rôle de Firewall

Voici donc mon fichier /etc/sysconfig/iptables (n’oubliez pas de remplacer VOTRE_IP_PUBLIQUE, par … votre IP publique! Je n’ai pas trouvé comment créer des aliases avec cette version d’IPTables)


# On ne tient pas compte de mangle et nat, nous nous concentrons ici sur le filter uniquement
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed

#Defaut policies
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]

# Create separate chains for ICMP, TCP and UDP to traverse
:allowed - [0:0]
:tcp_packets - [0:0]
:OUTPUT DROP [0:0]
:udp_packets - [0:0]
:icmp_packets - [0:0]
:bad_tcp_packets - [0:0]
:SPOOFED - [0:0]
:test_manu - [0:0]

# on rejette les packets considérés comme mal formés (possibilité d'attaque ou de scan port)
-A bad_tcp_packets -p tcp -m state --tcp-flags SYN,ACK SYN,ACK --state NEW -j REJECT --reject-with tcp-reset
-A bad_tcp_packets -p tcp -m state --state NEW -j LOG  ! --syn --log-prefix "New not syn:"
-A bad_tcp_packets -p tcp -m state --state NEW -j DROP  ! --syn

# allowed chain
-A allowed -p TCP -j ACCEPT  --syn
-A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
-A allowed -p TCP -j DROP

#TCP Rules:
#On Ouvre certains ports (web, ftp/passive, auth)
#Attention, le port SSH n'est pas ouvert ici, ne vous coupez pas la main!
-A tcp_packets -p TCP -s 0/0 --dport auth -j allowed
-A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
-A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
-A tcp_packets -p TCP -s 0/0 --dport 25 -j allowed
-A tcp_packets -p TCP -s 0/0 --dport 60000:60200 -j allowed

#On demande a ce que des qu une session est etablit, celle ci reste ouverte et ne soit pas coupe
#Ceci est particulierement utile dans le cas du portknocking par exemple ou l on referme le port 
#SSH apres X secondes.
-A tcp_packets -p TCP -s 0/0 --dport 9912 -j allowed -m state --state ESTABLISHED --comment "Pour Webmin"
-A tcp_packets -p TCP -s 0/0 --dport 14213 -j allowed -m state --state ESTABLISHED --comment "Pour ssh"

#On autorise les requetes ICMP (ping...)
-A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
-A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT

#On rejette les Bad TCP packets .
-A INPUT -p tcp -j bad_tcp_packets

#On autorise les requetes venant de localhost (tiens d ailleurs cette regle ne peut elle pas poser de pb 
#en cas de tentative d intrusion par spoof?)
-A INPUT -p ALL -s 127.0.0.1 -i lo -j ACCEPT
-A INPUT -p ALL -s VOTRE_IP_PUBLIQUE -i lo -j ACCEPT

#Regles pour les packets venant d'internet
-A INPUT -p ALL -m state -d VOTRE_IP_PUBLIQUE --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p TCP -i eth0 -j tcp_packets
-A INPUT -p UDP -i eth0 -j udp_packets
-A INPUT -p ICMP -i eth0 -j icmp_packets

#On log les packets qui ne matchent avec aucune regles
-A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG  --log-level DEBUG --log-prefix "IPT INPUT packet died: "
-A FORWARD -p tcp -j bad_tcp_packets
-A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG  --log-level DEBUG --log-prefix "IPT FORWARD packet died: "

# Flood  protection
-A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
-A FORWARD -p udp -m limit --limit 1/second -j ACCEPT

#Rules pour determiner les ip autorisees a sortir
-A OUTPUT -p tcp -j bad_tcp_packets
-A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
-A OUTPUT -p ALL -s VOTRE_IP_PUBLIQUE -j ACCEPT

#On log si ca matche pas
-A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG  --log-level DEBUG --log-prefix "IPT OUTPUT packet died: "

# Protection contre le spoofing
#-A SPOOFED -s 127.0.0.0/8 -j DROP
-A SPOOFED -s 169.254.0.0/12 -j DROP
-A SPOOFED -s 172.16.0.0/12 -j DROP
-A SPOOFED -s 192.168.0.0/16 -j DROP
-A SPOOFED -s 10.0.0.0/8 -j DROP
-A INPUT -j SPOOFED

COMMIT

Remplacer les espaces par des underscores

Manu — Sun, 03 Sep 2006 00:28:02 +0000

Petit script trouvé sur Space Replace 1.0.1 qui permet de remplacer tous les espaces d’un répertoire ainsi que son contenu par des undescores.
Par exemple, intricate – in pectra devient intricate_-_in_pectra
Script to replace all space in file and directory with an undescore. Script found Here

Il suffit de copier le contenu du script ci dessous dans un fichier dans votre /usr/local/lib. Vous pouvez également télécharger le script ainsi qu’un script d’installation ici

Just copy this file in you /usr/local/lib for example.
You can also Download this script with an installation script Here


#!/bin/bash
# spacereplace v1.0.1 by Richard van Kampen - july 2005
function helpme {
echo ""
echo "Help for spacereplace"
echo ""
echo "spacereplace version 1.0.1 - written by Richard van Kampen"
echo "Tool to substitute spaces in file and directory names with underscores."
echo ""
echo "Usage: spacereplace [option] [PATH]"
echo ""
echo "List of options:"
echo ""
echo "-h or --help : show help."
echo "-r : recursive. Also commit changes to all sub-directories."
echo ""
echo "You have to specify the path to the directory you want to process. Not specifying a path will just display help"
echo ""
echo "Example: 'spacereplace -r /home/richard/video' changes all spaces to underscores in /home/richard/mp3 and all directories below /home/richard/mp3."
echo ""
exit
}

for arg in "$@" # grab command line options
do
if [ "$arg" != "-r" ] && [ "$arg" != "-h" ]; then
dir="$arg"
orgdir="$dir"
sub=" and sub-directories"
fi
case "$arg" in
-h | --help ) help=1 ;; # help option true.
-r ) recursive=1 ;; # recursive is true
esac
done

if [ "$dir" == "" ];then
helpme
fi
if [ ! -d "$dir" ]; then
echo "Directory $dir does not exist. Please try again with full path"
exit
fi

if [ "$help" = "1" ]; then # do this if -h option is used
helpme
fi

function delspaces {
strips=1;
teller=1; # iterate through 'contentgrab' array
cd $dir;
# rename @ because we need it. Do it 5 times
until [ $strips = "5" ];do
rename @ - *
let strips+=1
done
for i in $(ls | sed 's/\n//g' | sed 's/\ /@/g'); do
i=${i//@/ }
contentgrab[$teller]=$i
replacespace=${contentgrab[$teller]// /_}
if [ "${contentgrab[$teller]}" != "$replacespace" ] && [ ! -f "$replacespace" ] && [ ! -d "$replacespace" ]; then
mv -- "${contentgrab[$teller]}" "$replacespace"
fi
let teller+=1;
done
}

Emacs backup files in ONE directory

Manu — Sun, 20 Aug 2006 21:53:18 +0000

Backup directory pour avoir tous les fichiers de backup dans un seul
répertoire plutôt que d’en avoir partout;

move your emacs backup files in only one directory


;; Backup directory pour avoir tous les fichiers de backup dans un seul
;; répertoire plutôt que d'en avoir partout;
;; 
;; move your emacs backup files in only one directory
(defun make-backup-file-name (file)
   (concat "~/backup/" (file-name-nondirectory file) "~"))

mirroring script

Manu — Fri, 18 Aug 2006 07:20:24 +0000

I have made a little script to mirroring some ftp (apache for exemple).
This script is based on the anonftprsync debian script.
just copy this in /usr/sbin/anonftprsyncapache:

Code:

#! /bin/sh
set -e

# This script originates from http://www.debian.org/mirror/anonftpsync
# modified by Martin Zobel-Helas , 2005-01-16
#       these modifications are published under the terms of the GNU GPL
# Note: You MUST have rsync 2.0.16-1 or newer, which is available in slink
# and all newer Debian releases, or at http://rsync.samba.org/
#
# script modified by emmanuel vargas 

# TO is the destination for the base of the mirror directory
TO=/var/ftp/pub/mirror/apache

# RSYNC_HOST is the site you have chosen from the mirrors file.
RSYNC_HOST=rsync.apache.org

# RSYNC_DIR is the directory given in the "Packages over rsync:" line of
# the mirrors file for the site you have chosen to mirror.
RSYNC_DIR=apache-dist

# LOGDIR is the directory where the logs will be written to
LOGDIR=/var/log/

# MAILTO is the address to send logfiles to;
# if it is not defined, no mail will be sent
# (optional)

MAILTO=emmanuel.vargas@gmail.com

# There should be no need to edit anything below this point, unless there
# are problems.

#-----------------------------------------------------------------------------#

# Check for some environment variables
if [ -z $TO ] || [ -z $RSYNC_HOST ] || [ -z $RSYNC_DIR ] || [ -z $LOGDIR ]; then
        echo "One of the following variables seems to be empty:"
        echo "TO, RSYNC_HOST, RSYNC_DIR or LOGDIR"
        exit 2
fi

if ! [ -d ${TO}/project/trace/ ]; then
        # we are running mirror script for the first time
        mkdir -p ${TO}/project/trace
fi

# Note: on some non-Debian systems, hostname doesn't accept -f option.
# If that's the case on your system, make sure hostname prints the full
# hostname, and remove the -f option. If there's no hostname command,
# explicitly replace `hostname -f` with the hostname.
HOSTNAME=`hostname -f`

LOCK="${TO}/Archive-Update-in-Progress-${HOSTNAME}"
# Logfile
LOGFILE=$LOGDIR/apache-mirror.log

# Get in the right directory and set the umask to be group writable
#
cd $HOME
umask 002

# Check to see if another sync is in progress
if lockfile -! -l 43200 -r 0 "$LOCK"; then
  echo ${HOSTNAME} is unable to start rsync, lock file exists
  exit 1
fi
# Note: on some non-Debian systems, trap doesn't accept "exit" as signal
# specification. If that's the case on your system, try using "0".
trap "rm -f $LOCK > /dev/null 2>&1" exit

set +e

result=0;

if [ 0 = $result ]; then
        # Now sync the remaining stuff
    rsync -rtlzv --delete $RSYNC_HOST::$RSYNC_DIR $TO >> $LOGFILE 2>&1

else
        echo "ERROR: Help, something weird happened" | tee -a $LOGFILE
        echo "mirroring /pool exited with exitcode" $result | tee -a $LOGFILE
fi
if ! [ -z $MAILTO ]; then
        mail -s "Apache archive synced" $MAILTO < $LOGFILE
fi

/bin/rm $LOGFILE

and add this in your /etc/crontab:

Code:

#rsync for apache ftp
0 1,13 * * * /usr/sbin/anonftpsyncapache > /dev/null

Monitoring Proftpd

Manu — Thu, 17 Aug 2006 13:24:05 +0000

ProFTPD + MySQL Authentication + E-Mail Monitor
Log analysis

My major problem with proftpd is the real time monitoring of log analysis.

I will try to describe on this post the current solution I have build on my proftpd server.

Prerequisites:

Proftpd + mysql
Perl + Perl-MIME-Lite + Perl-MailsTools + Perl-DBI and Perl-DBD-mysql

ProFTPD + MySQL Authentication + E-Mail Monitor

First step is to sending an alert by email when a user update or connect to the ftp
This howto become from this great tutorial:
ProFTPD + MySQL Authentication + E-Mail Monitor Howto

The idea is to make a crontab script which check every X minutes that the field “modified” or “accessed” has been updated.

Logon to MySQL and issue the following command:

Code:

CREATE TABLE ftpusermonitor (
  id int(10) unsigned NOT NULL,
  userid varchar(32) NOT NULL default '',
  accessed datetime NOT NULL default '0000-00-00 00:00:00',
  modified datetime NOT NULL default '0000-00-00 00:00:00',
  PRIMARY KEY  (id),
  UNIQUE KEY userid (userid)
) TYPE=MyISAM;

You need to add this row to the ftpusermonitor table whenever you add a new ftp user :

Code:

INSERT INTO ftpusermonitor (id, userid) SELECT id, userid FROM ftpuser WHERE userid='myuser';

Now just copy this script on you ftp server:

Code:

#! /usr/bin/perl

# ftpmon.pl
# Monitor updates to FTP directories
# Author: Stefano Radice 

use strict;
use DBI;
use MIME::Lite;

my $server = 'localhost';
my $db = 'ftp';
my $dblogin = 'root';
my $dbpwd = 'password';
my $ftpalert = 'emmanuel.vargas@gmail.com';
#my $dbquery ="SELECT a.id, a.userid, a.modified FROM ftpuser a INNER JOIN ftpusermonitor b ON a.id = b.id WHERE a.modified > b.modified";
my $dbquery ="SELECT a.id, a.userid, a.accessed FROM ftpuser a INNER JOIN ftpusermonitor b ON a.id = b.id WHERE a.accessed > b.accessed";

my $dbh = DBI->connect("dbi:mysql:$db:$server", $dblogin, $dbpwd);
my $sth = $dbh->prepare($dbquery);
$sth->execute();

my @dbrow;

while(@dbrow=$sth->fetchrow_array()) {
    my $subject='FTP Update: ' . $dbrow[1];
    my $body=("The user -".$dbrow[1]. "- has acceded his FTP home.");
    send_mail($ftpalert,
              'FTPSERVER@ftp.crapules.com',
              $subject,
              $body);
    my $dbupd="UPDATE ftpusermonitor SET accessed='". $dbrow[2] . "' WHERE id=" . $dbrow[0];
#       my $dbupd=
#          "UPDATE ftpusermonitor SET modified='". $dbrow[2] . "' WHERE id=" . $dbrow[0];
    $dbh->do($dbupd);
}

$sth->finish( );

sub send_mail {
    print "Evoie d'un email\n";
    my($to, $from, $subject, $body)=@_;

    my $msg = new MIME::Lite
        From    =>$from,
        To      =>$to,
        Subject =>$subject,
        Type    =>'TEXT',
        Data    =>$body;
    $msg -> send;

}

Make this script executable:

Code:

# chmod 700 ftpmon.pl

and add this script in you crontab file:

Code:

# ftpmonitoring
*/5 * * * * /usr/sbin/ftpmoni.pl

Logs Analysis

First step is webalizer installation:

Code:

[root@pussycat plugins]# yum install webalizer

now add in your /etc/proftpd.conf:
In the general config:

Code:

TransferLog none     # WARNING: TransferLog directive might need to be placed inside a virtual host context if you use them.

In the :

Code:

  TransferLog                 /var/log/proftpd/xferlog.legacy

Now edit your /etc/webalizer.conf:

Code:


LogFile        /var/log/proftpd/xferlog.legacy
LogType	ftp
OutputDir      /var/www/html/admin/webalizer
HistoryName	/var/lib/webalizer/webalizer.hist
Incremental	yes
IncrementalName	/var/lib/webalizer/webalizer.current
HostName       pussycat
PageType	htm*
PageType	cgi
PageType        php
PageType        shtml
DNSCache	/var/lib/webalizer/dns_cache.db


DNSChildren	10
Quiet	   yes

FoldSeqErr	yes
HideURL		*.gif
HideURL		*.GIF
HideURL		*.jpg
HideURL		*.JPG
HideURL		*.png
HideURL		*.PNG
HideURL		*.ra

SearchEngine	yahoo.com	p=
SearchEngine	altavista.com	q=
SearchEngine	google.com	q=
SearchEngine	eureka.com	q=
SearchEngine	lycos.com	query=
SearchEngine	hotbot.com	MT=
SearchEngine	msn.com		MT=
SearchEngine	infoseek.com	qt=
SearchEngine	webcrawler	searchText=
SearchEngine	excite		search=
SearchEngine	netscape.com	search=
SearchEngine	mamma.com	query=
SearchEngine	alltheweb.com	query=
SearchEngine	northernlight.com  qr=
# End of configuration file...  Have a nice day!

In your crontab file:

Code:


# webalizer for proftpd
10 3 * * * root /usr/bin/webalizer > /dev/null