Apache and PHP installation

I’ll be installing Squirrelmail to our new mail server since we migrate our old server to new server. So, I need to transfer running services such as MTA and Squirrelmail. Of course, Squirrelmail needs Apache and Php. Here is the howto on how I install Apache with Php. There are many ways to install Apache and Php. You can do it via RPM which is a no brainer. You could also do this via yum. However, I prefer source installation for easy modification and upgrade for any bugs.

First, download the package in the ff website

apache 1.3.41

php.5.2.6

I prefer download it and extract it on /usr/local/src.

cd /usr/local/src/apache_1.3.37

./configure \
–prefix=/usr/local/apache \
–enable-shared=max \
–enable-module=rewrite \
–enable-module=so

make && make install

Installation of Php

cd /usr/local/src/php-5.2.6

./configure \
–with-apxs=/usr/local/apache/bin/apxs \
–disable-debug \
–enable-ftp \
–enable-inline-optimization \
–enable-magic-quotes \
–enable-mbstring \
–enable-mm=shared \
–enable-safe-mode \
–enable-track-vars \
–enable-trans-sid \
–enable-wddx=shared \
–enable-xml \
–with-dom \
–with-gd \
–with-gettext \
–with-mysql=/usr/local/mysql \
–with-regex=system \
–with-xml \
–with-zlib-dir=/usr/lib

make && make install

cp php.ini-dist /usr/local/lib/php.ini

For easy access to those frequently used file such as config files and logs, I’ll be placing a soft links on /etc and /var/log.

ln -s /usr/local/lib/php.ini /etc/php.ini

ln -s /usr/local/apache/conf/httpd.conf /etc/httpd.conf

ln -s /usr/local/apache/var/log /var/log/httpd

ln -s /usr/local/apache/bin/apachectl /etc/init.d/apache

php.ini and httpd.conf is the main config file of php and apache. Usually, you would edit this file for modification of Apache and Php.

Now, we need to edit httpd.conf to have support in Php.

To ensure your PHP files are properly interpreted, and not just downloaded as text files, remove the # at the beginning of the lines which read:

#AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps

Otherwise, manually enter them (without the leading # of course) after the line.

Also, add the ff in anyplace within the <IfModule mod_mime.c> section of httpd.conf.

Add index.php to the list of valid Directory Index files so that your “default page” in a directory can be named index.php.

<IfModule mod_dir.c>
DirectoryIndex index.php index.htm index.html
</IfModule>

Now, we need to start the apache by doing /etc/init.d/apache start

Try to browse your apache by doing http://x.x.x.x of your server in your default browser. You must see some notification or saying that successfuly installed apache. Usually, you would see an icon of Apache

Why I’m using Firefox

When computer was introduce to me wayback year 2000, I don’t care what browser I use. I’m convenient that time on Internet Explorer also known as IE. Then, IE6 was introduce since some of the games requires new version of IE such as NBA Live, etc.

Then, spyware become a monster in the Internet in the early 2000 and those anti-spyware popups like a pimple. There is Ad-Aware, Spybot, Spydoctor, etc. Most of the techie people say that IE was prone to spyware which I believe after I use Mozilla Firefox. I never encounter an error using Firefox. Even if one of our customer or a friend got infected with a spyware, still when I install firefox I can now browse the Internet unlike using IE where I can’t see a single page. From then on, I use Firefox.

Firefox nowadays has been great. There are lots of add-ons such as themes, download manager, ftp, etc. You can download add-ons at https://addons.mozilla.org/en-US/firefox/.

Also, bookmarks has been superb especially in Firefox 3. I can easily backup my numbers of bookmarks in just a snap. Saving password and pop-up ads has been also been doing great. Easy to manage and not so memory hog unlike the earlier version of Firefox. Google Toolbar also makes my research fast and easy.

Though there are lot of browser nowadays, I still stick to Firefox due to functionality, security ad ease of use. I’m writing this article using Firefox 3 with Aero Silver Fox Themes. If you want to know more about Firefox, go to their website at http://www.mozilla.com/en-US/firefox/

What’s a tiny laptop with no hard drive nowadays?

Tiny laptops, known as netbooks, have been cropping up like kudzu of late.

Dell’s latest addition to the tangle is the Inspiron Mini 9, a two-pound laptop that runs Windows XP or Linux.

The Mini 9 has a 9-inch display and 1.6-gigahertz Intel Atom processor, part of Intel’s new line of low-power processors for mobile devices. It can hold up to 1 gigabyte of memory and comes with up to 16 gigabytes of solid-state storage.

Interestingly, Dell is not offering a traditional hard drive at all; instead it uses solid-state memory to store the operating system, programs and data. A version of the laptop comes with 4 gigabytes of storage and runs Ubuntu, a popular version of the open-source operating system Linux. For some more bucks you gain Windows XP and 8 gigabytes of storage. The laptop is available at Dell.com.

The laptop has Wi-Fi but hackers have already opened the case and found the potential for built-in 3G wireless compatibility, although it may not be activated in the United States. It also has a larger keyboard than most other netbooks, a boon for users with even average-size fingers.

Reason why people still don’t use Linux

I’ve been to Linux since 2003 though I still considered myself as Linux Newbies. Though most of the companies used Linux in their servers, still, most of the workstation is running under Windows. Me, too, use Windows XP in my Laptop. I love Linux as Server OS. I also experience Linux particularly CentOS with TWM as my Display Manager as my workstation OS.

Still, in my opinion, people still not ready to use Linux. Here is some reason why:

1. Linux is not user friendly compared to Windows

It may have been not as friendly as Windows 10 years ago but today, Linux can be made to look like Windows XP – dispelling the user-friendly argument.

If you are still a skeptic, I challenge you to try it first and then tell me if the interface is cryptic or not.

Linux is now getting near to its counterpart, Microsoft Windows, when talking about Display. It has gradient look. Icons is enhanced and with those dropdown menu, you will not lost easily.

2. Installing applications on Linux is difficult

Lets face the fact. A grade 6 student can install games such as counterstrike, battlerealms, etc. in just a snap in Windows System but when you put Linux infront of them, they don’t know what to do.

There is no denying the fact that due to its Unix origins, Linux has enjoyed the (dis)advantages of having applications available in source code form and requiring compilation before installation. However, most, if not all, distributions maintain repositories of pre-compiled binaries that no longer require users to compile-before-install – just download and install.

Frankly, this is now an advantage for Linux — you only run one application to access several repositories to install, update or remove applications. Now Windows does not have something close to this.

That being said, however, I still wish that installing, updating and removing applications is as simple as the Mac OS X, wherein you just drag and drop the executable file package to the destination to install or to the trash bin to uninstall. No other libraries or dependencies to worry about nor any registry to tinker with.

3. Difficult to find support for Linux

Owing to its open source nature, support for Linux is often provided by the open source community. One just needs to know where to look. Unfortunately, ordinary users are not familiar with this process — giving an impression that they are left out in the cold.

Bug reporting is another issue – where do you send bug reports? You don’t expect ordinary users to access Trac and leave a bug report. Oftentimes, they just need an email address. HOWEVER, can you honestly tell me how many times have you sent in a bug report to Microsoft? Have you heard from them – did they acknowledge your report?

4. Can’t play games on Linux

This is true several years ago. However, companies are starting to realize that Linux is a viable platform for gaming. In fact, third-party developers provide a way for users to play Windows-based games on Linux without even installing Windows! Cool, huh? Well, not just quite. Unfortunately, game development is centered on Windows, due to its market-share. This is a chicken-or-egg issue – should game developers wait for a larger Linux market-share or make games to increase the market-share for Linux?

5. My peripheral is not supported on Linux

Hardware manufacturers now recognize the importance of Linux — just look at how the netbooks, such as the Asus Eee PC, MSI Wind, etc., are configured.

Windows users have experienced the same issue when Vista was released. Peripherals have no drivers available on Vista. The same can be said of Linux before. Today, most popular peripheral is supported by Linux.

Whilst I have explained some of the issues pointed out above, I leave it to you to determine if Linux is ready for YOUR desktop. In my case, it is already a mature desktop OS (which is also a server OS) – enough for an ordinary user’s daily computing needs.

If you are still having doubts, try an Asus Eee PC running Linux and tell me if it is too complex for your own use. Send me an e-mail with your Linux experience and I might just feature it here. 🙂

We have Asus Eee PC in our office and we used this if there are presentation outside the office or we need to evaluate the link of our customer’s Internet connection. Linux is pre-installed in the unit though don’t know what Linux OS it is but I’m sure it is Linux. It has Openoffice for opening documents, I can mount share on our samba and configuring the network is like configuring Windows as it was click-and-click only.  In short, it can do what a Microsoft Windows can do.

In the end, its up to you. Would you like to spend money for License but with some ease of use or save money but no guarantee if your son can installed programs.

How to reset a password on Cisco Catalyst Switch 2900 Series

I need to setup mrtg in our 2nd hand cisco catalyst switch. I believe this switch is a little bit obsolete but this is the one my superior told me to use. I visit my favorite distributor of refurbished networking applicance store and look for Cisco Catalyst 2900 Series

So I need to recover the password to put IP address to the VPN Interface. Here is the procedure that I did:

1. Hold down the mode button located on the left side of the front panel, while reconnecting the power cable to the switch.

Release the mode button after the LED above Port 1x goes out.

Note: LED position may vary slightly depending on the model.

2. Issue the flash_init command and press Enter

switch: flash_init
Initializing Flash…
flashfs[0]: 143 files, 4 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 3612672
flashfs[0]: Bytes used: 2729472
flashfs[0]: Bytes available: 883200
flashfs[0]: flashfs fsck took 86 seconds
….done Initializing Flash.

3. Issue the load_helper command and press Enter

switch: load_helper
switch:

4. Issue the dir flash: command and press Enter

Note : Make sure to type a colon “:” after the dir flash.

The switch file system is displayed:

switch: dir flash:
Directory of flash:/
2 -rwx 1803357 c3500xl-c3h2s-mz.120-5.WC7.bin

5. Type rename flash:config.text flash:config.old to rename the configuration file.

switch: rename flash:config.text flash:config.old
switch:

6. Issue the boot command to boot the system.

switch: boot
Loading “flash:c3500xl-c3h2s-mz.120-5.WC7.bin”…###############################
################################################################################
######################################################################
File “flash:c3500xl-c3h2s-mz.120-5.WC7.bin” uncompressed and installed, entry po
int: 0×3000
executing…

7. Enter “n” at the prompt to abort the initial configuration dialog.

--- System Configuration Dialog ---
At any point you may enter a question mark ‘?’ for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets ‘[]‘.
Continue with configuration dialog? [yes/no]: n

Switch>

8. At the switch prompt, type en to enter enable mode.

9. Type rename flash:config.old flash:config.text to rename the configuration file with its original name.

Switch#rename flash:config.old flash:config.text
Destination filename [config.text]

!— Press Return or Enter.

Switch#

10. Copy the configuration file into memory by typing copy flash:config.text system:running-config

Switch#copy flash:config.text system:running-config
Destination filename [running-config]?

!— Press Return or Enter.

1131 bytes copied in 0.760 secs
Switch#

The configuration file is now reloaded.

11. Change the password.

Switch#configure terminal
Switch(config)#no enable secret

!— This step is necessary if the switch had an enable secret
!— password.

Switch(config)#enable password Cisco
Switch#(config)#^Z

!— Use Ctrl-Z.

12. Write the running configuration to the configuration file with the write memory command.

Switch#write memory
Building configuration…
[OK]
Switch#

13. Finish

How to reset password on Cisco Router 2600 Series

Introduction

This document describes how to recover the enable password and the enable secret passwords. These passwords protect access to privileged EXEC and configuration modes. The enable password password can be recovered, but the enable secret password is encrypted and must be replaced with a new password. Use the procedure described in this document in order to replace the enable secret password.

The enable password or the enable-secret password is stored in the startup configuration file in the nonvolatile RAM (NVRAM). The password recovery procedure requires that you boot the router and ignore the startup configuration file in the NVRAM. In order to boot the router and ignore the startup configuration file, set the 6th bit in the configuration register. The router boots with the default configuration and all the interfaces in “shutdown” state.

Since the default configuration does not have a password, anyone can enter enable mode on the router. In order to return the router to the original configuration, the startup configuration file can be copied into the router memory. If you are already in the enable mode, you can either view or change the enable password, but you can only change the enable secret password because it is always encrypted in the show commands. This document describes this procedure.

Note: Password recovery procedures cannot be performed through a Telnet connection.

Cisco 2000 Series Routers
Cisco 2500 Series Routers
Cisco 3000 Series Routers
Cisco 4000 Series Routers
Cisco AccessPro
Cisco 7000 Route Processor (RP)
Cisco AGS+ Routers
Cisco IGS Router Series
Cisco STS-10x Access Servers

Step-by-Step Procedure

1. Attach a terminal or PC with terminal emulation to the console port of the router.

Use these terminal settings:

9600 baud rate
No parity
8 data bits
1 stop bit
No flow control

2. If you can access the router, type show version at the prompt, and record the configuration register setting. See Example of Password Recovery Procedure in order to view the output of a show version command.

Note: The configuration register is usually set to 0×2102 or 0×102. If you can no longer access the router (because of a lost login or TACACS password), you can safely assume that your configuration register is set to 0×2102.

3. Use the power switch in order to turn off the router, and then turn the router back on.

4. Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMmon.

5. At the prompt, type o, press ENTER, and record the current value of the configuration register (usually 0×2102 or 0×102).

>o

!— Shows the configuration register option settings.

Configuration register = 0×2102 at last boot
Bit# Configuration register option settings:
15 Diagnostic mode disabled

!— Output supressed.

6. Type o/r 0×2142, and press ENTER at the > prompt in order to boot from Flash and bypass the configuration file.

7. Type i at the > prompt, and press ENTER.

The router reboots, but ignores the saved configuration.

8. Type no after each setup question, or press CTRL + C in order to skip the initial setup procedure.

9. Type enable at the Router> prompt.

Once the Router# prompt appears, you are in enable mode.

10. Type configure memory or copy startup-config running-config in order to copy the NVRAM into memory.

Important : Do not type copy running-config startup-config or write memory. These commands erase your startup configuration.

11. Type write terminal or show running-config.

The show running-config and write terminal commands show the configuration of the router. In this configuration, the shutdown command appears under each interface, which means all interfaces are currently shutdown. Also, the passwords display either encrypted or unencrypted.

12. Type configure terminal, and make the changes.

The hostname(config)# prompt appears.

13. Type enable secret in order to change the enable secret password.

14. Issue the no shutdown command on every interface that is used. If you issue a show ip interface brief command after you exit configuration mode, every interface that you want to use displays up up.

15. Type config-register 0×2102 (or use the value you recorded in step 4).

This step causes the router to load the Cisco IOS software from the Flash with the configuration from NVRAM at the next reload.

16. Press CTRL + Z in order to leave the configuration mode.

The hostname# prompt appears.

17. Type write memory or copy running-config startup-config in order to commit the changes.

18. Type Reload in order to restart the router and force the Cisco IOS software to boot from the Flash.

Adding a new hard drive in your Linux Box

I just saw that my partition for my database sever running in MySQL has reached 90%. So I rush to the stock room to get a new hard drive. The problem is I need to do this were there is no people around in the office so that I can shutdown the server, backup the database and mount the MySQL to its new directory.

1. Know where your hard drive is located

Primary Controller First Drive: /dev/hda
Primary Controller Second Drive: /dev/hdb
Secondary Controller First Drive: /dev/hdc
Secondary Controller Second Drive: /dev/hdd

2. Let’s assume that the new hard drive is /dev/hdc. You need to format the new hard drive. Just do fdisk /dev/hdc and follow the procedure there. Make sure you chose Linux as your partition type usually it is ext2 or ext3.

3. When that was done I used mkfs to make a filesystem in that hard drive. Since there was just one partition it was named /dev/hdc1

mkfs /dev/hdc1

4. I made a mount point. I decided to put it in /dbdata

mount /dev/hdc1 /dbdata

The filesystem can be unmounted using umount /dbdata.

5. Lastly, I made an entry in /etc/fstab describing the new filesystem so it would be mounted automatically at boot time.

/dev/hdc1 /dbdata ext2 defaults 1 1

6. Your new hard drive is now active. Try to do df -h so that you can view what’s mounted in your system

Cache Poisoning Vulnerabilities in old version of Bind

I just upgraded my bind to 9.5 from 9.2 due to vulnerability of older version to cache poisoning.

DNS Cache Poisoning

The Domain Name System (DNS) is responsible for translating host names to IP addresses (and vice versa) and is critical for the normal operation of internet-connected systems. DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver.

I visit those online test to check if I have randomness port on my dns server and it says POOR. Thanks to recent work by Dan Kaminsky of IOActive, ISC has become aware of a potential attack exploiting weaknesses in the DNS protocol itself.

Here is some link for you to test your dns:

https://www.dns-oarc.net/oarc/services/dnsentropy
https://www.dns-oarc.net/oarc/services/porttest
http://www.doxpara.com/

Allow SecureCRT to accept public key authentication in Openssh

I use Vandyke’s SecureCRT to access my linux machines. Due to the recent increase in the number of attempts to break-in to my systems via SSH, I decided it was high time I switched to using public/private key authentication instead of simply password.

I had devil of time figuring out how to get the public key generated by SecureCRT into OpenSSH’s authorized_keys2 file.

After digging through the SecureCRT help file for a bit I finally found the command:

cd .ssh
ssh-keygen -X -f Identity.pub >> authorized_keys2

Now, I just have to figure out a way to keep my public keys with me whenever I might have need to access my systems without a system I work on normally

Rebuilding rpm in my Redhat 9

I’m trying to install an rpm package. However, I encountered the following error:

Error encountered: error: rpmdbNextIterator: skipping h# 838 Header V3 DSA signature:

To fix:

rm -f /var/lib/rpm/__db.*
rpmbuild –rebuilddb

After that, I can install rpm again