Thursday, February 26, 2009

Remove directory from CVS

CVS doesn't really keep directories under version control. If you want to remove a directory from a project, you first remove all the files in it, then use update -P to remove the directory from the working directory.

CVS checkout and update will always check out empty directories; that's just the way CVS is built. Do an update with "-P" -- "prune" -- to remove empty directories:

cvs update -dP

(Adding "-d" will update new directories that have appeared since your last update; otherwise, CVS will ignore them.)

Cvs tends to work on a two phase approach regarding directories that's why there is a -P option for many cvs commands to "Prune empty directories".

When this has happened, e.g. want to rename a directory I've just added, I delete the directory, delete the entry for the directory in the CVS/Entries file, it'll be a line perpended with a "D".

If I've committed, I make sure my current working area that contains the empty directory/ies is all checked in. Then I blow away the part of the work area that I have added the directories to.
Ex.

/mySandbox/Project_to_remove/etc_etc
/mySandbox/Project_to_remove/emptyDir


I make sure everything is up to date in both directories containing the stuff I want to keep. I then blow away Project_to_remove from within mySandbox.
Going back and checking out the same work area, e.g. Project_to_remove will give me the work area without the empty dirs.
Or just leave everything as is and use the -P option to get CVS check everything out (or update everything) then prune out the empty dirs.

Renaming Directories

checkout the project, make the changes on the local working copy, delete the CVS project in the repository and import the changed project again.

Wednesday, February 25, 2009

Slackware Packaging tool

Two Things You May Need
1. Swaret
2.installpkg

How to install Swaret.
-- download the Swaret from the sourceforge.net and rename it as given below

$ cp swaret-1.6.2-noarch-1.tgz.tar swaret-1.6.2-noarch-1.tgz

log in as root to install the software using the installpkg command:

# installpkg swaret-1.6.2-noarch-1.tgz

Rename the conf file located in the /etc folder:
# cp /etc/swaret.conf.new /etc/swaret.conf

installpkg

By typing installpkg [packagename].tgz you can install packages on your system.
removepkg

In it's simplest form, removepkg will remove the package name you specify. The general syntax is removepkg packagename.

upgradepkg

Upgrades a currently installed package with the package specified. If the packages have the same name, then you only need to run upgradepkg packagename to perform the upgrade. If the new package has a different name than the currently installed package, you must use this syntax:

upgradepkg oldpackagename%newpackagename

Do not add any extra whitespace between pairs of old/new package names.

rpm2targz

Converts an RPM (RedHat Package Manager) to a Slackware-compatible package. In case you ever run across the need to obtain something that is only in RPM format, this program may come in handy. The syntax is:

rpm2targz [filename].rpm

NOTE: Running rpm2targz will create a .tar.gz file, while running rpm2tgz will create a .tgz file. The files are exactly the same, the only difference is the extension format (some people prefer one over the other).

slapt-get is a very easy command line program to help you install, remove and upgrade Slackware packages.

To list packages you already have installed: slapt-get --installed
To list packages which are now available to you: slapt-get --available
To show a packages complete description: slapt-get --show [package(s)]
To search for a package in your list: slapt-get --search [package(s)]
To install a specific package: slapt-get --install [package(s)]


If you are a bit unsure of yourself before doing the "install" step do this:

slapt-get -s --install [package(s)]

this simulates the install process without actually doing anything. You can also use "-s" to simulate an upgrade.
If an install borks your system or you decide you don't need the software any longer remove the package with:

slapt-get --remove [packages(s)]

Tuesday, February 24, 2009

IPTABLES

The first thing most people should do is set the default policy for each inbound chain to DROP:

# iptables -P INPUT DROP
# iptables -P FORWARD DROP

When everything is denied, you can start allowing things. The first thing to allow is any traffic for sessions which are already established:

# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
So as not to break any applications that communicate using the loopback address, it is usually wise to add a rule like this:

# iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
The next thing to do would be to allow access to specific services running on your machine. If, for example, you wanted to run a web server on your machine, you would use a rule similar to this:

# iptables -A INPUT -p tcp --dport 80 -i ppp0 -j ACCEPT

This will allow access from any machine to port 80 on your machine via the ppp0 interface. You may want to restrict access to this service so that only certain machines can access it. This rule allows access to your web service from 64.57.102.34:

# iptables -A INPUT -p tcp -s 64.57.102.34 --dport 80 -i ppp0 -j ACCEPT

Allowing ICMP traffic can be useful for diagnostic purposes. To do this, you would use a rule like this:

# iptables -A INPUT -p icmp -j ACCEPT

Most people will also want to set up Network Address Translation (NAT) on their gateway machine, so that other machines on their network can access the Internet through it. You would use the following rule to do this:

# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

You will also need to enable IP forwarding. You can do this temporarily, using the following command:

# echo 1 > /proc/sys/net/ipv4/ip_forward

Monday, February 23, 2009

Step by Step using SSH auth without password

SSH ver 2

You need two machine and name them as CM (Client machine) and SM(Server Machine) respectively.
Client and Server

Step 1

Login to the client linux machine 'CM' via ssh to run below command and press "ENTER"

Step 2


Generate Key Pair


[root@CM ~]# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 57:c6:8a:a4:a2:c8:b7:39:9c:14:3c:3a:70:07:5a:9e root@CM
Above command was executed as "root" user, and same can be done as a system user as well. Command will save a public/private key pair in .ssh directory located in HOME directory of the user. As in above case, command was executed as "root" so it will save the key pair in "/root/.ssh/".
After this, you need to append pubilc key of client machine 'CM' stored in id_dsa.pub to /root/.ssh/authorized_keys file of linux server 'SM'. To achieve that, run following command from linux client 'CM'. And on the password prompt, enter the user (in this case "root") password for linux server 'SM':


Step 3

Copy Public Key to Server

[root@CM ~]# scp /root/.ssh/id_dsa.pub root@IP_ADDRESS_OF_SERVER:/tmp root@IP_ADDRESS_OF_SERVER's password: id_dsa.pub 100% 606 0.6KB/s 00:00
Now login to the server machine 'SM' and execute below command to append the pubilc file of client machine 'CM' to authorized_keys file
Append Public Key to authorized_keys in server.
[root@SERVER_HOSTNAME ~]# cat /tmp/id_dsa.pub >> /root/.ssh/authorized_keys
Every thing has been setup now. For testing, run below command from client machine 'CM' to verify that you are able to login to remote linux server 'SM' without entering password.


Login to Server

[root@CM ~]# ssh IP_ADDRESS_OF_SERVER Last login: Wed Jan 1 08:02:15 2009 from IP_ADDRESS [root@SERVER_HOSTNAME ~]#
Now, you can also copy files from serve to client and vice-versa using "scp" without being prompted for password.

Benefit

Automated server backups using scripts
No need to remember passwords for multiple servers

Yahooooooooooooooooo

Looks like yahoo mail is having some problem today,



Wednesday, February 11, 2009

Few Things to take care when an employee leaves

When can employee left the organization there are few things that is advised to take care.

1. Access control
It include to access to Email/Data/Office/Remote Access.
Close his/her email account and access to all third party accounts.
Take back the keys which control his/her physical access to organization.
2. Documentation/Knowledge Transfer
Documentation of employee work and projects. Take its backup at secure place.
3. Organization Assets
It includes Laptop/Desktop/Cell phone/Blackberry/Head Phones/Web Cam/key badage/Security Keys/Parking Stickers
Make a checklist of these things and recover them before employee left the organization. This work can be done by IT/HR department.
4. Exit Interview
It is a best idea to ask an employee to fill an exit form which include his view/suggestion about the organization e.g if he has some complains about the company, or want improvement in some process or have suggestion to implement some policy.

Microsoft has released 4 new security bulletins.

Microsoft has released 4 new security bulletins.

MS09-002: Cumulative Security Update for Internet Explorer (961260)
http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
Severity: Critical

MS09-003: Vulnerabilities in Microsoft Exchange Could Allow Remote Code
Execution (959239)
http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx
Severity: Critical

MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code
Execution (959420)
http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx
Severity: Important

MS09-005: Vulnerabilities in Microsoft Office Visio Could Allow Remote
Code Execution (957634)
http://www.microsoft.com/technet/security/bulletin/ms09-005.mspx
Severity: Important

Sunday, February 8, 2009

How to check if any user is login to CVS

If User has a password on server and repository is using pserver and using ssh for login.
Assuming the repository is using pserver (you really should use ssh)

export xorpw=`grep "$CVSROOT" ~/.cvspass |awk '{print $3}'`
if [ "$xorpw" != "A" ]
then
LOGEDIN=true
else
LOGEDIN=false
fi
echo $LOGEDIN


With SSH
Assumption
A) $CVSROOT does not have a FQDN
B) hostname on the server does not return a FQDN
C) no username in $CVSROOT
or
D) both $CVSROOT and hostname will give you the same FQDN

If the above assumptions are wrong then script around them

MACHINE=`echo $CVSROOT |awk -F: '{print $3}'`
FROMMACHINE=`ssh $MACHINE hostname 2>/dev/null`
if [ "$FROMMACHINE" == "$MACHINE" ]
then
LOGEDIN=true
else
LOGEDIN=false
fi
echo $LOGEDIN