apt-get install apache2 php5 mysql-server phpmyadmin mysql-client pure-ftpd-mysql
####### config database
mysql -u root -p
CREATE DATABASE pureftpd;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost' IDENTIFIED BY 'ftpdpass';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost.localdomain' IDENTIFIED BY 'ftpdpass';
FLUSH PRIVILEGES;
USE pureftpd;
CREATE TABLE ftpd (
User varchar(16) NOT NULL default '',
status enum('0','1') NOT NULL default '0',
Password varchar(64) NOT NULL default '',
Uid varchar(11) NOT NULL default '-1',
Gid varchar(11) NOT NULL default '-1',
Dir varchar(128) NOT NULL default '',
ULBandwidth smallint(5) NOT NULL default '0',
DLBandwidth smallint(5) NOT NULL default '0',
comment tinytext NOT NULL,
ipaccess varchar(15) NOT NULL default '*',
QuotaSize smallint(5) NOT NULL default '0',
QuotaFiles int(11) NOT NULL default 0,
PRIMARY KEY (User),
UNIQUE KEY User (User)
) TYPE=MyISAM;
quit;
cp /etc/pure-ftpd/db/mysql.conf /etc/pure-ftpd/db/mysql.conf_orig
cat /dev/null > /etc/pure-ftpd/db/mysql.conf
#### config ftp
vi /etc/pure-ftpd/db/mysql.conf
MYSQLSocket /var/run/mysqld/mysqld.sock
#MYSQLServer localhost
#MYSQLPort 3306
MYSQLUser pureftpd
MYSQLPassword ftpdpass
MYSQLDatabase pureftpd
#MYSQLCrypt md5, cleartext, crypt() or password() - md5 is VERY RECOMMENDABLE uppon cleartext
MYSQLCrypt md5
MYSQLGetPW SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetUID SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetGID SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetDir SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTASZ SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTAFS SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
echo "yes" > /etc/pure-ftpd/conf/DontResolve
/etc/init.d/pure-ftpd-mysql restart
Wednesday, March 02, 2011
Insert text by command line linux
sample for insert text on file
sudo echo "127.0.0.1 wordpress.ruamit.co.cc" | sudo tee -a /etc/hosts
sudo echo "127.0.0.1 forums.ruamit.co.cc" | sudo tee -a /etc/hosts
sudo echo "127.0.0.1 support.ruamit.co.cc" | sudo tee -a /etc/hosts
check after insert
mint@mint ~ $ cat /etc/hosts
1.1.1.21 mint # Added by NetworkManager
127.0.0.1 localhost.localdomain localhost
::1 mint localhost6.localdomain6 localhost6
127.0.1.1 mint
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
127.0.0.1 wordpress.ruamit.co.cc
127.0.0.1 forums.ruamit.co.cc
127.0.0.1 support.ruamit.co.cc
mint@mint ~ $
sudo echo "127.0.0.1 wordpress.ruamit.co.cc" | sudo tee -a /etc/hosts
sudo echo "127.0.0.1 forums.ruamit.co.cc" | sudo tee -a /etc/hosts
sudo echo "127.0.0.1 support.ruamit.co.cc" | sudo tee -a /etc/hosts
check after insert
mint@mint ~ $ cat /etc/hosts
1.1.1.21 mint # Added by NetworkManager
127.0.0.1 localhost.localdomain localhost
::1 mint localhost6.localdomain6 localhost6
127.0.1.1 mint
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
127.0.0.1 wordpress.ruamit.co.cc
127.0.0.1 forums.ruamit.co.cc
127.0.0.1 support.ruamit.co.cc
mint@mint ~ $
Saturday, February 26, 2011
restrict your router's NTP services.
Refer by Cisco cookbook
You want to restrict your router's NTP services.
Solution
You can use the ntp access-group command to restrict which devices you want your router to allow NTP associations with:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 88 permit host 172.25.1.1
Router(config)#access-list 88 permit host 10.1.1.1
Router(config)#access-list 99 permit 172.25.0.0 0.0.255.255
Router(config)#access-list 99 permit 10.2.0.0 0.0.255.255
Router(config)#clock timezone EST -5
Router(config)#clock summer-time EDT recurring
Router(config)#ntp server 172.25.1.1 version 3
Router(config)#ntp server 10.1.1.1 version 3
Router(config)#ntp access-group peer 88
Router(config)#ntp access-group serve-only 99
Router(config)#end
Router#
Discussion
In this example, the router will allow the internal clock to be synchronized by the two NTP servers listed in access list 88, 172.25.1.1 and 10.1.1.1. The router also allows time requests only from the client devices permitted by access list 99.
By default, NTP has no access controls, and it gives full access to all NTP devices. The ntp access-group command limits this access to various NTP services. In the example above, the peer keyword means that the router will only allow its internal clock to be changed by those remote servers and peers permitted by the access list.
The serve-only keyword specifies the clients permitted to obtain time services from the router. In the above example, the serve-only access list (99) permits two entire subnets, 172.2.0.0 255.255.0.0 and 10.2.0.0 255.255.0.0. This means that any NTP clients residing on either of these two subnets can obtain time services from the local router. Using the same method, you can limit the access list to a single subnet, a group of hosts, or no one. Omitting the ntp access-group serve-only command completely prevents the router from providing time services.
NTP access groups provide excellent granularity of access to time services on a global basis. Used in conjunction with the interface command ntp disable, NTP access groups can form the basis of an effective access control strategy.
You want to restrict your router's NTP services.
Solution
You can use the ntp access-group command to restrict which devices you want your router to allow NTP associations with:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 88 permit host 172.25.1.1
Router(config)#access-list 88 permit host 10.1.1.1
Router(config)#access-list 99 permit 172.25.0.0 0.0.255.255
Router(config)#access-list 99 permit 10.2.0.0 0.0.255.255
Router(config)#clock timezone EST -5
Router(config)#clock summer-time EDT recurring
Router(config)#ntp server 172.25.1.1 version 3
Router(config)#ntp server 10.1.1.1 version 3
Router(config)#ntp access-group peer 88
Router(config)#ntp access-group serve-only 99
Router(config)#end
Router#
Discussion
In this example, the router will allow the internal clock to be synchronized by the two NTP servers listed in access list 88, 172.25.1.1 and 10.1.1.1. The router also allows time requests only from the client devices permitted by access list 99.
By default, NTP has no access controls, and it gives full access to all NTP devices. The ntp access-group command limits this access to various NTP services. In the example above, the peer keyword means that the router will only allow its internal clock to be changed by those remote servers and peers permitted by the access list.
The serve-only keyword specifies the clients permitted to obtain time services from the router. In the above example, the serve-only access list (99) permits two entire subnets, 172.2.0.0 255.255.0.0 and 10.2.0.0 255.255.0.0. This means that any NTP clients residing on either of these two subnets can obtain time services from the local router. Using the same method, you can limit the access list to a single subnet, a group of hosts, or no one. Omitting the ntp access-group serve-only command completely prevents the router from providing time services.
NTP access groups provide excellent granularity of access to time services on a global basis. Used in conjunction with the interface command ntp disable, NTP access groups can form the basis of an effective access control strategy.
How to troubleshoot SSH error on cisco router
Error %SSH-3-PRIVATEKEY Unable to retrieve RSA private key
Feb 24 2011 14:39:56.539 TH: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for R4.ruamit.co.cc
-Process= "SSH Process", ipl= 0, pid= 4
-Traceback= 81037CC0 81034670 81035D38 8020D9E8 8021117C
Feb 24 2011 14:39:58.963 TH: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for R4.ruamit.co.cc
-Process= "SSH Process", ipl= 0, pid= 4
-Traceback= 81037CC0 81034670 81035D38 8020D9E8 8021117C
Feb 24 2011 14:46:05.540 TH: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for R4.ruamit.co.cc
-Process= "SSH Process", ipl= 0, pid= 4
-Traceback= 81037CC0 81034670 81035D38 8020D9E8 8021117C
Feb 24 2011 15:02:01.306 TH: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for R4.ruamit.co.cc
-Process= "SSH Process", ipl= 0, pid= 4
Resolve By solution below
1 - Remove ssh or disable by command " crypto key zeroize rsa"
2 - Generate key again by command " crypto key generate rsa"
If still cannot login ssh check by command " sh crypto key mypubkey rsa"
and chose key to used by command " ip ssh rsa keypair-name
sample error when login
root@ssh-server:~$ ssh -l cisco 192.168.1.1
Disconnecting: Corrupted check bytes on input.
root@ssh-server:~$
example
R4#show crypto key mypubkey rsa
% Key pair was generated at: 00:04:12 UTC Mar 1 2002
Key name: R4.ruamit.co.cc
Usage: General Purpose Key
Key is not exportable.
key name is R4.ruamit.co.cc
router (config)# ip ssh rsa keypair-name R4.ruamit.co.cc
Wednesday, January 05, 2011
flow accounting vyatta
sample monitor flow via command line vyatta
[edit]
ruamit@Core-BKK02# edit system
[edit system]
[edit system]
ruamit@Core-BKK02# set flow-accounting interface eth0
[edit system]
ruamit@Core-BKK02# set flow-accounting interface eth2
config
ruamit@Core-BKK02# show flow-accounting
interface eth0
interface eth2
[edit system]
ruamit@Core-BKK02#
Check Flow command
ruamit@Core-BKK02# run show flow-accounting
flow-accounting for [eth0]
Src Addr Dst Addr Sport Dport Proto Packets Bytes Flows
218.107.216.54 192.168.26.4 80 37666 tcp 169 228481 1
216.131.84.113 192.168.26.4 80 52190 tcp 146 192031 1
216.131.84.113 192.168.26.4 80 54542 tcp 119 146697 1
216.131.84.113 192.168.26.4 80 42359 tcp 101 119101 1
216.131.84.113 192.168.26.4 80 35811 tcp 94 116388 1
216.131.84.113 192.168.26.4 80 38051 tcp 105 115260 1
216.131.84.113 192.168.26.4 80 56465 tcp 95 104146 1
216.131.84.113 192.168.26.4 80 55010 tcp 74 102579 1
216.131.84.113 192.168.26.4 80 34760 tcp 59 58314 1
216.131.84.113 192.168.26.4 80 46918 tcp 39 44855 1
66.220.158.32 192.168.26.4 80 51976 tcp 8 3965 1
66.220.149.11 192.168.26.4 80 41444 tcp 8 3651 1
72.14.203.113 192.168.26.4 80 47088 tcp 11 3230 1
69.63.180.48 192.168.26.4 80 38182 tcp 14 2121 1
68.169.43.123 192.168.26.4 80 57355 tcp 3 1506 1
203.144.207.29 192.168.26.4 53 54391 udp 7 1174 4
72.14.203.102 192.168.26.4 80 59484 tcp 6 1046 1
209.85.231.104 192.168.26.4 80 54087 tcp 4 529 1
Total entries: 18
Total flows : 21
Total pkts : 1,062
Total bytes : 1,245,074
flow-accounting for [eth2]
Src Addr Dst Addr Sport Dport Proto Packets Bytes Flows
192.168.201.1 192.168.201.253 1688 8080 tcp 8 4064 2
192.168.201.1 192.168.201.253 1682 8080 tcp 58 4061 2
192.168.201.1 192.168.201.253 1667 23 tcp 91 3703 0
192.168.201.1 192.168.201.253 1691 8080 tcp 8 3572 3
192.168.201.1 192.168.201.253 1535 8080 tcp 6 3192 2
192.168.201.1 192.168.201.253 1686 8080 tcp 6 2015 2
Total entries: 6
Total flows : 11
Total pkts : 177
Total bytes : 20,607
[edit system]
ruamit@Core-BKK02#
sample send netflow to netflow server
ruamit@Core-BKK02# show flow-accounting
interface eth0
interface eth2
netflow {
sampling-rate 1
server 192.168.201.1 {
port 9996
}
}
[edit system]
[edit]
ruamit@Core-BKK02# edit system
[edit system]
[edit system]
ruamit@Core-BKK02# set flow-accounting interface eth0
[edit system]
ruamit@Core-BKK02# set flow-accounting interface eth2
config
ruamit@Core-BKK02# show flow-accounting
interface eth0
interface eth2
[edit system]
ruamit@Core-BKK02#
Check Flow command
ruamit@Core-BKK02# run show flow-accounting
flow-accounting for [eth0]
Src Addr Dst Addr Sport Dport Proto Packets Bytes Flows
218.107.216.54 192.168.26.4 80 37666 tcp 169 228481 1
216.131.84.113 192.168.26.4 80 52190 tcp 146 192031 1
216.131.84.113 192.168.26.4 80 54542 tcp 119 146697 1
216.131.84.113 192.168.26.4 80 42359 tcp 101 119101 1
216.131.84.113 192.168.26.4 80 35811 tcp 94 116388 1
216.131.84.113 192.168.26.4 80 38051 tcp 105 115260 1
216.131.84.113 192.168.26.4 80 56465 tcp 95 104146 1
216.131.84.113 192.168.26.4 80 55010 tcp 74 102579 1
216.131.84.113 192.168.26.4 80 34760 tcp 59 58314 1
216.131.84.113 192.168.26.4 80 46918 tcp 39 44855 1
66.220.158.32 192.168.26.4 80 51976 tcp 8 3965 1
66.220.149.11 192.168.26.4 80 41444 tcp 8 3651 1
72.14.203.113 192.168.26.4 80 47088 tcp 11 3230 1
69.63.180.48 192.168.26.4 80 38182 tcp 14 2121 1
68.169.43.123 192.168.26.4 80 57355 tcp 3 1506 1
203.144.207.29 192.168.26.4 53 54391 udp 7 1174 4
72.14.203.102 192.168.26.4 80 59484 tcp 6 1046 1
209.85.231.104 192.168.26.4 80 54087 tcp 4 529 1
Total entries: 18
Total flows : 21
Total pkts : 1,062
Total bytes : 1,245,074
flow-accounting for [eth2]
Src Addr Dst Addr Sport Dport Proto Packets Bytes Flows
192.168.201.1 192.168.201.253 1688 8080 tcp 8 4064 2
192.168.201.1 192.168.201.253 1682 8080 tcp 58 4061 2
192.168.201.1 192.168.201.253 1667 23 tcp 91 3703 0
192.168.201.1 192.168.201.253 1691 8080 tcp 8 3572 3
192.168.201.1 192.168.201.253 1535 8080 tcp 6 3192 2
192.168.201.1 192.168.201.253 1686 8080 tcp 6 2015 2
Total entries: 6
Total flows : 11
Total pkts : 177
Total bytes : 20,607
[edit system]
ruamit@Core-BKK02#
sample send netflow to netflow server
ruamit@Core-BKK02# show flow-accounting
interface eth0
interface eth2
netflow {
sampling-rate 1
server 192.168.201.1 {
port 9996
}
}
[edit system]
Tuesday, January 04, 2011
Sample QoS Vyatta
i've 2 network. One is wireless and one is LAN line
scope
lan line limit traffic 15mbit used http https dns pop3 minimum 60% other minimum 20%
wiless limit 5mbit used http https dns pop3 minimum 60% other minimum 20%
here is sample config
set traffic-policy shaper 5m bandwidth '5120kbit'
set traffic-policy shaper 5m class 2 bandwidth '60%'
set traffic-policy shaper 5m class 2 ceiling 100%
set traffic-policy shaper 5m class 2 match dns ip protocol 'udp'
set traffic-policy shaper 5m class 2 match dns ip source port '53'
set traffic-policy shaper 5m class 2 match http ip protocol 'tcp'
set traffic-policy shaper 5m class 2 match http ip source port '80'
set traffic-policy shaper 5m class 2 match https ip protocol 'tcp'
set traffic-policy shaper 5m class 2 match https ip source port '443'
set traffic-policy shaper 5m class 2 match pop3 ip protocol 'tcp'
set traffic-policy shaper 5m class 2 match pop3 ip source port '110'
set traffic-policy shaper 5m class 2 queue-type 'fair-queue'
set traffic-policy shaper 5m default bandwidth '20%'
set traffic-policy shaper 5m default ceiling 100%
set traffic-policy shaper 5m default queue-type 'fair-queue'
set traffic-policy shaper 15m bandwidth '15mbit'
set traffic-policy shaper 15m class 2 bandwidth '60%'
set traffic-policy shaper 15m class 2 ceiling 100%
set traffic-policy shaper 15m class 2 match dns ip protocol 'udp'
set traffic-policy shaper 15m class 2 match dns ip source port '53'
set traffic-policy shaper 15m class 2 match http ip protocol 'tcp'
set traffic-policy shaper 15m class 2 match http ip source port '80'
set traffic-policy shaper 15m class 2 match pop3 ip protocol 'tcp'
set traffic-policy shaper 15m class 2 match pop3 ip source port '110'
set traffic-policy shaper 15m class 2 match https ip protocol 'tcp'
set traffic-policy shaper 15m class 2 match https ip source port '443'
set traffic-policy shaper 15m class 2 queue-type 'fair-queue'
set traffic-policy shaper 15m default bandwidth '20%'
set traffic-policy shaper 15m default ceiling 100%
set traffic-policy shaper 15m default queue-type 'fair-queue'
commit
set interfaces ethernet eth0 traffic-policy out '15m'
set interfaces wireless wlan0 traffic-policy out '5m'
commit
Note Wireless work well as kernel 2.6.32 last or used lasted vyatta iso file
scope
lan line limit traffic 15mbit used http https dns pop3 minimum 60% other minimum 20%
wiless limit 5mbit used http https dns pop3 minimum 60% other minimum 20%
here is sample config
set traffic-policy shaper 5m bandwidth '5120kbit'
set traffic-policy shaper 5m class 2 bandwidth '60%'
set traffic-policy shaper 5m class 2 ceiling 100%
set traffic-policy shaper 5m class 2 match dns ip protocol 'udp'
set traffic-policy shaper 5m class 2 match dns ip source port '53'
set traffic-policy shaper 5m class 2 match http ip protocol 'tcp'
set traffic-policy shaper 5m class 2 match http ip source port '80'
set traffic-policy shaper 5m class 2 match https ip protocol 'tcp'
set traffic-policy shaper 5m class 2 match https ip source port '443'
set traffic-policy shaper 5m class 2 match pop3 ip protocol 'tcp'
set traffic-policy shaper 5m class 2 match pop3 ip source port '110'
set traffic-policy shaper 5m class 2 queue-type 'fair-queue'
set traffic-policy shaper 5m default bandwidth '20%'
set traffic-policy shaper 5m default ceiling 100%
set traffic-policy shaper 5m default queue-type 'fair-queue'
set traffic-policy shaper 15m bandwidth '15mbit'
set traffic-policy shaper 15m class 2 bandwidth '60%'
set traffic-policy shaper 15m class 2 ceiling 100%
set traffic-policy shaper 15m class 2 match dns ip protocol 'udp'
set traffic-policy shaper 15m class 2 match dns ip source port '53'
set traffic-policy shaper 15m class 2 match http ip protocol 'tcp'
set traffic-policy shaper 15m class 2 match http ip source port '80'
set traffic-policy shaper 15m class 2 match pop3 ip protocol 'tcp'
set traffic-policy shaper 15m class 2 match pop3 ip source port '110'
set traffic-policy shaper 15m class 2 match https ip protocol 'tcp'
set traffic-policy shaper 15m class 2 match https ip source port '443'
set traffic-policy shaper 15m class 2 queue-type 'fair-queue'
set traffic-policy shaper 15m default bandwidth '20%'
set traffic-policy shaper 15m default ceiling 100%
set traffic-policy shaper 15m default queue-type 'fair-queue'
commit
set interfaces ethernet eth0 traffic-policy out '15m'
set interfaces wireless wlan0 traffic-policy out '5m'
commit
Note Wireless work well as kernel 2.6.32 last or used lasted vyatta iso file
Subscribe to:
Posts (Atom)