Thursday, December 26, 2013

Subversion, webdav, LDAP and folder restrictions

If you need to configure a svn server on Linux with LDAP authentication, webdav and insert specific directory restrictions you can follow these instructions.
1: you need to install subversion and apache in your Linux server (I will omit this part).
2: you need to configure webdav to access svn over http and configure LDAP access.

Make sure to have the following apache modules installed and configured:
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule dav_module modules/mod_dav.so
LoadModule authn_alias_module modules/mod_authn_alias.so
I am usual to configure subversion in /srv/svn folder.
The users allowed to access the SVN have to belong to the LDAP group CN=SVN-AUTHORIZATION,OU=Groups GSO,DC=test,DC=example,DC=com

Tuesday, December 24, 2013

Apply Oracle patch

1. Shutdown Oracle instance
Login with oracle user, type the command:
$dbstop $ORACLE_HOME

2. Download patches, go to https://support.oracle.com then search patch name/number. Upload patches (ex: 16902043, 17762528) to server (ex: /home/oracle) and extract.

3. Download Oracle opatch tool (ex: 68806880)

4. Copy OPatch folder in $ORACLE_HOME to another backup place

$cp $ORACLE_HOME/OPatch /backup
$ rm -r $ORACLE_HOME/OPatch/*

 5. Copy opatch to $ORACLE_HOME

$cp p68806880....zip $ORACLE_HOME
$cd $ORACLE_HOME
$ unzip p68806880....zip

6. Apply patch

$cd 16902043
$$ORACLE_HOME/OPatch/opatch apply
$cd 17762528
$$ORACLE_HOME/OPatch/opatch apply

7. Start oracle database

$dbstart $ORACLE_HOME

Tuesday, December 17, 2013

How to upgrade oracle 11.2.0.1 to 11.2.0.3 through PUTTY or SILENT MODE

Upto 10g release 2 database upgradation means first you need to install base version then apply the upgrade patch. Ex: If you want to install 10.2.0.5 database software first install the base version i.e 10.2.0.1 then apply the upgrade patch(ex 10.2.0.5) on that base version so that software will upgraded.

Coming to 11g Release 2 upgradation means each version patch is equalent to base version [Here is there no concept of base version]. You can directly install that patch version and upgrade the database.

You are installing 11.2.0.3 software and migrating the database to 11.2.0.3.

Monday, November 25, 2013

MRTG without SNMP

$sudo apt-get install mrtg mrtgutils
$sudo nano /etc/mrtg.cfg
######################################################################
# Multi Router Traffic Grapher -- Sample Configuration File
######################################################################

# Global configuration
# Global Config Options
#-----------------------------
WorkDir: /data/webs/default/mrtg/
EnableIPv6: no
XSize[_]: 380


Thursday, November 21, 2013

Keeping the Original Partition in MDT 2012

Problem:
Out-of-box machines now-a-days are coming with a recovery partition. If you are using MDT 2012 to deploy your Windows 7 image, the Task Sequence will format the partition and you will lose that recovery partition.

Friday, July 5, 2013

Resize LVM ext4


Reduce
# Unmount the filesystem and check its' LV
umount /mnt/foo
e2fsck -f /dev/mapper/vg0-foo

# Shrink ext4 and then the LV to the desired size
resize2fs -p /dev/mapper/vg0-foo 40G
lvreduce -L 40G /dev/mapper/vg0-foo

# Before continuing, run e2fsck. If it bails because the partition
# is too small, don't panic! The LV can still be extended with
# lvextend until e2fsck succeeds, e.g.:
# lvextend -L +1G /dev/mapper/vg0-foo
e2fsck -f /dev/mapper/vg0-foo

# Resize the filesystem to match the LVs size, check and mount it
resize2fs -p /dev/mapper/vg0-foo
e2fsck -f /dev/mapper/vg0-foo
mount /mnt/foo

Increase

ext4 can performce online growth
$ sudo lvextend -L12G /dev/lvmvolume/lucid64root
$ sudo apt-get install lvm2
$ sudo vgchange -a y
$ sudo resize2fs /dev/lvmvolume/lucid64root


Replace the above command if your file system is xfs
$sudo xfs_growfs /dev/lvmvolume/lucid64root

$ sudo e2fsck -f /dev/lvmvolume/lucid64root
Reboot 

# Example 1: Extend LV (lvvar) from VG (vgroot) to a specific size (50G) root@linux ~ # lvextend -L50G /dev/vgroot/lvvar # Example 2: Extend LV (lvvar) from VG (vgroot) with additional 10G root@linux ~ # lvextend -L+10G /dev/vgroot/lvvar # Example 3: Extend LV (lvvar) from VG (vgroot) with the remaining space of the VG root@linux ~ # lvextend -l+100%FREE /dev/vgroot/lvvar


http://pubmem.wordpress.com/2010/09/16/how-to-resize-lvm-logical-volumes-with-ext4-as-filesystem/
http://againstentropy.blogspot.com/2012/01/resizing-root-ext4-filesystem-on-lvm.html

Wednesday, June 26, 2013

Conditional logging in Apache 2

Sometimes Apache 2’s logs can get really polluted by entries which you don’t care about and might skew your statistics. For example you wouldn’t want your own IP address in the logs because you don’t want that counted in the statistic. Although most web analyzers have filters to exclude such things, you can do this directly in Apache by not logging these. To do this you first need to set and environment variable that matches what you don’t want to log - this can use regular expressions and the matching is done on HTTP header fields like Remote_Addr or Request_URI.
Let’s say you want to exclude all internal IPs in your company from your website’s logs. You need to add this to your httpd.conf or domain_name.conf, depending on how you have your web server set up:

SetEnvIf Remote_Addr "10\.*\.*\.*" nologging
 
This just created a new variable in Apache’s environment called “nologging”. Now we will add this to the log directive in the same config file:

CustomLog log/access.log  combined env=!nologging
 
Now Apache will log everything except what is matched with the rule above. If you want to add more things to the list of non-logging, we can just continue adding rules to that variable. Let’s assume we decided not to add the favicon.ico requests to the log:

SetEnvIf Request_URI "^/favicon\.ico$" nologging
 
That’s it, no more pesky favicon requests in the logs! As you can see, the rules are pretty powerful and there are many uses for this! Also, don’t forget that you need the “log_config” and the “setenvif” module loaded in Apache! As usual you can check this using httpd -M or apache2 -M on the command line.
For more details: http://httpd.apache.org/docs/2.2/mod/mod_log_config.html

Tuesday, June 25, 2013

Moodle java script issue

Moodle has cached its own. So sometime will effected to javascript, here is the error I got when using firebug:

Uncaught TypeError: Cannot call method 'load_flowplayer' of undefined
On the httpd access_log file, you may see

192.168.0.100 - - [25/Jun/2013:10:25:11 +0400] "GET /moodle/theme/image.php/_s/cover/theme/1372141187/leaves0 HTTP/1.1" 404 674 "http://domain.com/moodle/theme/index.php?lang=en" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" 0

To fix it, please clear cache with www.yourdomain.com/moodle/admin/purgecaches.php 

Done.

Tuesday, June 4, 2013

How to Fix Temporary Profile in Windows 7

http://www.sysprobs.com/fix-temporary-profile-windows-7

Sometimes Windows 7 OS may not read your correct user profile properly, instead, load with temporary profile which will look completely different.  If you are not aware of temp profile or missed to see the pop-up message at bottom right side of the screen, then really you will be surprised to see completely different and new desktop without your files,folders,shortcut icons and any customized settings.This guide shows how to fix temporary profile issue on Windows 7.
“You have been logged on with Temporary profile”- that’s the famous message from Windows 7. Even though this article was published back in 2010, I’m rewriting this again on August 2012 with more information, inputs, related links and the experience I had on this issue for last two years in domain and workgroup environment.

Why Windows 7 Loads with Temporary Profile?

Obviously, your profile (the files and folders located under C:\Users\user_name) is corrupted. There is another chance which is a delay in reading your profile files due to Antivirus scan or something else during boot up. Usually after typing your user name and password Windows tries to read and load your profile, if it gets corrupted or delay in reading, Windows will load with temp profile to give temporary access on computer.

Thursday, May 30, 2013

Nginx SSL Certificate Installation

SSL Certificate Installation in Nginx

Nginx Server SSL Certificate Installation
You should have received a your_domain_name.pem file from DigiCert in an email when your certificate was issued. If you have that file you can skip to step 3. Otherwise, start with step 1.
  1. Copy the Certificate files to your server.
    Log in to download your Intermediate (DigiCertCA.crt) and Primary Certificates (your_domain_name.crt) from within your DigiCert Customer Account. Copy them, along with the .key file you generated when you created the CSR, to the directory on your server where you will keep your certificate and key files. Make them readable by root only to increase security.
  2. Concatenate the primary certificate and intermediate certificate.
    You need to concatenate the primary certificate file (your_domain_name.crt) and the intermediate certificate file (DigiCertCA.crt) into a single pem file by running the following command:
    cat DigiCertCA.crt >> your_domain_name.crt
  3. Edit the Nginx virtual hosts file.
    Now open your Nginx virtual host file for the website you are securing. If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a server module for each type of connection. Make a copy of the existing non-secure server module and paste it below the original. Then add the lines in bold below:

    server {
    
    listen   443;
    
    ssl    on;
    ssl_certificate    /etc/ssl/your_domain_name.crt; (or .pem)
    ssl_certificate_key    /etc/ssl/your_domain_name.key;
    
    server_name your.domain.com;
    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    location / {
     root   /home/www/public_html/your.domain.com/public/;
     index  index.html;
    }
    
    }
    Adjust the file names to match your certificate files:
    • ssl_certificate should be your primary certificate combined with the intermediate certificate that you made in the previous step (e.g. your_domain_name.crt).
    • ssl_certificate_key should be the key file generated when you created the CSR.
  4. Restart Nginx.
    Run the following command to restart Nginx:
    sudo /etc/init.d/nginx restart

Tuesday, May 28, 2013

Computers not showing up in WSUS console after cloning

WSUS is a real life saver on a Windows network of any size, it more than pays off its huge initial download size when it serves computers on the network and saves internet bandwidth. However, like any other software, it can be temperamental and have tough to troubleshoot problems.
I recently came across a problem during the migration at my work. We set up the client XP SP3 workstation, ran sysprep and then cloned the box. However, after the deployment, only 1 or 2 computers were appearing in the WSUS console when there should have been 38.
Puzzled by this, and by the fact that computers were still getting updates despite not showing up in the console, I decided to investigate. After a lot of internet searching, I narrowed down the seeming culprit to a setting in the registry.
It turns out that for whatever reason, sysprep is not removing these entries in the registry, so the computers after cloning will receive updates but won’t report to the console. It may have been some change Microsoft made with SP3, or it may be the updated Automatic Update client, no one really knows.

Wednesday, May 8, 2013

Moodle: Nav Menu and Images/Icons are broken out of the box

Installed nginx as http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-ubuntu-12.10

I got the problem like this


To resolve this,  Site administration > Server > Http.  Find the option 'Slasharguments' and untick it

Monday, May 6, 2013

FastCGI: comm with server

Use -idle-timeout paramater on "FastCgiExternalServer" line to solve this
problem.


<IfModule mod_fastcgi.c>
                AddHandler php5-fcgi .php
                Action php5-fcgi /php5-fcgi
                Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
                FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -idle-timeout 250 -socket /tmp/php5-fpm.sock -pass-header Authorization
        </IfModule>

Friday, April 5, 2013

Install Oracle 10.2.0.4 on Solaris x86

1. Create oracle User Account
Login as root and create te user oracle which belongs to oinstall,dba,asmdba and asmadmin groups.

su -
# groupadd dba
# groupadd oinstall
# groupadd asmdba
# groupadd asmadmin
# useradd -g oinstall -G dba,asmdba,asmadmin -m -d /export/home/oracle -s /usr/bin/bash oracle


2. Setting System parameters
Edit the /etc/system and add following line:

set noexec_user_stack=1

set semsys:seminfo_semmni=100
set semsys:seminfo_semmns=1024
set semsys:seminfo_semmsl=256
set semsys:seminfo_semvmx=32767
set shmsys:shminfo_shmmax=4294967295
set shmsys:shminfo_shmmni=100
set max_nprocs=30000
set maxuprc=16384


Sunday, February 3, 2013

Cisco VPN Client 5 on Windows 8


NOTE: Always create a backup before doing any type of Windows registry modifications!!!!
With the full public release of Windows 8 right around the corner it is inevitable that people will want to get in there and check it out. If you are working someplace that uses the Cisco VPN client you may run into a little issues getting it to work on Windows 8. Luckily the fix is REALLY simple. I’m sure they will add support in the future, but for the time being check out the issue and fix below.
The client will install and run just fine on the OS, at least it did for me. The problem comes when connecting to VPN resulting in the following error: