print("Script Started ...\n");
use strict;
use DBI;
my $ds = "dbi:mysql:snort";
my $db_user = "idsuser";
my $db_pass = "idspasswd1";
my $db = DBI->connect($ds, $db_user, $db_pass) or die $DBI::errstr;
print("\n Script Execution Completed ..\n");
Click to Download
Thursday, December 30, 2010
IBM DB2 Database Transaction Logs full
This can be solved by increasing the Database Transaction Logs size.
Log file size (4KB) (LOGFILSIZ) = 1000
Number of primary log files (LOGPRIMARY) = 3
Number of secondary log files (LOGSECOND) = 2
db2 update db cfg for databaseName using LOGFILSIZ 5000
DB20000I The UPDATE DATABASE CONFIGURATION command completed successfully.
DB21026I For most configuration parameters, all applications must disconnect
from this database before the changes become effective.
Log file size (4KB) (LOGFILSIZ) = 5000
Number of primary log files (LOGPRIMARY) = 3
Number of secondary log files (LOGSECOND) = 2
Log file size (4KB) (LOGFILSIZ) = 1000
Number of primary log files (LOGPRIMARY) = 3
Number of secondary log files (LOGSECOND) = 2
db2 update db cfg for databaseName using LOGFILSIZ 5000
DB20000I The UPDATE DATABASE CONFIGURATION command completed successfully.
DB21026I For most configuration parameters, all applications must disconnect
from this database before the changes become effective.
Log file size (4KB) (LOGFILSIZ) = 5000
Number of primary log files (LOGPRIMARY) = 3
Number of secondary log files (LOGSECOND) = 2
Perl scripts for cleaning snort database
#!/usr/bin/perl -w
#----------------------------------------
# name: snort_db_cleanup.pl
# description: script to cleanup snort/acid db (only tested w/mysql)
# goal: allows you to schedule db cleanup without using php frontend
# usage: snort_db_cleanup.pl "StartDate" "EndDate"
#----------------------------------------
print("Script Started ...\n");
use strict;
use DBI;
my $ds = "dbi:mysql:snort";
my $db_user = "idsuser";
my $db_pass = "idspasswd";
my $db = DBI->connect($ds, $db_user, $db_pass) or die $DBI::errstr;
my ($cid,$sid,$sql,$time_select,$exec_time_select);
my
($event,$iphdr,$tcphdr,$udphdr,$icmphdr,$opt,$data,$acid_ag_alert,$acid_event);
my
($exec_event,$exec_iphdr,$exec_tcphdr,$exec_udphdr,$exec_icmphdr,$exec_opt,$exec_data,$exec_acid_ag_alert,$exec_acid_event);
my %timeframe;
$timeframe{start} = $ARGV[0];
$timeframe{finish} = $ARGV[1];
chomp $timeframe{start};
chomp $timeframe{finish};
$time_select = "select sid,cid from event where timestamp >= '$timeframe{start}' and timestamp <= '$timeframe{finish}'";
$exec_time_select = $db->prepare($time_select);
$exec_time_select->execute();
$exec_time_select->bind_columns(undef,\$sid,\$cid);
while ($exec_time_select->fetch) {
$event = "delete from event where sid='$sid' and cid='$cid'";
$iphdr = "delete from iphdr where sid='$sid' and cid='$cid'";
$tcphdr = "delete from tcphdr where sid='$sid' and cid='$cid'";
$udphdr = "delete from udphdr where sid='$sid' and cid='$cid'";
$icmphdr = "delete from icmphdr where sid='$sid' and cid='$cid'";
$opt = "delete from opt where sid='$sid' and cid='$cid'";
$data = "delete from data where sid='$sid' and cid='$cid'";
$acid_ag_alert = "delete from acid_ag_alert where ag_sid='$sid' and ag_cid='$cid'";
$acid_event = "delete from acid_event where sid='$sid' and cid='$cid'";
$exec_event = $db->prepare($event);
$exec_iphdr = $db->prepare($iphdr);
$exec_tcphdr = $db->prepare($tcphdr);
$exec_udphdr = $db->prepare($udphdr);
$exec_icmphdr = $db->prepare($icmphdr);
$exec_opt = $db->prepare($opt);
$exec_data = $db->prepare($data);
$exec_acid_ag_alert = $db->prepare($acid_ag_alert);
$exec_acid_event = $db->prepare($acid_event);
$exec_event->execute();
$exec_iphdr->execute();
$exec_tcphdr->execute();
$exec_udphdr->execute();
$exec_icmphdr->execute();
$exec_opt->execute();
$exec_data->execute();
$exec_acid_ag_alert->execute();
$exec_acid_event->execute();
$exec_event->finish();
$exec_iphdr->finish();
$exec_tcphdr->finish();
$exec_udphdr->finish();
$exec_icmphdr->finish();
$exec_opt->finish();
$exec_data->finish();
$exec_acid_ag_alert->finish();
}
$exec_time_select->finish;
print("\n Script Execution Completed ..\n");
Click Here to Download
#----------------------------------------
# name: snort_db_cleanup.pl
# description: script to cleanup snort/acid db (only tested w/mysql)
# goal: allows you to schedule db cleanup without using php frontend
# usage: snort_db_cleanup.pl "StartDate" "EndDate"
#----------------------------------------
print("Script Started ...\n");
use strict;
use DBI;
my $ds = "dbi:mysql:snort";
my $db_user = "idsuser";
my $db_pass = "idspasswd";
my $db = DBI->connect($ds, $db_user, $db_pass) or die $DBI::errstr;
my ($cid,$sid,$sql,$time_select,$exec_time_select);
my
($event,$iphdr,$tcphdr,$udphdr,$icmphdr,$opt,$data,$acid_ag_alert,$acid_event);
my
($exec_event,$exec_iphdr,$exec_tcphdr,$exec_udphdr,$exec_icmphdr,$exec_opt,$exec_data,$exec_acid_ag_alert,$exec_acid_event);
my %timeframe;
$timeframe{start} = $ARGV[0];
$timeframe{finish} = $ARGV[1];
chomp $timeframe{start};
chomp $timeframe{finish};
$time_select = "select sid,cid from event where timestamp >= '$timeframe{start}' and timestamp <= '$timeframe{finish}'";
$exec_time_select = $db->prepare($time_select);
$exec_time_select->execute();
$exec_time_select->bind_columns(undef,\$sid,\$cid);
while ($exec_time_select->fetch) {
$event = "delete from event where sid='$sid' and cid='$cid'";
$iphdr = "delete from iphdr where sid='$sid' and cid='$cid'";
$tcphdr = "delete from tcphdr where sid='$sid' and cid='$cid'";
$udphdr = "delete from udphdr where sid='$sid' and cid='$cid'";
$icmphdr = "delete from icmphdr where sid='$sid' and cid='$cid'";
$opt = "delete from opt where sid='$sid' and cid='$cid'";
$data = "delete from data where sid='$sid' and cid='$cid'";
$acid_ag_alert = "delete from acid_ag_alert where ag_sid='$sid' and ag_cid='$cid'";
$acid_event = "delete from acid_event where sid='$sid' and cid='$cid'";
$exec_event = $db->prepare($event);
$exec_iphdr = $db->prepare($iphdr);
$exec_tcphdr = $db->prepare($tcphdr);
$exec_udphdr = $db->prepare($udphdr);
$exec_icmphdr = $db->prepare($icmphdr);
$exec_opt = $db->prepare($opt);
$exec_data = $db->prepare($data);
$exec_acid_ag_alert = $db->prepare($acid_ag_alert);
$exec_acid_event = $db->prepare($acid_event);
$exec_event->execute();
$exec_iphdr->execute();
$exec_tcphdr->execute();
$exec_udphdr->execute();
$exec_icmphdr->execute();
$exec_opt->execute();
$exec_data->execute();
$exec_acid_ag_alert->execute();
$exec_acid_event->execute();
$exec_event->finish();
$exec_iphdr->finish();
$exec_tcphdr->finish();
$exec_udphdr->finish();
$exec_icmphdr->finish();
$exec_opt->finish();
$exec_data->finish();
$exec_acid_ag_alert->finish();
}
$exec_time_select->finish;
print("\n Script Execution Completed ..\n");
Click Here to Download
Perl scripts to automate MySQL Backup
it requires simple modifications like Folder Path Details / user & database details and we can schedule this on need basis.
#!/usr/bin/perl
($Second, $Minute, $Hour, $Day, $Month, $Year, $WeekDay, $DayOfYear, $IsDST) = localtime(time) ;
$Year += 1900 ; $Month += 1;
$dt = sprintf("%02d-%02d-%04d-%02d-%02d-%02d",$Day , $Month, $Year, $Hour, $Minute, $Second,) ;
exec "mysqldump -u UserName -pPassword DatabaseName | gzip > FilePath\\$dt.gz";
Click to Download
#!/usr/bin/perl
($Second, $Minute, $Hour, $Day, $Month, $Year, $WeekDay, $DayOfYear, $IsDST) = localtime(time) ;
$Year += 1900 ; $Month += 1;
$dt = sprintf("%02d-%02d-%04d-%02d-%02d-%02d",$Day , $Month, $Year, $Hour, $Minute, $Second,) ;
exec "mysqldump -u UserName -pPassword DatabaseName | gzip > FilePath\\$dt.gz";
Click to Download
Tuesday, December 28, 2010
WebSphere 6.0 - DataSource java.sql.SQLException: java.lang.UnsupportedClassVersion
While creating MySQL JDBC Data source for WebSphere 6.0 the database connection is failing with the error of DataSource java.sql.SQLException: java.lang.UnsupportedClassVersion. Unsupported major.minor version 49.0
This is b'cos datasource is created with the mysql-connector-java-5.1.14 instead of this try the lower version connector for establishing connection with MySQL database and it is mysql-connector-java-3.1.6-bin.jar
after creating the datasource websphere application server must be restarted to load the newly loaded connecters.
This is b'cos datasource is created with the mysql-connector-java-5.1.14 instead of this try the lower version connector for establishing connection with MySQL database and it is mysql-connector-java-3.1.6-bin.jar
after creating the datasource websphere application server must be restarted to load the newly loaded connecters.
Sunday, December 26, 2010
Default Server Not getting install with WebSphere 4.0.4
With the default installation of WebSphere Application Server 4.0.1 there is a table which is not being created due to some Constraints of Database and this is the reason that the Default Server is not getting installed for the default server Node. Therefor create this table manually and then Restart the Server from services.
CREATE TABLE INC (
PRIMARYKEY VARCHAR2 (64) NOT NULL,
THEVALUE INTEGER,
PRIMARY KEY ( PRIMARYKEY ) )
CREATE TABLE INC (
PRIMARYKEY VARCHAR2 (64) NOT NULL,
THEVALUE INTEGER,
PRIMARY KEY ( PRIMARYKEY ) )
Error While starting gsk7 of WAS 5.1 Start Key Management Utility
Error While starting gsk7 of WAS 5.1 Start Key Management Utility
Starting the IBM Key Management application an error occurs
stating the following:
"The Java Cryptographic Extension(JCE) files were not found.
Please check that the JCE files have been installed in the correct
directory"/
Web Solution
The Global Security Kit environment needs to be prepared to
work properly.
1. Open up a Command Prompt window
2. cd %JAVA_HOME%\lib\ext
3. copy ..\..\..\..\GSK7\classes\jre\lib\ext\*.jar
4. del ibmjcaprovider.jar
5. cd ..\security
6. copy ..\..\..\..\GSK7\classes\gsk_java.security java.security
7. Select 'YES' to overwrite the files
8. Start the gsk7ikm application.
you can try the below one also.
From GSK 7 folder structure copy this
D:\Program Files\ibm\gsk7\classes\jre\lib\ext\ibmpkcs.jar
D:\Program Files\ibm\gsk7\classes\jre\lib\ext\ibmjceprovider.jar
to JavaHome D:\j2sdk1.4.2_03\jre\lib\ext
Register its entry into the java.security OF javaHome by adding these below code to
your java.security file.
security.provider.6=com.ibm.spi.IBMCMSProvider
security.provider.7=com.ibm.crypto.provider.IBMJCE
policy.url.2=file:${java.home}/lib/security/java.pol
Starting the IBM Key Management application an error occurs
stating the following:
"The Java Cryptographic Extension(JCE) files were not found.
Please check that the JCE files have been installed in the correct
directory"/
Web Solution
The Global Security Kit environment needs to be prepared to
work properly.
1. Open up a Command Prompt window
2. cd %JAVA_HOME%\lib\ext
3. copy ..\..\..\..\GSK7\classes\jre\lib\ext\*.jar
4. del ibmjcaprovider.jar
5. cd ..\security
6. copy ..\..\..\..\GSK7\classes\gsk_java.security java.security
7. Select 'YES' to overwrite the files
8. Start the gsk7ikm application.
you can try the below one also.
From GSK 7 folder structure copy this
D:\Program Files\ibm\gsk7\classes\jre\lib\ext\ibmpkcs.jar
D:\Program Files\ibm\gsk7\classes\jre\lib\ext\ibmjceprovider.jar
to JavaHome D:\j2sdk1.4.2_03\jre\lib\ext
Register its entry into the java.security OF javaHome by adding these below code to
your java.security file.
security.provider.6=com.ibm.spi.IBMCMSProvider
security.provider.7=com.ibm.crypto.provider.IBMJCE
policy.url.2=file:${java.home}/lib/security/java.pol
Saturday, December 25, 2010
IDS Policy manager Config
Procedure for Deployment of IDS Policy Manager for Centrally managing Snort sensor.
1). Set the Update locations of the policy/rule file
2). Create Policy for the IDS Sensors.below screen shows 2 Snort IDS Policies are created for managing 2 different Sensors.Intialize the Created Policy with the Base Config file Snort.conf and the latest downloaded rules tar file.
Separate Policies are assigned for each Sensors.
Same Policy is assigned for each Sensors.
After this upload settings must be configured to upload the latest rules/snort.conf and for this FTP port 21 must be enabled from this central server to the IDS Sensor. and DOS script is also required locally to manage the stop/start of the sensor.
Once the policies are updated successfully the Snort IDS Sensor needs to be restarted.
Thursday, December 23, 2010
WebSphere Commerce Server - Softwares Summary
Softwares Summary for WebSphere Commerce Server
1).Database Server Oracle 9.2.0.7.0 OR 10g
2).WCS ND 6.0.25
3).WCS Commerece Installer
4).6.0.1.3 FixPack Updator
5).FixPack-1
6).Feature Pack-1
7).6.0.1.4 Update Installer
8).FixPack-2
9).Appserver Updator from 6.0.2.5 to 6.0.2.15
10).Feature Pack -2
1).Database Server Oracle 9.2.0.7.0 OR 10g
2).WCS ND 6.0.25
3).WCS Commerece Installer
4).6.0.1.3 FixPack Updator
5).FixPack-1
6).Feature Pack-1
7).6.0.1.4 Update Installer
8).FixPack-2
9).Appserver Updator from 6.0.2.5 to 6.0.2.15
10).Feature Pack -2
WebSphere Commerce Server 6.0 IBM Gift Center For Consumer Direct Store
IBM Gift Center for WebSphere Commerce, an optional feature, can be installed only on WebSphere Commerce Enterprise or WebSphere Commerce Professional, not WebSphere Commerce Express.and for this we need to publish the basic sar files like ConsumerDirect starter store.
http://hostname/webapp/wcs/stores/servlet/ConsumerDirect/index.jsp
Download and save the GiftCenterConsumerDirect.sar file to the sar directory but before that GiftCenter feature must be enable and it can be done by running config_ant.bat as shown below.
config_ant.bat -buildfile C:\IBM\WebSphere\CommerceServer60\components\GiftCenter\xml\enableGiftCenterForServer.xml -DinstanceName=wcs -DfeatureName=GiftCenter -DdbUserPassword=Password
Once this is Done successfully then Download GiftCenterConsumerDirect.sar.zip from the IBM WebSite and Rename it to GiftCenterConsumerDirect.sar and place this under C:\IBM\WebSphere\CommerceServer60\instances\wcs\sar
Now publish the above sar as shown below.
Before Publishing Read the Above instruction carefully and then go ahead.
http://hostname/webapp/wcs/stores/servlet/ConsumerDirect/index.jsp
Download and save the GiftCenterConsumerDirect.sar file to the sar directory but before that GiftCenter feature must be enable and it can be done by running config_ant.bat as shown below.
config_ant.bat -buildfile C:\IBM\WebSphere\CommerceServer60\components\GiftCenter\xml\enableGiftCenterForServer.xml -DinstanceName=wcs -DfeatureName=GiftCenter -DdbUserPassword=Password
Once this is Done successfully then Download GiftCenterConsumerDirect.sar.zip from the IBM WebSite and Rename it to GiftCenterConsumerDirect.sar and place this under C:\IBM\WebSphere\CommerceServer60\instances\wcs\sar
Now publish the above sar as shown below.
Before Publishing Read the Above instruction carefully and then go ahead.
Install SSL Certificate on IBM Http Server
Before installing the SSL certificate, install both of these CA certificates into your key store. Follow the instructions in 'Storing a CA certificate' below.
If the authority who issues the SSL certificate is not a trusted CA in the key database, you must first store the CA certificate and designate the CA as a trusted CA. Then you can import the CA-signed SSL certificate into the key database. You cannot import a CA-signed SSL certificate from a CA who is not a trusted CA in the key database. For instructions see 'Storing a CA certificate' below.
Storing a CA Certificate:
1. Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
2. Select Key Database File from the main User Interface, select Open.
3. In the Open dialog box, select your key database name. Click OK.
4. In the Password Prompt dialog box, enter your password and click OK.
5. Select Signer Certificates in the Key Database content frame, click the Add button.
6. In the Add CA Certificate from a File dialog box, select the certificate to add or use the Browse option to locate the certificate. Click OK.
7. In the Label dialog box, enter a label name and click OK.
Import the CA-signed SSL certificate into a key database:
1. Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
2. Select Key Database File from the main User Interface, select Open.
3. In the Open dialog box, select your key database name. Click OK.
4. In the Password Prompt dialog box, enter your password, click OK.
5. Select Personal Certificates in the Key Database content frame and then click the Receive button.
6. In the Receive Certificate from a File dialog box, select the certificate file. Click OK.
If the authority who issues the SSL certificate is not a trusted CA in the key database, you must first store the CA certificate and designate the CA as a trusted CA. Then you can import the CA-signed SSL certificate into the key database. You cannot import a CA-signed SSL certificate from a CA who is not a trusted CA in the key database. For instructions see 'Storing a CA certificate' below.
Storing a CA Certificate:
1. Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
2. Select Key Database File from the main User Interface, select Open.
3. In the Open dialog box, select your key database name. Click OK.
4. In the Password Prompt dialog box, enter your password and click OK.
5. Select Signer Certificates in the Key Database content frame, click the Add button.
6. In the Add CA Certificate from a File dialog box, select the certificate to add or use the Browse option to locate the certificate. Click OK.
7. In the Label dialog box, enter a label name and click OK.
Import the CA-signed SSL certificate into a key database:
1. Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
2. Select Key Database File from the main User Interface, select Open.
3. In the Open dialog box, select your key database name. Click OK.
4. In the Password Prompt dialog box, enter your password, click OK.
5. Select Personal Certificates in the Key Database content frame and then click the Receive button.
6. In the Receive Certificate from a File dialog box, select the certificate file. Click OK.
Tuesday, December 21, 2010
Snort is not logging data to Database while running as Service.
The very important point in the troubleshooting of snort is always prefer to start it with the command line parameters b'cos when you are starting it with the command lines it will display the complete trace of the commands in which we can figure out like the Ethernet Details if more then 1 ethernet cards are available on the server.
Snort as service is pointing a particular Ethernet and when u are explicitly defining in start commands you may be giving a different Ethernet details so, this is the root cause that why your snort is not logging into the database when running snort as windows/linux service
this can be verified by using the comand line params as shown below and try to run the snort also thro' the service and findout the difference.in my case the correct interface id is 1 and this can be verified by using below commands.
Check available Ethernet Cards
snort -W
Start snort in Verbose logging mode
snort -v -i1 -c D:\snort\etc\snort.conf -l D:\snort\log -K ascii
Installing / Uninstalling Snort as windows service
snort /SERVICE /INSTALL -i1 -c D:\snort\etc\snort.conf -l D:\snort\log -K ascii
Snort as service is pointing a particular Ethernet and when u are explicitly defining in start commands you may be giving a different Ethernet details so, this is the root cause that why your snort is not logging into the database when running snort as windows/linux service
this can be verified by using the comand line params as shown below and try to run the snort also thro' the service and findout the difference.in my case the correct interface id is 1 and this can be verified by using below commands.
Check available Ethernet Cards
snort -W
Start snort in Verbose logging mode
snort -v -i1 -c D:\snort\etc\snort.conf -l D:\snort\log -K ascii
Installing / Uninstalling Snort as windows service
snort /SERVICE /INSTALL -i1 -c D:\snort\etc\snort.conf -l D:\snort\log -K ascii
Download Documents
Configuring Microsoft Internet Information Services (IIS) with Apache Tomcat Server
Configuring IIS with Multiple Tomcat Instances Running on the Same Server
Configuring Microsoft Internet Information Services (IIS) with IBM WebSphere
Configuring SSL in Tomcat, WebSphere, Weblogic
Configure IHS 6.1 with SSL and WebSphere Application Server 6.1
Configuring Microsoft Internet Information Services (IIS) with Apache Tomcat Server
MySQL DB Connection Check Perl Script
MySQL Database Backup Scheduler.
WebSphere WSADMIN CMD Usage
WebSphere Console Security Implementation
access Link was http://localhost:9060/ibm/console
Enabling Global Security for WAS IBM Console
Before this copy of these files are taken sothat we can revert back.
select GlobalSecurity
goto LocalOS Tab enter valid system user/pass and save will change the foll file
cells / wwwCell01 / security.xml
SuccessMessage:-
The settings on this panel are not validated until this registry is selected as the Active user registry on the Global Security panel and security is enabled.
Still not asking for the Password
hence goto general tab of global security and check Enable Global Security and with that Enforce Java2 security is by default get checked.
Active User Registry must be local OS
Error Note:-The Lightweight Third Party Authentication (LTPA) password is not set. Validation failed.
hence password this also set as same as local os Password Administrator/Password
Changes Done to :- cells / wwwCell01 / security.xml
After All these Changes u will hav to Restart the DManager for the changes to take effect.
Now after Enabling the Security the Access Link is
https://localhost:9043/ibm/console/logon.jsp
Tested all the activity like Server 1 Started ok and working fine.
Enabling Global Security for WAS IBM Console
Before this copy of these files are taken sothat we can revert back.
select GlobalSecurity
goto LocalOS Tab enter valid system user/pass and save will change the foll file
cells / wwwCell01 / security.xml
SuccessMessage:-
The settings on this panel are not validated until this registry is selected as the Active user registry on the Global Security panel and security is enabled.
Still not asking for the Password
hence goto general tab of global security and check Enable Global Security and with that Enforce Java2 security is by default get checked.
Active User Registry must be local OS
Error Note:-The Lightweight Third Party Authentication (LTPA) password is not set. Validation failed.
hence password this also set as same as local os Password Administrator/Password
Changes Done to :- cells / wwwCell01 / security.xml
After All these Changes u will hav to Restart the DManager for the changes to take effect.
Now after Enabling the Security the Access Link is
https://localhost:9043/ibm/console/logon.jsp
Tested all the activity like Server 1 Started ok and working fine.
MSSQL Mixed Mode Authentication Enable MODE
The best way to enable is to set this at the time of installation, the other way is to modify the registry for the same.
For SQL Server 2005 Express Edition, there is not GUI tool available to configure the server. You need to go it manually. The first step is to change the login-mode.
Open registry editor and go to HKLM\Software\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer
On the right, look for an entry named LoginMode. The default value, when installed is 1. Update it to 2.
The next step is to restart the service and login.
For SQL Server 2005 Express Edition, there is not GUI tool available to configure the server. You need to go it manually. The first step is to change the login-mode.
Open registry editor and go to HKLM\Software\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer
On the right, look for an entry named LoginMode. The default value, when installed is 1. Update it to 2.
The next step is to restart the service and login.
Thursday, December 16, 2010
Internet Information Server returns IP address in HTTP header
Note:- This procedure is applicable to IIS6 Only It is tested, but test in Test Environment B4 going on to Prod Server.set the name that you want to display it can be PublicIP/AnySiteName by using the Param SetHostName as shown below, with the command results.
CMD:cscript.exe adsutil.vbs set w3svc/1/SetHostName www.MyTestSite.com
CMD:-Results are mentioned below
Above results can be cross checked or verified by using either HTTP HEAD Params or directly by trying the below script, and belive me it will not reveil the Server Private IP thro/over the Internet
No need to stop start the IIS Server also.
CMD:-cscript adsutil.vbs enum /w3svc/1
CMD:-Results are mentioned below
The other useful info is like /w3svc/1 where 1 is the siteid and if more then 1 site are deployed on to your server then by appending that siteid details about the same can be viewed.
Here 1 is the SiteID for the Default web site for Windows IIS server.
CMD:- cscript adsutil.vbs enum w3svc/SiteID
And apart from all this stuff the simplest way to hide your server information thro' the Http Header is to stop the Default WebSite or Do Not Host your website with the Default Site always create a new site with minimal requirements.
CMD:cscript.exe adsutil.vbs set w3svc/1/SetHostName www.MyTestSite.com
CMD:-Results are mentioned below
Above results can be cross checked or verified by using either HTTP HEAD Params or directly by trying the below script, and belive me it will not reveil the Server Private IP thro/over the Internet
No need to stop start the IIS Server also.
CMD:-cscript adsutil.vbs enum /w3svc/1
CMD:-Results are mentioned below
The other useful info is like /w3svc/1 where 1 is the siteid and if more then 1 site are deployed on to your server then by appending that siteid details about the same can be viewed.
Here 1 is the SiteID for the Default web site for Windows IIS server.
CMD:- cscript adsutil.vbs enum w3svc/SiteID
And apart from all this stuff the simplest way to hide your server information thro' the Http Header is to stop the Default WebSite or Do Not Host your website with the Default Site always create a new site with minimal requirements.
Server certificate rejected by ChainVerifier (SSL Error with TIBCO BW 5.3)
An IOException was thrown while trying to execute the Http method caused by: java.io.IOException: Failed to create secure client socket: Server certificate rejected by ChainVerifier
Simple Steps to make your TOMCAT Run on HTTPS using KEYTOOL utility
1). keytool -genkey -alias www.mytest.com -keyalg RSA -keysize 2048 -keystore www_mytest_com.jks
2). keytool -certreq -alias www.mytest.com -file www_mytest_com.csr -keystore www_mytest_com.jks
3). keytool -import -trustcacerts -alias www.mytest.com -file D:\www_mytest_com.p7b -keystore www_mytest_com.jks
This will install Certificate and the Root Certificate associated with the same., sometimes this will not work and in that case try the below steps.
3.1). keytool -import -alias www.mytest.com -file D:\www_mytest_com.cer -keystore www_mytest_com.jks
3.2). keytool -import -trustcacerts -file D:\www_mytest_com_root.cer -keystore www_mytest_com.jks
4). Modify server.xml and Restart TOMCAT SERVER
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" keyAlias="www.mytest.com"
keystoreFile="C:\Program Files\Java\jre6\bin\www_mytest_com.jks"
keypass="changeit"/>
**Note: By default Tomcat will look for your Keystore with the file name .keystore in the home directory with the default password changeit. The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems
**TIBCO Admin Console needs certificate in PEM format and here is the method to export your CERT into PEM
exportcert - This option is available with JRE-1.6 if u r using JRE-1.5 then simply try export option and it will export the cert into the PEM format.
keytool -exportcert -alias www.mytest.com -keypass changeit -keystore www_mytest_com.jks -rfc -file keytool_www_mytest_com.pem -storepass changeit
Useful links @ Tibco SSL Certificates
http://www.tibcommunity.com/docs/DOC-2178
http://www.tibcommunity.com/docs/DOC-2195
1). keytool -genkey -alias www.mytest.com -keyalg RSA -keysize 2048 -keystore www_mytest_com.jks
2). keytool -certreq -alias www.mytest.com -file www_mytest_com.csr -keystore www_mytest_com.jks
3). keytool -import -trustcacerts -alias www.mytest.com -file D:\www_mytest_com.p7b -keystore www_mytest_com.jks
This will install Certificate and the Root Certificate associated with the same., sometimes this will not work and in that case try the below steps.
3.1). keytool -import -alias www.mytest.com -file D:\www_mytest_com.cer -keystore www_mytest_com.jks
3.2). keytool -import -trustcacerts -file D:\www_mytest_com_root.cer -keystore www_mytest_com.jks
4). Modify server.xml and Restart TOMCAT SERVER
<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" keyAlias="www.mytest.com"
keystoreFile="C:\Program Files\Java\jre6\bin\www_mytest_com.jks"
keypass="changeit"/>
**Note: By default Tomcat will look for your Keystore with the file name .keystore in the home directory with the default password changeit. The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems
**TIBCO Admin Console needs certificate in PEM format and here is the method to export your CERT into PEM
exportcert - This option is available with JRE-1.6 if u r using JRE-1.5 then simply try export option and it will export the cert into the PEM format.
keytool -exportcert -alias www.mytest.com -keypass changeit -keystore www_mytest_com.jks -rfc -file keytool_www_mytest_com.pem -storepass changeit
Useful links @ Tibco SSL Certificates
http://www.tibcommunity.com/docs/DOC-2178
http://www.tibcommunity.com/docs/DOC-2195
Saturday, December 11, 2010
Synchronise IHS server logs with the System Date
Some Web servers do log file rotation, where the Web server creates a new log file after a specified period without restarting. New file names are autogenerated so they don't clash with existing files. On most systems, Web servers generate new log files every 24 hours. With a log file rotation, you can adopt an archiving
system, such as putting the log files on tape once a week, then freeing up space on the Web server.
Provide one more Parameter with the TIMEFACTOR and that is offset in our case this is 330 as our TimeZone is GMT +5:30 and OFFSET time
calculation is like 5*60 = 300 and plus 30 for the 5:30 this will rotate exactly at the system date changeover.
all this is depends upon the TIME ZONE used by the servers, in the above case i have calculated it as standard time zone for india it is GMT +5:30 and accordingly our IBM Http Server needs to be configured for loggings, virtual host directives must be modified for this its mentioned below.
<VirtualHost www.MyTestSite.com>
DocumentRoot "D:\IHS\htdocs\MyTestSite"
ServerName www.MyTestSite.com
ErrorLog "|rotatelogs logs/site_1/error_%d%m%Y.log 86400 330"
CustomLog "|rotatelogs logs/site_1/access_%d%m%Y.log 86400 330" combined
</VirtualHost>
system, such as putting the log files on tape once a week, then freeing up space on the Web server.
Provide one more Parameter with the TIMEFACTOR and that is offset in our case this is 330 as our TimeZone is GMT +5:30 and OFFSET time
calculation is like 5*60 = 300 and plus 30 for the 5:30 this will rotate exactly at the system date changeover.
all this is depends upon the TIME ZONE used by the servers, in the above case i have calculated it as standard time zone for india it is GMT +5:30 and accordingly our IBM Http Server needs to be configured for loggings, virtual host directives must be modified for this its mentioned below.
<VirtualHost www.MyTestSite.com>
DocumentRoot "D:\IHS\htdocs\MyTestSite"
ServerName www.MyTestSite.com
ErrorLog "|rotatelogs logs/site_1/error_%d%m%Y.log 86400 330"
CustomLog "|rotatelogs logs/site_1/access_%d%m%Y.log 86400 330" combined
</VirtualHost>
IHS Server operations
Some IHS Server operations are listed here i know it is not difficult to manage with help utility but for easy reference its given here.
Start/Stop your server thro' the command lne params.
apache -k start -f "D:\IBM\IBM HTTP Server\conf\httpd.conf"
apache -k stop -f "D:\IBM\IBM HTTP Server\conf\httpd.conf"
This will install the Apache services as windows nt service
apache -k install -n "IHS_1" -f "D:\IBM\IBM HTTP Server\conf\httpd.conf"
apache -k install -n "IHS_2" -f "D:\IBM\IBM HTTP Server\conf\httpd2.conf"
Note: Provide different log file names and different PID files to run both the servers simultaneously on to a single windows server.
Start/Stop your server thro' the command lne params.
apache -k start -f "D:\IBM\IBM HTTP Server\conf\httpd.conf"
apache -k stop -f "D:\IBM\IBM HTTP Server\conf\httpd.conf"
This will install the Apache services as windows nt service
apache -k install -n "IHS_1" -f "D:\IBM\IBM HTTP Server\conf\httpd.conf"
apache -k install -n "IHS_2" -f "D:\IBM\IBM HTTP Server\conf\httpd2.conf"
Note: Provide different log file names and different PID files to run both the servers simultaneously on to a single windows server.
Configure IIS with Multiple Tomcat Instances
Configuring IIS 6.0 with Multiple Tomcat 5.5 server instances is described best in the document uploaded here.its about the IIS and more than 1 tomcat server on to the single windows 2003 server.
Click to Download the Document.
Click to Download the Document.
Tomcat LoadBalancing
For this you need a webapp called balancer using this you can do this.
Sample Configuration
The default balancer installation uses a single filter, BalancerFilter, mapped to all requests (url-pattern /*). The filter reads its rules from the location specified in the balancer deployment descriptor (web.xml file). The default rules are:
Redirect requests with News in the URL to http://www.site1.com/
Redirect requests with a parameter named paramName whose value is paramValue to http://www.site2.com/.
Redirect all other requests to jakarta.apache.org.
Therefore, when you install tomcat, start it, and point your browser to http://localhost:8080/balancer, you will be redirected to http://jakarta.apache.org/. If you point your browser to http://localhost:8080/balancer/News you will be redirected to http://www.site1.com/. The request for http://localhost:8080/balancer/BlahBlah?paramName=paramValue will be redirected to http://www.site2.com/.
Balancer Rules
A Rule in the balancer system is a combination of a request matching criterion and a redirection URL for matching requests. Rules implement the org.apache.webapp.balancer.Rule interface.
The balancer distribution contains a number of useful rules. The framework is also designed for easy extensibility so that you can write your own rules quickly. Rules should be JavaBeans (public no-args constructor, public setter method setXXX for property xxx), as they are instantiated by Jakarta Commons Digester. Feel free to inquire on the tomcat-user mailing list regarding the availability of rules or the inclusion of your rules in the distribution.
Rules are assembled into RuleChains. Each BalancerFilter (or Servlet/JSP) refers to one RuleChain when making its redirection decisions. Note that you are not restricted to having one filter mapped to /* as done in the sample configuration. You can configure as many filters as desired, using the full filter mapping possibilities defined in the Servlet Specification. Each filter will have its own RuleChain
How it Works
You write a rules configuration file containing various rules and redirection locations.
You define the balancer filter in your web.xml, mapping it as desired (/* is a common use-case) and configuring it with your rules configuration file.
The server is started, initializing the filter.
A request comes into the server. The filter consults its rule chain to determine where to redirect the request. Rules are consulted in the order in which they are defined in the rules configuration file. The first matching rule will stop the evaluation and cause the request to be redirected.
Sample Configuration
The default balancer installation uses a single filter, BalancerFilter, mapped to all requests (url-pattern /*). The filter reads its rules from the location specified in the balancer deployment descriptor (web.xml file). The default rules are:
Redirect requests with News in the URL to http://www.site1.com/
Redirect requests with a parameter named paramName whose value is paramValue to http://www.site2.com/.
Redirect all other requests to jakarta.apache.org.
Therefore, when you install tomcat, start it, and point your browser to http://localhost:8080/balancer, you will be redirected to http://jakarta.apache.org/. If you point your browser to http://localhost:8080/balancer/News you will be redirected to http://www.site1.com/. The request for http://localhost:8080/balancer/BlahBlah?paramName=paramValue will be redirected to http://www.site2.com/.
Balancer Rules
A Rule in the balancer system is a combination of a request matching criterion and a redirection URL for matching requests. Rules implement the org.apache.webapp.balancer.Rule interface.
The balancer distribution contains a number of useful rules. The framework is also designed for easy extensibility so that you can write your own rules quickly. Rules should be JavaBeans (public no-args constructor, public setter method setXXX for property xxx), as they are instantiated by Jakarta Commons Digester. Feel free to inquire on the tomcat-user mailing list regarding the availability of rules or the inclusion of your rules in the distribution.
Rules are assembled into RuleChains. Each BalancerFilter (or Servlet/JSP) refers to one RuleChain when making its redirection decisions. Note that you are not restricted to having one filter mapped to /* as done in the sample configuration. You can configure as many filters as desired, using the full filter mapping possibilities defined in the Servlet Specification. Each filter will have its own RuleChain
How it Works
You write a rules configuration file containing various rules and redirection locations.
You define the balancer filter in your web.xml, mapping it as desired (/* is a common use-case) and configuring it with your rules configuration file.
The server is started, initializing the filter.
A request comes into the server. The filter consults its rule chain to determine where to redirect the request. Rules are consulted in the order in which they are defined in the rules configuration file. The first matching rule will stop the evaluation and cause the request to be redirected.
Setting up of Tomcat Heap Size in versions like 4.0
Earlier Version of Tomcat Like 4.*.* there is no GUI to set the JVM Heap Size in such cases u can set the Java Heap Size in following way
Set one variable in your System Enviornment as
VariableName:->JAVA_OPTS
VariableValue:-> -Xms64m -Xmx128m
This will solve ur heap size issue
If you r using catalina_home then u must define as CATALINE_OPTS as the above value....
Set one variable in your System Enviornment as
VariableName:->JAVA_OPTS
VariableValue:-> -Xms64m -Xmx128m
This will solve ur heap size issue
If you r using catalina_home then u must define as CATALINE_OPTS as the above value....
Apache Tomcat as windows service
below command will create a Tomcat Server as windows service if you are not installing it thro the binarys.
SC create tomcatRN binpath= D:\apache-tomcat-5.5.16\bin\startup.bat DisplayName= Tomcat_5050
[SC] CreateService SUCCESS
SC create tomcatRN binpath= D:\apache-tomcat-5.5.16\bin\startup.bat DisplayName= Tomcat_5050
[SC] CreateService SUCCESS
Thursday, December 2, 2010
MySQL Database Optimization
This is specially tested with Snort IDS Database
Select your database and then issue the command below, where 'mytablename' is the name of the table you want to query
show table status like 'mytablename'\G
You can omit the "like 'mytablename'" part and then it will show this information for all tables.
However if you have a lot of tables and there's only one or two you want to examine then it's better to specify the particular table.
You can end you query with either ; or \G. I prefer \G for this particular query because it shows each column from the resultset on a new line,
whereas ; will show the columns across the screen. This is OK for a resultset with only a few columns with only a
small amount of information in each one, but it's not so good for this query.
The result from the above will look something like so:
*************************** 1. row ***************************
The values that are important for working out if the table is non optimal is the "Data_free" value.
If this is high, as in the above example where 564614700 bytes are free (538MB),
then the table has a lot of space not being used and should be optimized.
To optimize the table, issue the following command, where "mytablename" is the name of the MySQL table to optimise:
optimize table mytablename;
After doing this (it may take a few seconds dpending on the size of the table, free space etc) and running "show table status" again, the result should look much better:
*************************** 1. row ***************************
Name: tblmailqueue
Engine: MyISAM
Version: 10
Row_format: Dynamic
Rows: 6145
Avg_row_length: 7505
Data_length: 46119636
Max_data_length: 281474976710655
Index_length: 296960
Data_free: 0
Auto_increment: 1191156
Create_time: 2008-03-19 10:33:13
Update_time: 2008-09-02 22:24:58
Check_time: 2008-09-02 22:21:32
Collation: latin1_swedish_ci
Checksum: NULL
Create_options: pack_keys=0
Comment:
1 row in set (0.00 sec)
***************************************************************
In the above example we can see the "Data_free" value is now zero so the table is nicely optimised.
You can do something like this:
SELECT concat("OPTIMIZE TABLE ", table_schema,".",table_name,";") FROM tables WHERE DATA_FREE > 0 INTO OUTFILE '/tmp/optimize.sql'; SOURCE '/tmp/optimize.sql';
Select your database and then issue the command below, where 'mytablename' is the name of the table you want to query
show table status like 'mytablename'\G
You can omit the "like 'mytablename'" part and then it will show this information for all tables.
However if you have a lot of tables and there's only one or two you want to examine then it's better to specify the particular table.
You can end you query with either ; or \G. I prefer \G for this particular query because it shows each column from the resultset on a new line,
whereas ; will show the columns across the screen. This is OK for a resultset with only a few columns with only a
small amount of information in each one, but it's not so good for this query.
The result from the above will look something like so:
*************************** 1. row ***************************
Name: mytablename
Engine: MyISAM
Version: 10
Row_format: Dynamic
Rows: 2444
Avg_row_length: 7536
Data_length: 564614700
Max_data_length: 281474976710655
Index_length: 7218176
Data_free: 546194608
Auto_increment: 1187455
Create_time: 2008-03-19 10:33:13
Update_time: 2008-09-02 22:18:15
Check_time: 2008-08-27 23:07:48
Collation: latin1_swedish_ci
Checksum: NULL
Create_options: pack_keys=0
Comment:
***************************************************************The values that are important for working out if the table is non optimal is the "Data_free" value.
If this is high, as in the above example where 564614700 bytes are free (538MB),
then the table has a lot of space not being used and should be optimized.
To optimize the table, issue the following command, where "mytablename" is the name of the MySQL table to optimise:
optimize table mytablename;
After doing this (it may take a few seconds dpending on the size of the table, free space etc) and running "show table status" again, the result should look much better:
*************************** 1. row ***************************
Name: tblmailqueue
Engine: MyISAM
Version: 10
Row_format: Dynamic
Rows: 6145
Avg_row_length: 7505
Data_length: 46119636
Max_data_length: 281474976710655
Index_length: 296960
Data_free: 0
Auto_increment: 1191156
Create_time: 2008-03-19 10:33:13
Update_time: 2008-09-02 22:24:58
Check_time: 2008-09-02 22:21:32
Collation: latin1_swedish_ci
Checksum: NULL
Create_options: pack_keys=0
Comment:
1 row in set (0.00 sec)
***************************************************************
In the above example we can see the "Data_free" value is now zero so the table is nicely optimised.
You can do something like this:
SELECT concat("OPTIMIZE TABLE ", table_schema,".",table_name,";") FROM tables WHERE DATA_FREE > 0 INTO OUTFILE '/tmp/optimize.sql'; SOURCE '/tmp/optimize.sql';
SQL SERVER DATABASE MAINTENANACE - BEST PRACTICES BY MICROSOFT
Data-file (MDF and LDF) Maintenance
Transaction Log grows unexpectedly or becomes full on a SQL Server >> http://support.microsoft.com/?id=317375
How to move SQL Server databases to a new location http://support.microsoft.com/kb/224071
How to move databases between computers that are running SQL Server http://support.microsoft.com/kb/314546
DATABASE MaintenanceDatabase Maintenance >> http://technet.microsoft.com/en-us/magazine/2008.08.database.aspx
How to Minimize Deadlocks in SQL Server >> http://msdn.microsoft.com/en-us/library/ms191242(SQL.90).aspx
How to Minimize Blocking in SQL Server >> http://technet.microsoft.com/en-us/magazine/2008.04.blocking.aspx
SQL SERVER TRANSACTION LOG MAINTENANACE - BEST PRACTICES
A transaction log grows unexpectedly or becomes full on a computer that is running SQL Server http://support.microsoft.com/kb/317375
How to stop the transaction log of a SQL Server database from growing unexpectedly http://support.microsoft.com/kb/873235
Shrinking a Database http://msdn.microsoft.com/en-us/library/aa933076(SQL.80).aspx
Transaction Log grows unexpectedly or becomes full on a SQL Server >> http://support.microsoft.com/?id=317375
How to move SQL Server databases to a new location http://support.microsoft.com/kb/224071
How to move databases between computers that are running SQL Server http://support.microsoft.com/kb/314546
DATABASE MaintenanceDatabase Maintenance >> http://technet.microsoft.com/en-us/magazine/2008.08.database.aspx
How to Minimize Deadlocks in SQL Server >> http://msdn.microsoft.com/en-us/library/ms191242(SQL.90).aspx
How to Minimize Blocking in SQL Server >> http://technet.microsoft.com/en-us/magazine/2008.04.blocking.aspx
SQL SERVER TRANSACTION LOG MAINTENANACE - BEST PRACTICES
A transaction log grows unexpectedly or becomes full on a computer that is running SQL Server http://support.microsoft.com/kb/317375
How to stop the transaction log of a SQL Server database from growing unexpectedly http://support.microsoft.com/kb/873235
Shrinking a Database http://msdn.microsoft.com/en-us/library/aa933076(SQL.80).aspx
MS SQL Database Full Recovery from the TRANSACTION LOGS ( Tested with MsSQL - 2005, 2008 )
MsSQL Database full Recovery from transaction logs
Spl.Note :-
I am assuming that your Database recovery mode is set to FULL and not the SIMPLE.
You have a database which is set to FULL recovery and u have a full Database backup on say Dec 2009 after
that u have regularly backed up its transactional logs and suddenly your database crashed or by any chance it is being altered.,
in this scenario u need to get the changes made to your database on a previous day.
in this conditions you must be having database complete backup which is taken on Dec 2009 or any latest full database backup and transactional logs till today, in our need we assume that the database restore requirement is till yesterday and not today as i discussed above.
Now its time to start the Restore Database operations.
Step:-1
RESTORE DATABASE YOUR_DATABASE_NAME
FROM DISK = 'D:\YOUR_DATABASE_PATH\YOUR_FULL_DATABASE_BACKUP.bak'
WITH NORECOVERY
The above command will results in following output
Processed 184 pages for database 'YOUR_FULL_DATABASE_BACKUP', file 'YOUR_FULL_DATABASE_BACKUP' on file 1.
Processed 6 pages for database 'YOUR_FULL_DATABASE_BACKUP', file 'YOUR_FULL_DATABASE_BACKUP_log' on file 1.
RESTORE DATABASE successfully processed 190 pages in 0.205 seconds (7.233 MB/sec).
Once you restore the full backup using the NORECOVERY option, you can begin applying the transaction log backups or the differential backup as given below.
Step:-2
RESTORE LOG YOUR_DATABASE_NAME
FROM DISK = 'D:\YOUR_DATABASE_PATH\Transaction_Logs_1.trn' WITH NORECOVERY
The above command will results in following output
Processed 0 pages for database 'YOUR_DATABASE_NAME', file 'YOUR_DATABASE_NAME' on file 1.
Processed 7 pages for database 'YOUR_DATABASE_NAME', file 'YOUR_DATABASE_NAME_log' on file 1.
RESTORE LOG successfully processed 7 pages in 0.017 seconds (2.900 MB/sec).
Step:-3
RESTORE LOG YOUR_DATABASE_NAME
FROM DISK = 'D:\YOUR_DATABASE_PATH\Transaction_Logs_2.trn' WITH NORECOVERY
The above command will results in following output
Processed 0 pages for database 'YOUR_DATABASE_NAME', file 'YOUR_DATABASE_NAME' on file 1.
Processed 3 pages for database 'YOUR_DATABASE_NAME', file 'YOUR_DATABASE_NAME_log' on file 1.
RESTORE LOG successfully processed 3 pages in 0.018 seconds (1.247 MB/sec).
Step:-4
i m assuming Transaction_Logs_3.trn is the file which we want to get the database data till yesterday,
one more file Transaction_Logs_4.trn is there but our requirement is till file Transaction_Logs_3.trn only
RESTORE LOG YOUR_DATABASE_NAME
FROM DISK = 'D:\YOUR_DATABASE_PATH\Transaction_Logs_3.trn' WITH RECOVERY
The above command will results in following output
Processed 0 pages for database 'YOUR_DATABASE_NAME', file 'YOUR_DATABASE_NAME' on file 1.
Processed 2 pages for database 'YOUR_DATABASE_NAME', file 'YOUR_DATABASE_NAME_log' on file 1.
RESTORE LOG successfully processed 2 pages in 0.064 seconds (0.190 MB/sec).
after the successfull operations of the above step the database is now ready for use,
till the time it is in RECOVERYMODE the same will not be available for use.
In the example above, we restore the database to the end of the 2nd last transaction log.
If we want to recover our database to a specific point in time before the end of that transaction log,
then we must use the STOPAT option.
The script below restores the fourth transaction logs in the log sequence to 3:00 AM - time just before the database gets currupted.
RESTORE LOG YOUR_DATABASE_NAME
FROM DISK = 'D:\YOUR_DATABASE_PATH\Transaction_Logs_4.trn'
WITH STOPAT = N'8/30/2010 3:00:00 AM', RECOVERY
MS SQL DATABASE/LOGS Shrinking ( Tested with MsSQL - 2005, 2008 )
Reference By Mr.Varun Dhavan (Database Expert Microsoft)
Q:- What does database shrinking means ?
Ans:- In a SQL Server database, each file within a database can be reduced to remove unused pages.
Although the Database Engine will reuse space effectively, there are times when a file no longer needs to be as
large as it once was; shrinking the file may then become necessary. Both data and transaction log files can be reduced, or shrunk.
The database files can be shrunk manually, either as a group or individually, or the database can be set to shrink automatically at specified intervals.
Q:-What are best practices and implications of shrinking ?
Ans:- Consider the following information when you plan to shrink a database or file:
1) A shrink operation is most effective after an operation that creates lots of unused space, such as a truncate table or a drop table operation.
2) Most databases require some free space for regular day-to-day operations. If you shrink a database repeatedly and notice that the database size grows again, this indicates that the space that was shrunk is required for regular operations. In these cases, repeatedly shrinking the database is a wasted operation.
3) A shrink operation does not preserve the fragmentation state of indexes in the database, and generally increases fragmentation to a degree. For example, you should not shrink a database or data file after rebuilding indexes. This is another reason not to repeatedly shrink the database.
4) Unless you have a specific requirement, do not set the AUTO_SHRINK database option to ON.
Q:- How does shrinking of a log file happen ?
Ans:- A log file is shrunk when you issue the following command to the SQL Server:
DBCC SHRINKFILE ('logical file name', targetsize)
Q:- How do I know if a log file can be shrunk ?
Ans:- To understand whether the log file can be shrunk, you will need to fire the following commands and understand their outputs.
The first command that needs to be fired is:
DBCC SQLPERF(logspace)
This will let us know what percentage of the log file is actually in use. The lower the percentage, the more the file can be shrunk.
SHRINKING DATABASE T-LOG FILES ROOT-CAUSE
Step we followed to shrink the T-log file of the database ?
Step 1. Back up the transaction log file to make most of the active virtual log files inactive.
Therefore, the inactive virtual log files can be removed in a later step.
To do this, run a Transact-SQL statement that is similar to the following Transact-SQL statement.
BACKUP LOGTO DISK = ''
Step 2. Shrink the transaction log file. To do this, run a Transact-SQL statement that is similar to the following Transact-SQL statement.
DBCC SHRINKFILE (, ) WITH NO_INFOMSGS
Root cause: Why the Transaction-log files grown so huge ?
1. Databases while running in FULL recovery model and When the transaction logs grow to an unacceptable limit,
you must immediately back up your transaction log file. While the backup of your transaction log files is created,
SQL Server automatically truncates the inactive part of the transaction log.
The inactive part of the transaction log file contains the completed transactions, and therefore, the transaction log file is no
longer used by SQL Server during the recovery process. SQL Server reuses this truncated,
inactive space in the transaction log instead of permitting the transaction log to continue to grow and to use more space.
2. If Replication on any databases is in active mode and SQL Server Agent is down then due to this, huge pile of transaction that
were pending to replicated, however could not be replicated as the Replication Agent jobs were not running
Q:- What does database shrinking means ?
Ans:- In a SQL Server database, each file within a database can be reduced to remove unused pages.
Although the Database Engine will reuse space effectively, there are times when a file no longer needs to be as
large as it once was; shrinking the file may then become necessary. Both data and transaction log files can be reduced, or shrunk.
The database files can be shrunk manually, either as a group or individually, or the database can be set to shrink automatically at specified intervals.
Q:-What are best practices and implications of shrinking ?
Ans:- Consider the following information when you plan to shrink a database or file:
1) A shrink operation is most effective after an operation that creates lots of unused space, such as a truncate table or a drop table operation.
2) Most databases require some free space for regular day-to-day operations. If you shrink a database repeatedly and notice that the database size grows again, this indicates that the space that was shrunk is required for regular operations. In these cases, repeatedly shrinking the database is a wasted operation.
3) A shrink operation does not preserve the fragmentation state of indexes in the database, and generally increases fragmentation to a degree. For example, you should not shrink a database or data file after rebuilding indexes. This is another reason not to repeatedly shrink the database.
4) Unless you have a specific requirement, do not set the AUTO_SHRINK database option to ON.
Q:- How does shrinking of a log file happen ?
Ans:- A log file is shrunk when you issue the following command to the SQL Server:
DBCC SHRINKFILE ('logical file name', targetsize)
Q:- How do I know if a log file can be shrunk ?
Ans:- To understand whether the log file can be shrunk, you will need to fire the following commands and understand their outputs.
The first command that needs to be fired is:
DBCC SQLPERF(logspace)
This will let us know what percentage of the log file is actually in use. The lower the percentage, the more the file can be shrunk.
SHRINKING DATABASE T-LOG FILES ROOT-CAUSE
Step we followed to shrink the T-log file of the database ?
Step 1. Back up the transaction log file to make most of the active virtual log files inactive.
Therefore, the inactive virtual log files can be removed in a later step.
To do this, run a Transact-SQL statement that is similar to the following Transact-SQL statement.
BACKUP LOG
Step 2. Shrink the transaction log file. To do this, run a Transact-SQL statement that is similar to the following Transact-SQL statement.
DBCC SHRINKFILE (
Root cause: Why the Transaction-log files grown so huge ?
1. Databases while running in FULL recovery model and When the transaction logs grow to an unacceptable limit,
you must immediately back up your transaction log file. While the backup of your transaction log files is created,
SQL Server automatically truncates the inactive part of the transaction log.
The inactive part of the transaction log file contains the completed transactions, and therefore, the transaction log file is no
longer used by SQL Server during the recovery process. SQL Server reuses this truncated,
inactive space in the transaction log instead of permitting the transaction log to continue to grow and to use more space.
2. If Replication on any databases is in active mode and SQL Server Agent is down then due to this, huge pile of transaction that
were pending to replicated, however could not be replicated as the Replication Agent jobs were not running
Wednesday, December 1, 2010
Enable Snort Syslog format and Redirect it to any required server
to enable Snort Syslog and Redirect it to any required server you need to modify the snort.conf file
output alert_syslog: host=ServerIP:514, LOG_AUTH LOG_ALERT LOG_INFO LOG_DEBUG
output alert_syslog: host=ServerIP:514, LOG_AUTH LOG_ALERT LOG_INFO LOG_DEBUG
Overriding the default Servlet in Tomcats WEB-INF/web.xml
To Override the Global Tomcat Settings use the below Code for DIR Listings
<servlet>
<servlet-name>DefaultNoListing</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>DefaultNoListing</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>DefaultNoListing</servlet-name>
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>listings</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>DefaultNoListing</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
Configuring tomcat to authenticate using windows Active Directory
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://youradsserver:389/"
alternateURL="ldap://youradsserver:389/"
userRoleName="member"
userBase="cn=Users,dc=yourdomain"
userPattern="cn={0},cn=Users,dc=yourdomain"
roleBase="cn=Users,dc=yourdomain"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="false"
userSubtree="true"
/>
and define the role in the tomcat-users.xml and the web.xml of your application
edit webapp_root/WEB_INF/Web.xml file as follows:
<security-constraint>
<display-name>your web app display name</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.html</url-pattern>
<url-pattern>*.xml</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>yourrolname(ADS Group)</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>your role description</description>
<role-name>yourrolename(i.e ADS group)</role-name>
</security-role>
connectionURL="ldap://youradsserver:389/"
alternateURL="ldap://youradsserver:389/"
userRoleName="member"
userBase="cn=Users,dc=yourdomain"
userPattern="cn={0},cn=Users,dc=yourdomain"
roleBase="cn=Users,dc=yourdomain"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="false"
userSubtree="true"
/>
and define the role in the tomcat-users.xml and the web.xml of your application
edit webapp_root/WEB_INF/Web.xml file as follows:
<security-constraint>
<display-name>your web app display name</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>*.html</url-pattern>
<url-pattern>*.xml</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>yourrolname(ADS Group)</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>your role description</description>
<role-name>yourrolename(i.e ADS group)</role-name>
</security-role>
IIS with WebSphere Application Server
Once the WebSphere Application Server 4.0 is installed successfully then it can be configured with the IIS 6.0 server by creating plugins for the same.
Load a plugin iisWASPlugin.dll
The next step is to create a virtual directory sePlugins with the scripts & executables permission for the created filter iisWASPlugin.
Next final step is to restart the www services and the same can be checked by using the default application's url like http://www.someserver.com/very_simple.jsp the very_simple.jsp will be served by the websphere application server which will servers the request at the port 80.
Load a plugin iisWASPlugin.dll
once the plugin/filter is created check its priority if it is being loaded properly then it will be with High Priority as shown below.
Next final step is to restart the www services and the same can be checked by using the default application's url like http://www.someserver.com/very_simple.jsp the very_simple.jsp will be served by the websphere application server which will servers the request at the port 80.
Apache Server with Tomcat server
The simplest configuration is described. It assumes you already have Tomcat 5.5 and Apache 2.0 (instructions for Apache 1.3 is also provided) installed and running.
The instructions are applicable (have been tested) for Windows as well as Linux platform.
Assume you want to map test directory of Apache to the mytest web application of Tomcat. Change the name appropriately to suit your configuration.
1. Shutdown Apache & Tomcat Server
2. Add the following lines to httpd.conf (in conf directory of Apache base directory)
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyPass /test/ http://localhost:8081/mytest/
ProxyPassReverse /test/ http://localhost:8081/mytest/
Note 1: Replace localhost with the appropriate IP address or hostname of the server where Tomcat is installed.
Note 2: On older Apache 1.3 you will have to use libproxy.so instead:
LoadModule proxy_module modules/libproxy.so
AddModule mod_proxy.c
The instructions are applicable (have been tested) for Windows as well as Linux platform.
Assume you want to map test directory of Apache to the mytest web application of Tomcat. Change the name appropriately to suit your configuration.
1. Shutdown Apache & Tomcat Server
2. Add the following lines to httpd.conf (in conf directory of Apache base directory)
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyPass /test/ http://localhost:8081/mytest/
ProxyPassReverse /test/ http://localhost:8081/mytest/
Note 1: Replace localhost with the appropriate IP address or hostname of the server where Tomcat is installed.
Note 2: On older Apache 1.3 you will have to use libproxy.so instead:
LoadModule proxy_module modules/libproxy.so
AddModule mod_proxy.c
Tomcat 6 - Discloses username="tomcat" password="s3cret" roles="manager"
Tomcat 6 - Discloses username="tomcat" password="s3cret" roles="manager"
Custom Error page configurations not working with Tomcat 6.x and while using the Manager application of tomcat if user tries the invalid username / passwords it discloses the 401 unauthorized page as shown below.
<pre>
<role rolename="manager"/>
<user username="tomcat" password="s3cret" roles="manager"/>
</pre>
<role rolename="manager"/>
<user username="tomcat" password="s3cret" roles="manager"/>
</pre>
Tomcat Startup failure on Win2k8 R2
Getting error while Starting tomcat server 5 on windows 2008 R2 - 64bit operating system as the packages used were supported for 32 bit versions.
[402 prunsrv.c] [error]
The system cannot find the file specified
[1246 prunsrv.c] [error]
Load configuration failed
i have resolved this error simply by installing the JRE 6 and Tomcat 6 for 64 bit windows system and it worked successfully and also it installed this as Windows service which is common isssue if you are installing 32 bit package.
Packages used are
jre-6u4-windows-x64.exe
apache-tomcat-6.0.29.exe
Download links for 64 bit packages - ( JRE )
http://www.start64.com/index.php?Itemid=114&id=1792&option=com_content&task=view
[402 prunsrv.c] [error]
The system cannot find the file specified
[1246 prunsrv.c] [error]
Load configuration failed
i have resolved this error simply by installing the JRE 6 and Tomcat 6 for 64 bit windows system and it worked successfully and also it installed this as Windows service which is common isssue if you are installing 32 bit package.
Packages used are
jre-6u4-windows-x64.exe
apache-tomcat-6.0.29.exe
Download links for 64 bit packages - ( JRE )
http://www.start64.com/index.php?Itemid=114&id=1792&option=com_content&task=view
Tuesday, November 30, 2010
Microsoft Web Server - IIS 7.0 Hardening Recomendations
Important checks which are very crucial @ IIS Web Server
All Unknown CGI Extentions must be -> Prohibited
All Unknown ISAPI Extentions must be -> Prohibited
Active Server Pages must be subject to your requirement -> Prohibited
Internet Data Connector must be -> Prohibited
Server Side Includes must be -> Prohibited
WebDAV must be -> Prohibited
Server Header Info must be -> DISABLED
Application Server Running with its own UserAccount must be -> ENABLED
Error Disclosures must be -> DISABLED
Server OS informations/Physical Path Disclosures must be -> DISABLED
Really Great and very useful Post by Mr.Steve Schofield
Reference :- http://forums.iis.net/t/1127617.aspx
1) Run as applicationpoolidentity
2) Uninstall any modules that aren't used, especially authentication modules. Not having modules reduces the surface attack.
If you install additional modules, run at website level, don't load at server level,
use the web.config to load the modules in the <system.Webserver> section.
3) Look at using Request Filtering or urlscan to block sql injections
4) You can use host-headers to help reduce automated ip-based bot attacks.
5) Do not enable remote management, it's disabled by default
6) Don't install FTP, SMTP services.
7) Run each website in their own application pool
8) Lockdown any delegated permissions or remove them all together. OS, App suggestions
9) Run Security Config wizard this does OS level changes. Definitely spin up a test VM or box to test SCW before applying at GPO level
http://weblogs.asp.net/steveschofield/archive/2008/10/26/how-to-use-security-configuration-wizard-in-windows-server-2008.aspx
10) Run Windows firewall, block all but 3389, 80, 443, echo reply (for monitoring and pings).
11) Place Data on a separate drive, remove default NTFS permissions,
12) Keep up on security patches, service packs.
13) Run asp.net apps in medium or partial trust if possible. Don't install DLL's in the GAC (global assembly cache)
14) Enable auditing in the local security policy (or GPO).
15) Run Anti-virus software.
16) Enable custom errors errors so unhandled errors aren't displayed remotely
17) Most web applications need to be properly tested for hacking, unhandled exceptions, etc.. IIS 7 itself is solid, the applications need to be both load tested and how they handle such situations.
18) Run 64 bit version of W2K8 or R2.
All Unknown CGI Extentions must be -> Prohibited
All Unknown ISAPI Extentions must be -> Prohibited
Active Server Pages must be subject to your requirement -> Prohibited
Internet Data Connector must be -> Prohibited
Server Side Includes must be -> Prohibited
WebDAV must be -> Prohibited
Server Header Info must be -> DISABLED
Application Server Running with its own UserAccount must be -> ENABLED
Error Disclosures must be -> DISABLED
Server OS informations/Physical Path Disclosures must be -> DISABLED
Really Great and very useful Post by Mr.Steve Schofield
Reference :- http://forums.iis.net/t/1127617.aspx
1) Run as applicationpoolidentity
2) Uninstall any modules that aren't used, especially authentication modules. Not having modules reduces the surface attack.
If you install additional modules, run at website level, don't load at server level,
use the web.config to load the modules in the <system.Webserver> section.
3) Look at using Request Filtering or urlscan to block sql injections
4) You can use host-headers to help reduce automated ip-based bot attacks.
5) Do not enable remote management, it's disabled by default
6) Don't install FTP, SMTP services.
7) Run each website in their own application pool
8) Lockdown any delegated permissions or remove them all together. OS, App suggestions
9) Run Security Config wizard this does OS level changes. Definitely spin up a test VM or box to test SCW before applying at GPO level
http://weblogs.asp.net/steveschofield/archive/2008/10/26/how-to-use-security-configuration-wizard-in-windows-server-2008.aspx
10) Run Windows firewall, block all but 3389, 80, 443, echo reply (for monitoring and pings).
11) Place Data on a separate drive, remove default NTFS permissions,
12) Keep up on security patches, service packs.
13) Run asp.net apps in medium or partial trust if possible. Don't install DLL's in the GAC (global assembly cache)
14) Enable auditing in the local security policy (or GPO).
15) Run Anti-virus software.
16) Enable custom errors errors so unhandled errors aren't displayed remotely
17) Most web applications need to be properly tested for hacking, unhandled exceptions, etc.. IIS 7 itself is solid, the applications need to be both load tested and how they handle such situations.
18) Run 64 bit version of W2K8 or R2.
Simple steps to generate the Certificate for Apache Server 2.2 using openssl
1) Go to the command prompt
2) cd C:\Program Files\Apache Software Foundation\Apache2.2\bin
3) set OPENSSL_CONF=C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf ( if Required )
4) openssl
5) genrsa -des3 -out test.com.key 1024
6) rsa -in test.com.key -out server.pem
7) req -new -key test.com.key -out test.com.csr
8) Once the above steps completed total 3 files will be generated to the location C:\Program Files\Apache Software Foundation\Apache2.2\bin
test.com.key
server.pem
test.com.csr
8) Get the Certificate from Certified Authority using csr file "test.com.csr"
9) Installing the Certificate (test.com.cer) Received from the Certified Authority
i) Copy the test.com.cer and server.pem into the "C:\Program Files\Apache Software Foundation\Apache2.2\conf"
ii) Now Edit the httpd.conf Uncomment Both the lines #Loadmodule ssl_module modules/mod_ssl.so and #Include conf/extra/httpd-ssl.conf
iii) Now Edit the httpd-ssl.conf file from location "C:\Program Files\Apache Software Foundation\Apache2.2\conf\extra" Change the from SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt" to SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/test.com.cer"
10) Restart the Apache Server and Check the same.
2) cd C:\Program Files\Apache Software Foundation\Apache2.2\bin
3) set OPENSSL_CONF=C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf ( if Required )
4) openssl
5) genrsa -des3 -out test.com.key 1024
6) rsa -in test.com.key -out server.pem
7) req -new -key test.com.key -out test.com.csr
8) Once the above steps completed total 3 files will be generated to the location C:\Program Files\Apache Software Foundation\Apache2.2\bin
test.com.key
server.pem
test.com.csr
8) Get the Certificate from Certified Authority using csr file "test.com.csr"
9) Installing the Certificate (test.com.cer) Received from the Certified Authority
i) Copy the test.com.cer and server.pem into the "C:\Program Files\Apache Software Foundation\Apache2.2\conf"
ii) Now Edit the httpd.conf Uncomment Both the lines #Loadmodule ssl_module modules/mod_ssl.so and #Include conf/extra/httpd-ssl.conf
iii) Now Edit the httpd-ssl.conf file from location "C:\Program Files\Apache Software Foundation\Apache2.2\conf\extra" Change the from SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt" to SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/test.com.cer"
10) Restart the Apache Server and Check the same.
Run your Tomcat server on HTTPS
Simple Steps to make your TOMCAT Run on HTTPS using KEYTOOL utility
1). keytool -genkey -alias www.mytest.com -keyalg RSA -keysize 2048 -keystore www_mytest_com.jks
2). keytool -certreq -alias www.mytest.com -file www_mytest_com.csr -keystore www_mytest_com.jks
3). keytool -import -trustcacerts -alias www.mytest.com -file D:\www_mytest_com.p7b -keystore www_mytest_com.jks
This will install Certificate and the Root Certificate associated with the same., sometimes this will not work and in that case try the below steps.
3.1). keytool -import -alias www.mytest.com -file D:\www_mytest_com.cer -keystore www_mytest_com.jks
3.2). keytool -import -trustcacerts -file D:\www_mytest_com_root.cer -keystore www_mytest_com.jks
4). Modify server.xml and Restart TOMCAT SERVER
**Note: By default Tomcat will look for your Keystore with the file name .keystore in the home directory with the default password changeit. The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems
1). keytool -genkey -alias www.mytest.com -keyalg RSA -keysize 2048 -keystore www_mytest_com.jks
2). keytool -certreq -alias www.mytest.com -file www_mytest_com.csr -keystore www_mytest_com.jks
3). keytool -import -trustcacerts -alias www.mytest.com -file D:\www_mytest_com.p7b -keystore www_mytest_com.jks
This will install Certificate and the Root Certificate associated with the same., sometimes this will not work and in that case try the below steps.
3.1). keytool -import -alias www.mytest.com -file D:\www_mytest_com.cer -keystore www_mytest_com.jks
3.2). keytool -import -trustcacerts -file D:\www_mytest_com_root.cer -keystore www_mytest_com.jks
4). Modify server.xml and Restart TOMCAT SERVER
**Note: By default Tomcat will look for your Keystore with the file name .keystore in the home directory with the default password changeit. The home directory is generally /home/user_name/ on Unix and Linux systems, and C:\Documents and Settings\user_name\ on Microsoft Windows systems
Apache 2 to Tomcat Connector Using Proxy
The simplest configuration is described. It assumes you already have Tomcat 5.5 and Apache 2.0 (instructions for Apache 1.3 is also provided) installed and running.
The instructions are applicable (have been tested) for Windows as well as Linux platform.
Assume you want to map test directory of Apache to the mytest web application of Tomcat. Change the name appropriately to suit your configuration.
1. Shutdown Apache & Tomcat Server
2. Add the following lines to httpd.conf (in conf directory of Apache base directory)
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyPass /test/ http://localhost:8081/mytest/
ProxyPassReverse /test/ http://localhost:8081/mytest/
Note 1: Replace localhost with the appropriate IP address or hostname of the server where Tomcat is installed.
Note 2: On older Apache 1.3 you will have to use libproxy.so instead:
LoadModule proxy_module modules/libproxy.so
AddModule mod_proxy.c
The instructions are applicable (have been tested) for Windows as well as Linux platform.
Assume you want to map test directory of Apache to the mytest web application of Tomcat. Change the name appropriately to suit your configuration.
1. Shutdown Apache & Tomcat Server
2. Add the following lines to httpd.conf (in conf directory of Apache base directory)
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyPass /test/ http://localhost:8081/mytest/
ProxyPassReverse /test/ http://localhost:8081/mytest/
Note 1: Replace localhost with the appropriate IP address or hostname of the server where Tomcat is installed.
Note 2: On older Apache 1.3 you will have to use libproxy.so instead:
LoadModule proxy_module modules/libproxy.so
AddModule mod_proxy.c
Tomcat Hardening Recomendations
1. use an unprivileged user account to run the server.
2.use a firewall before your server
3. Disable the connectors you dont need in server.xml
4. disable the tomcat's admin/manager web application completely or configure it that way that it needs proper username/passwort and connection from well known hosts
5. Disable the examples application
6. use apache http server to forward the request to the tomcat server.
7. bind tomcat to those IPs and ports only which you need, don't bind to any
8.Use server-minimal.xml instead of server.xml (make security life simpler;-)
9. check what you allow in tomcat's default context.xml, web.xml and anything below your configured host 10. use a special user to run tomcat, don't use administrator/root for that
11. allow only that user to read all your files, disallow any other users
12. make all files read-only (except those tomcat needs to write to)
To Allow/Disallow access from Specifc port use following Valves.
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="10.6.1.*" deny="10.6.1.1"/>
By Defining Address Tag we can Allow the AJP Access from specific IP only as shown below
<Connector address="127.0.0.1" port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" allowTrace="false" xpoweredBy="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="127.0.0.1,10.6.10.*" deny="10.6.10.2"/>
while Config of ADMIN/ Manager Application For tomcat Administration put admin.xml and manager.xml from the server's server\webapps location to the D:\ApacheSoftwareFoundation\Tomcat5.5\conf\Catalina\localhost and Restart the Tomcat Server to get the Changes
whenever making any change to the admin.xml again put the same in the above mentioned location and Restart
Always Allow ADMIN/Manager Application from Local/Intranet IP's don’t let them over Internet due to security Threat
For more informations on securing TOMCAT refere
http://www.owasp.org/index.php/Securing_tomcat
http://www.unidata.ucar.edu/Projects/THREDDS/tech/reference/TomcatSecurity.html
2.use a firewall before your server
3. Disable the connectors you dont need in server.xml
4. disable the tomcat's admin/manager web application completely or configure it that way that it needs proper username/passwort and connection from well known hosts
5. Disable the examples application
6. use apache http server to forward the request to the tomcat server.
7. bind tomcat to those IPs and ports only which you need, don't bind to any
8.Use server-minimal.xml instead of server.xml (make security life simpler;-)
9. check what you allow in tomcat's default context.xml, web.xml and anything below your configured host 10. use a special user to run tomcat, don't use administrator/root for that
11. allow only that user to read all your files, disallow any other users
12. make all files read-only (except those tomcat needs to write to)
To Allow/Disallow access from Specifc port use following Valves.
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="10.6.1.*" deny="10.6.1.1"/>
By Defining Address Tag we can Allow the AJP Access from specific IP only as shown below
<Connector address="127.0.0.1" port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" allowTrace="false" xpoweredBy="true"/>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="127.0.0.1,10.6.10.*" deny="10.6.10.2"/>
while Config of ADMIN/ Manager Application For tomcat Administration put admin.xml and manager.xml from the server's server\webapps location to the D:\ApacheSoftwareFoundation\Tomcat5.5\conf\Catalina\localhost and Restart the Tomcat Server to get the Changes
whenever making any change to the admin.xml again put the same in the above mentioned location and Restart
Always Allow ADMIN/Manager Application from Local/Intranet IP's don’t let them over Internet due to security Threat
For more informations on securing TOMCAT refere
http://www.owasp.org/index.php/Securing_tomcat
http://www.unidata.ucar.edu/Projects/THREDDS/tech/reference/TomcatSecurity.html
Saturday, November 27, 2010
IBDATA1-HUGE Size Of MySQL Database
IBDATA1 is of approx 100GB consuming entire disk space of my server, it is a bug of mysql database or it is a common issue i dont know but to get out of the situation i simply followed below steps and everything back to normal with nominal initial database size.The one more way to get out of this is to truncate the tables with huge data but that doesn't reduced space occupied by this IBDATA file and hence the only way was to delete this file and generate the same by restarting the mysql server again .
Step 1).Stop Snort Server and take the Complete Backup of Snort Database (if Possible)
Step 1).Stop Snort Server and take the Complete Backup of Snort Database (if Possible)
Step 2).If not possible, take the individual database backup of the following Databases.
archive
aw_hsc
idsevents
mysql
snort ( Except this Database)
while taking the snort database backup, take the complete data with table scripts
Following Tables needs to be backed up for restoring the snort database.
DETAIL
ENCODING
ICMPHDR
REFERENCE
REFERENCE_SYSTEM
SCHEMA
SENSOR
SIG_CLASS
SIG_REFERENCE
SIGNATURE
Usage: - Command to take the Individual Table Backup
mysqldump -u root -p <Database Name> <Table Name> > <FileName.sql>
e.g.
mysqldump -u root -p SNORT DETAIL > detailtable.sql
Step 3).Now stop the Database MySql Server
Step 4).Now Locate the Path of the ibdata1 file in my case the size is 100GB
D:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1, Rename or Move these files ib_logfile0,ib_logfile1 and ibdata1 to some other location not accessible by MySql Database later we can delete these files.
D:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1, Rename or Move these files ib_logfile0,ib_logfile1 and ibdata1 to some other location not accessible by MySql Database later we can delete these files.
Step 5). Now Rename the data folder of "D:\Program Files\MySQL\MySQL Server 5.0\Data" of the MySql Server.
Step 6). Create a folder named data under the location D:\Program Files\MySQL\MySQL Server 5.0\
Step 7). Copy & Paste the Existing mysql schema to this location
Step 8). Now import all Databases schemas except mysql as it is the MySQL Server's Database.
Step 9). Now Start the MySql Database it will create the ib_logfile0,ib_logfile1 and ibdata1 to its existing location with some default file size say 25MB.
Step 10). If the imported databases are not working fine then create the following Databases manually
archive
aw_hsc
idsevents
snort
Step 11). And Now Import the Dump to all the above databases one by one.
Step 12). Now for SNORT Database follow the following path.
12.1) Import the Create_Mysql.sql schema
12.2) Import the existing table data for the following tables which are taken from the existing working SNORT Database.
12.3) Now Start the Snort Server and Check whether it writes to database on not.
Step 13). Check the alerts of the table's iphdr, tcphdr, icmphdr, udphdr, If alerts/events are logged into the database it shows that your snort server database is working fine.
SCRIPTS FOR TABLE TRUNCATE
DELETE FROM DETAIL;
DELETE FROM ENCODING;
DELETE FROM ICMPHDR;
DELETE FROM REFERENCE;
DELETE FROM REFERENCE_SYSTEM;
DELETE FROM SCHEMA;
DELETE FROM SENSOR;
DELETE FROM SIG_CLASS;
DELETE FROM SIG_REFERENCE;
DELETE FROM SIGNATURE;
DELETE FROM EVENT;
OR simply import the schema for snort from the taken backup file.
Reference SQL Scripts :- Create_Mysql.sql (download link)
Snort @ IDS
Today web sites are the most vulnerable, and therefore the most hacked. Snort a free and open source Network Intrusion Detection/Prevention System is the best tool for managing and preventing intrusions to your applications, and Internet-enabled programs or web sites, Snort can not only protect your sites, but it can analyze what's really going on with your networks, read more
Subscribe to:
Posts (Atom)