Monday, November 30, 2009

Remove unempty directory

rm -rf <directory name>

Sunday, November 29, 2009

Copy Files Across a Network/Internet in UNIX LINUX

How to Copy Files Across a Network/Internet in UNIX/LINUX (Redhat, Debian, FreeBSD, etc) - scp

One of the many advantages of Linux/UNIX is how many ways you can do one thing. This tuturial is going to show you some of the many ways you can ttransfer files over a network connection.

Please note that there are many other ways these are just some of the more common ones. The methods covered assume that SSH is used in all sessions. These methods are all much more secure and reliable than using rcp or ftp. This tutorial is a great alternative for those looking for an FTP alterative to transfering files over a network.

scp

scp or secure copy is probably the easiest of all the methods, its is designed as a replacement for rcp, which was a quick copy of cp with network funcationability.

scp syntax

scp [-Cr] /some/file [ more ... ] host.name:/destination/file

-or-

scp [-Cr] [[user@]host1:]file1 [ more ... ] [[user@]host2:]file2

Before scp does any copying it first connects via ssh. Unless proper keys are in place, then you will be asked for usernames. You can test if this is working by using ssh -v hostname

The -r switch is used when you want to recursively go through directories. Please note you must specify the source file as a directory for this to work.

scp encrypts data over your network connection, but by using the -C switch you can compress the data before it goes over the network. This can significantly decrease the time it takes to copy large files.

Tip: By default scp uses 3DES encryption algorithm, all encryption algorithms are slow, but some are faster than others. Using -c blowfish can speed things up.

What scp shouldn't be used for:
1. When you are copying more than a few files, as scp spawns a new process for each file and can be quite slow and resource intensive when copying a large number of files.
2. When using the -r switch, scp does not know about symbolic links and will blindly follow them, even if it has already made a copy of the file. The can lead to scp copying an infinite amount of data and can easily fill up your hard disk, so be careful.

Friday, November 27, 2009

Disable Complex Password in Windows server 2003

Disabling complex password requirement and password age/ length /history
Goto Group Policy Editor

Computer configurations>windows settings>Security Settings > Account Policies > Password Policy

disable password must meet complexity requirement
or age /lenght/history

Thursday, November 26, 2009

Add the Remote Access/VPN Server role to Windows Server 2003 system

Add the Remote Access/VPN Server role to your Windows Server 2003 system

Sometimes, simplicity is the best choice for both a technology solution and the corresponding tutorial that explains how to use the new solution. In this document, I will provide a clear, concise, systematic procedure for getting a Windows Server 2003-based PPTP VPN up and running. I'm using Windows Server 2003 with Service Pack 1 for this guide.

To add the Remote Access/VPN Server role, go to Start | All Programs | Administrative Tools | Configure Your Server Wizard. The first screen of this wizard is for informational purposes only and, thus, is not shown here. Click Next. The same goes for the second screen, which just tells you some things you need to have completed before adding new roles to your server.

On the third screen of the wizard, entitled Server Role, you're presented with a list of available roles for your server along with column that indicates whether or not a particular role has been assigned to this machine. Figure A shows you a screen from a server on which just the IIS Web server role has been added.

Figure A

To add a new role, select the role and click Next

To add the Remote Access/VPN Server role to your server, select that role and click the Next button to move on to the next screen in the wizard, which provides you with a quick overview of the options you selected.

Figure B

The summary screen is pretty basic for this role

Take note: This selection just starts another wizard called the Routing and Remote Access Wizard, described further below.

The Routing and Remote Access Wizard component

Like most wizards, the first screen of the Routing and Remote Access wizard is purely informational and you can just click Next.

The second screen in this wizard is a lot meatier and asks you to decide what kind of remote access connection you want to provide. Since the goal here is to set up a PPTP-based VPN, select the "Virtual Private Network VPN and NAT" selection and click Next.

Figure C

Select the VPN option and click Next

The next screen of the wizard, entitled VPN Connection, asks you to determine which network adapter is used to connect the system to the Internet. For VPN servers, you should install and use a separate network adapter for VPN applications. Network adapters are really cheap and separation makes the connections easier to secure. In this example, I've selected the second local area network connection (see Figure D), a separate NIC from the one that connects this server to the network. Notice the checkbox labeled "Enable security on the selected interface by setting up Basic Firewall" underneath the list of network interfaces. It's a good idea to enable since option it helps to protect your server from outside attack. A hardware firewall is still a good idea, too.

Figure D

Select the network adapter that connects your server to the Internet

With the selection of the Internet-connected NIC out of the way, you need to tell the RRAS wizard which network external clients should connect to in order to access resources. Notice that the adapter selected for Internet access is not an option here.

Figure E

Select the network containing resources needed by external clients

Just like every other client out there, your external VPN clients will need IP addresses that are local to the VPN server so that the clients can access the appropriate resources. You have two options (really three â€" I'll explain in a minute) for handling the doling out of IP addresses.

First, you can leave the work up to your DHCP server and make the right configuration changes on your network equipment for DHCP packets to get from your DHCP server to your clients. Second, you can have your VPN server handle the distribution of IP addresses for any clients that connect to the server. To make this option work, you give your VPN server a range of available IP addresses that it can use. This is the method I prefer since I can tell at a glance exactly from where a client is connecting. If they're in the VPN "pool" of addresses, I know they're remote, for example. So, for this setting, as shown in Figure F below, I prefer to use the "From a specified range of addresses" option. Make your selection and click Next.

Figure F

Your choice on this one! I prefer to provide a range of addresses

If you select the "From a specified range of addresses" option on the previous screen, you now have to tell the RRAS wizard exactly which addresses should be reserved for distribution to VPN clients. To do this, click the New button on the Address Range Assignment screen. Type in the starting and ending IP addresses for the new range and click OK. The "Number of addresses" field will be filled in automatically based on your entry. You can also just enter the starting IP address and the number if IP addresses you want in the pool. If you do so, the wizard automatically calculates the ending IP address. Click OK in the New Address Range window; your entry appears in the Address Range Assignment window. Click Next to continue.

Figure G

You can have multiple address ranges, as long as they are all accessible

The next screen asks you to identify the network that has shared access to the Internet. This is generally the same network that your VPN users will use to access shared resources.

Figure H

Pick the network adapter that gives you access to the Internet

Authenticating users to your network is vital to the security of your VPN infrastructure. The Windows VPN service provides two means for handling this chore. First, you can use RADIUS, which is particularly useful if you have other services already using RADIUS. Or, you can just let the RRAS service handle the authentication duties itself. Give users access to the VPN services by enabling dial-in permissions in the user's profile (explained below). For this example, I will not be using RADIUS, but will allow RRAS to directly authenticate incoming connection requests.

Figure I

Decide what means of authentication you want to provide

That's it for the RRAS wizard! You're provided with a summary screen that details the selections you made.

Figure J

The RRAS wizard summary window

This also completes the installation of the Remote Access/VPN Server role.

User configuration

By default, users are not granted access to the services offered by the VPN; you need to grant these rights to each user that you want to allow remote access to your network. To do this, open Active Directory Users and Computers (for domains) or Computer Management (for stand alone networks), and open the properties page for a user to whom you'd like to grant access to the VPN. Select that user's Dial-In properties page. On this page, under Remote Access Permissions, select "Allow access". Note that there are a lot of different ways to "dial in to" a Windows Server 2003 system; a VPN is but one method. Other methods include wireless networks, 802.1x, and dial-up. This article assumes that you're not using the Windows features for these other types of networks. If you are, and you specify "Allow access", a user will be able to use multiple methods to gain access to your system. I can't go over all of the various permutations in a single article, however.

Figure K

Allow the user access to the VPN

Up and running

These are the steps needed on the server to get a VPN up and running. Of course, if you have devices such as firewalls between your VPN server and the Internet, further steps may be required; these are beyond the scope of this article, however.

Installing Bugzilla

Bugzilla¶

Online bugzilla installation link is http://www.bugzilla.org/docs/2.18/html/installation.html
Useful resource for upgrading bugzilla: http://www.dracoware.com/blog/2007/06/12/how-to-upgrade-to-bugzilla-30/

Required packages for installing bugzilla¶

Perl
MySQL
Webserver
Bugzilla
Install Perl modules
Install a Mail Transfer Agent

Installation notes¶

apt-get install bugzilla3 to install bugzilla from debian repo
in our case, we have installed from debian repo, and not from source tarball; so there might be some differences in the steps mentioned in the document
previously bugzilla service was provided by Embedded server, but we migrated it to the debian server
the main configuration directory is /etc/bugzilla3
important files are dbconfig-params, localconfig, params
other related directory is /usr/share/bugzilla3
if there is any problem viewing the bugzilla page, there might be problem with permission or the bugzilla apache configuration file (/etc/apache2/conf.d/bugzilla), which looks like this including the RedirectMatch directive:

Alias /bugzilla /usr/share/bugzilla3/web/
Alias /bugzilla3 /usr/share/bugzilla3/web/

<Directory "/usr/share/bugzilla3/web">
        AllowOverride none
        Order allow,deny
        Allow from all
 </Directory>

Alias /cgi-bin /usr/lib/cgi-bin
<Directory "/usr/lib/cgi-bin/bugzilla3">
        AddHandler cgi-script .cgi
        DirectoryIndex index.cgi
        AllowOverride None
         Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks
        Order allow,deny
        Allow from all
</Directory>

RedirectMatch ^/cgi-bin/bugzilla3[/]*$ /cgi-bin/bugzilla3/index.cgi
 
<Directory "/var/lib/bugzilla3/data">
        Options FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>

Redmine configuration on Debian lenny

Redmine on Debian 5.0 (Lenny)

Redmine is a flexible project management web application. Written using Ruby on Rails framework, it is cross-platform and cross-database. Redmine is open source and released under the terms of the GNU General Public License v2 (GPL).

The following has been compiled based on the redmine installation (or DASSmine as we call here @DASS :) experience of the author with the materials collected from various resources.

Installing requirements

First install the Ruby packages from Debian and install rails with Gem (because there was a problem with the rails version 2.1.0-6 installed thru apt-get from debian lenny repo and redmine version 0.7.x with problems like 'Activity' and 'Repository' tabs' pages not working properly):

apt-get install ruby rubygems libmysql-ruby librmagick-ruby rake

gem install rails

Note: gem list to see the list of installed packages

Versions of the packages installed on the debian server:

Package	Version
redmine	0.8.4
ruby	1.8.7.72-3
rails	2.3.2
rubygems	1.2.0-3
rake	0.8.7
passenger	2.2.2

Downloading and installing redmine

Download the latest stable release of redmine from the download page

~# mkdir /var/www/redmine

~# cd /var/www/redmine

/var/www/redmine# wget http://rubyforge.org/......../redmine-X.X.X.tar.gz

/var/www/redmine# tar xvfz redmine-X.X.X.tar.gz

 /var/www/redmine# mv redmine-X.X.X/* .;rm redmine-X.X.X.tar.gz -rf

/var/www/redmine# chown www-data:www-data * . -R

Configuring redmine

Create an empty MySQL database and accompanying user named redmine with the following commands:

~# mysql -u root -p

Type the following commands in mysql shell:

mysql> create database redmine character set utf8;

mysql> create user 'redmine'@'localhost' identified by 'my_password';

mysql> grant all privileges on redmine.* to 'redmine'@'localhost';

 mysql> exit

Copy config/database.yml.example to config/database.yml and edit this file in order to configure your database settings for "production" environment.

/var/www/redmine# cp config/database.yml.example config/database.yml

There is necessary complete the configuration inside database.yml

production:

  adapter: mysql

  database: redmine

  host: localhost

  username: redmine

  password: XXXXXXXX

  encoding: utf8

  socket: /var/run/mysqld/mysqld.sock

Create the database structure, by running the following command under the application root directory:

apt-get install libopenssl-ruby1.8

rake db:migrate RAILS_ENV="production"

It will create tables and an administrator account.

Insert default configuration data in database, by running the following command:

rake redmine:load_default_data RAILS_ENV="production"

This step is optional but highly recommended, as you can define your own configuration from scratch. It will load default roles, trackers, statuses, workflows and enumerations.

Setting up permissions:

The user who runs Redmine must have write permission on the following subdirectories: files, log, tmp (create the last one if not present).

mkdir tmp public/plugin_assets

chmod -R 755 files log tmp public/plugin_assets

Note: Our permissions are 775 on the above mentioned directories.

That's all for the basic Redmine installation. Test the installation by running WEBrick web server:

/var/www/redmine# ruby script/server -e production

Once WEBrick has started, point your browser to http://192.168.10.11:3000/. You should now see the application welcome page.

Use default administrator account to log in:

login: admin
password: admin

You can go to Admin & Settings to modify application settings.

Configuring passenger apache module

Most people don't want to start Redmine using the ruby command so we integrate Ruby and Redmine into Apache using another great product, Passenger

Passenger is a module for apache2 that allow apache runs ruby on rails apps

# apt-get install ruby1.8-dev

# apt-get install make

# gem install passenger

Go to the passenger apache2 module installation

# apt-get install build-essential

# apt-get install apache2-prefork-dev

# cd /var/lib/gems/1.X/gems/passenger-X.X.X/

/var/lib/gems/1.X/gems/passenger-X.X.X# bin/passenger-install-apache2-module

Configuring Apache

In /etc/apache2/mods-available/passenger.load we will add next line

LoadModule passenger_module /usr/lib/gems/1.X/gems/passenger-X.X.X/ext/apache2/mod_passenger.so

We have to edit the conf of the passenger apache2 module in /etc/apache2/mods-available/passenger.conf

PassengerRoot /usr/lib/gems/1.X/gems/passenger-X.X.X

PassengerRuby /usr/bin/ruby1.X

And now we active the module

# a2enmod passenger

# a2enmod rewrite

Apache configuration for redmine web app:

# Configuration for redmine

# /etc/apache2/conf.d/redmine



Alias /redmine /var/www/redmine/public

SetEnv RAILS_ENV production

<Directory /var/www/redmine/public>

        Options Indexes FollowSymLinks MultiViews

         AllowOverride all

        Order allow,deny

        allow from all

</Directory>

Configuration of /var/www/redmine/config/environment.rb:

ENV['RAILS_ENV'] ||= 'production'

Note: It refers to /var/www/redmine/public and not /var/www/redmine. If you use the wrong directory, the AllowOverride directive won't work. It has to work because Redmine uses an .htaccess file in /var/www/redmine/public. As our Rails application is accessed via an Alias directive, we MUST also set the RewriteBase in this htaccess file.

RewriteBase /redmine

Directory permissions:

The web server is ready but it can't do anything yet. First it needs a CGI script. In Redmine's public directory, rename the example script dispatch.cgi.example to dispatch.cgi.

Restart apache:

/var/www/redmine# /etc/init.d/apache restart

Now you should see Redmine's home page when you open http://192.168.10.11/redmine in your browser.

Redmine works now but it's very slow. This is where FastCGI comes in. The libapache2-mod-fcgid apache2 module or some more related packages have to be installed to make it faster.

# apt-get install libapache2-mod-fcgid

# apt-get install libfcgi-ruby1.8

# apt-get install libfcgi-dev

# gem install fcgi

# gem install mysql

rename the dispatch.fcgi.example file in the redmine public directory to dispatch.fcgi
make some configuration changes with regards to fastcgi/fcgid in the htaccess file
restart apache and enjoy the difference in speed :)

.htaccess file

AddHandler fastcgi-script .fcgi

AddHandler fcgid-script .fcgi

Options +FollowSymLinks +ExecCGI

RewriteEngine On

RewriteBase /redmine

RewriteRule ^$ index.html [QSA]

RewriteRule ^([^.]+)$ $1.html [QSA]

 RewriteCond %{REQUEST_FILENAME} !-f

RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]

ErrorDocument 500 "<h2>Application error</h2>Rails application failed to start properly"

SMTP server Configuration

0.8.x releases:

Copy config/email.yml.example to config/email.yml and edit this file to adjust your SMTP settings.

See the Email configuration for redmine with no authentication

# Outgoing email settings

# config/email.yml



production:

  delivery_method: :smtp

  smtp_settings:

    address: 192.168.10.11

    port: 25

    domain: debian.dass.com.np

     authentication: :none

Useful Resources

HowTo: Windows XP VPN Server Setup

Introduction

Recently I have been trying to locate a tutorial on how to setup a VPN (Virtual Private Networking) server without a router or expensive $500 software. When behold I found out that Windows XP has it's own VPN Server Software built right into it. Who knew that windows could actually make a helpful feature such as a VPN Server. Not only does Windows XP have the VPN Server Software but Windows XP also has the VPN Client Software built into it (which will be another entry). Throughout this entry I will be describing step by step instructions on HowTo setup a Windows XP VPN Server.

Step One: Creating A VPN Server

Now children we are venturing into a world of 1's and 0's where few people have ventured before. First lets make sure our check list of materials is complete.

Windows XP (64 Bit works too)
Firewall of Some Sort (for security protection)
20oz Mountain Dew

Now that our checklist of materials is complete let's get started. This is the "Global" way of getting into Network Connections, use any way you please:
Click on the "Start" button.
Goto "Settings"
Then to "Network Connections".

Once you are in Network Connections there should be a "Create New Connection" on the left-hand side.
Click Next on the initial screen.
Now you should be viewing "Network Connection Type." Click on the very last option "Set up an Advanced Connection."
Click Next. An "Advanced Connection Options Screen should now be visible.
Select "Accept Incoming Connections."
Click Next.
Click Next.
Check "Allow virtual Private Connections"
Click Next.
User Permissions:
Either Add a new user to access the VPN or chose a user from the current list. The username and password combination used will be the Username and Password you connect via the VPN Server Client. Once all the users who you want to give access to have it, click next.
Click Next.
Click Finish.

Step Two: Configuring Your Windows XP VPN Server

Now you have a new "Incomming Connections" icon in the "Network Connections" folder. Right click on the Incomming Connections icon and goto Properties.
Click on the "Networking" Tab.
Select "TCP/IP Protocol"
Click on "Properties"
Click "Specify IP Address"
Add whatever range you want. For me I used 192.168.0.100 to 192.168.0.150 because my network is 192.168.0.1 - 192.168.0.99 that way the VPN Server will not conflict with my personal network.
I also checked "Allow Computer to Assign its Own IP Address." This step is not necessary.

Now the VPN Server is setup, but you are not home free yet.

Step Three: Hardware Firewalls

Generally broadband connections mean there is a Hardware Firewall. Hardware Firewalls are firewalls that are built into a Router or a Modem. Depending on the type of router and firewall these steps WILL vary.

1. Enter into your Router/Modem (usually 192.168.0.1 or a variant)
2. If there is a username/password look up the defualt username and password via google. That should get you in.
3. Find the "Advanced Options" or "Port Forwarding"
4. Once on "Port Forwarding," forward these ports: 1723 (both TCP/UDP) to the computer that has the Windows XP VPN Server installed (Start > Run > cmd > ipconfig /all)
5. Forward Port: 500 (both TCP/UDP) to the same IP Address.
6. Save this configuration. If your router/modem has to be restarted, do so and wait for the Router/Modem to com back up.
7. That should allow connections without tearing down your whole firewall.

Set Four: Software Firewalls

If you have a hardware firewall, I would suggest you to disable any software firewall. A hardware firewall provides more than enough protection. If you do not want to disable your software firewall or that is your only firewall, figure out how to forward ports and do so. I am not sure how to allow the Windows XP VPN Server program via your software firewall, I would refer to PPTP and IPSEC port forwarding in the Software Manual.

Ending Notes

For one I take no responsibility for any damage, corruption, or virus infection that may come from using this guide to it's full extents. Take some personal responibilty and do research before venturing into waters unknown. Make backups of critical files and set a "System Restore Point." Either way I will not take responsibility for user error or mis-use of this guide. By reading this guide you are accepting responsiblity for your own actions.

Now that the disclaimer is out of the way. Windows XP VPN Server is an excellent tool for your laptop, or even a friend who you want to share networking resources with. Now you are networked up time to learn how to Connect to your Windows XP VPN Server from another computer/remote location. This guide can be found at HowTo: Windows XP VPN Into a Remote Location

Networking | Linux | Windows | Server 2003

Blog Archive