Archive for July, 2010

« Older Entries
Newer Entries »

Install Denyhosts on FreeBSD 7.2 to prevent SSH brute force attacks

Sunday, July 11th, 2010

In order to protect brute force attacks on FreeBSD you might use denyhosts.
It’s easy and light to configure than fail2ban or blockhosts for which I’ve blogged earlier.
Denyhosts is using /etc/hosts.allow to add it’s failed logins filtering, and fortunately you won’t need to do any changes to your firewall.
To install denyhosts quickly on FreeBSD you need to follow the below steps literally:

1. Install Denyhosts using pkg_add or ports

freebsd# cd /usr/ports/security/denyhostsfreebsd# make && make install clean You will have to follow the installation steps provided after the denyhosts install is completed.I post them here for clarity:

---------------------------------------------------------
To run denyhosts from startup, add denyhosts_enable="YES"
in your /etc/rc.conf.
Configiration options can be found in %%PREFIX%%/etc/denyhosts.conf
------------------------------------------------------------
In order to proper working of denyhosts
1. edit your /etc/hosts.allow file and add:
sshd : /etc/hosts.deniedssh : deny
sshd : ALL : allow
2. issue the following command if /etc/hosts.deniedssh does not exist yet
touch /etc/hosts.deniedssh
------------------------------------------------------------
Warning:

syslogd should ideally be run with the -c option; this will ensure that
denyhosts notices multiple repeated login attempts.

To do this, add syslogd_flags=”-c” to /etc/rc.conf
—————————————————————-

Having the above instructions in mind to finalize the installation, you will have to issue.

freebsd# echo 'denyhosts_enable="YES"' >> /etc/rc.conf
freebsd# echo 'syslogd_flags="-c"' >> /etc/rc.conf

Furthermore edit /usr/local/etc/denyhosts.conf and make sure in it you edit the variables HOSTS_DENY and BLOCK_SERVICE :
The two variables should be set to the values like the shown below:

HOSTS_DENY = /etc/hosts.evil
BLOCK_SERVICE =

Thereafter edit /etc/hosts.allow and include the directives:

sshd: /etc/hosts.evil: deny
sshd: ALL : allow

This should have completed denyhosts configuration, and we need to further create the /etc/hosts.evil file.

freebsd# touch /etc/hosts.evil

All necessary left is to, Launch the denyhosts service python init script and restart the syslogd.
Next after denyhosts will start blocking up incorrect SSH logins

– So let’s restart syslog and start denyhosts freebsd# /etc/rc.d/syslogd restart
freebsd# /usr/local/etc/rc.d/denyhosts start

Now script kiddies would have some hard time breaking in to your server guessing your user password with a large words dictinary, if they try to break they will be soon filtered by the hosts.deny rules added by denyhosts.

It’s important to say as you can also see from the denyhosts.conf file that denyhosts readds new ips to the file with ips to include in hosts.deny every 30 seconds.

Cheers now! 🙂

Tags:
Posted in Computer Security, FreeBSD, System Administration | 4 Comments »

Preventing brute force attacks with Fail2ban, Denyhosts and BlockHosts / Ban ips that cause multiple authentication errors

Saturday, July 10th, 2010

Do you have a lot of authentication errors in your /var/log/messages file that look like:

Jul 10 16:01:00 pcfreak sshd[3381]: error: PAM: authentication error for illegal user kadilack from 219.143.202.186
Jul 10 16:03:57 pcfreak sshd[3384]: error: PAM: authentication error for illegal user porsche from 116.55.226.131
Jul 10 16:08:52 pcfreak sshd[3418]: error: PAM: authentication error for illegal user windows from 212.254.218.162
Jul 10 16:13:09 pcfreak sshd[3469]: error: PAM: authentication error for illegal user xp from 210.21.208.238

Are you attacked often by Script Kiddies (pseudo hackers) trying to brute forcely get access to your SSH , FTP or E-mail POP3 Account?

Does viewing your /var/log/auth.log and /var/log/messages are filled in with few hundreds of failed logins originating from different hosts on the SSH, FTP and Mail services?
It’s almost impossible that you haven’t!
Almost everybody who owns a home router running some kind of home crafted unix bsd or linux based unix distribution has probably encountered brute force attacks in his most essential services (SSH, FTP, POP3).

Most of this authentication attacks are using the so called Brute, Force Method attack and are albeit trying to break into your system probing with various dictionary based common login names and passwords.

The common user names so often probed for are: root , toor , admin , john , mike and so on and so on ..

To deal with this brute force authorization break attacks, many methodologists were invented. Most of which implemented by a number of software programs written to adequately deal with the problem.

The most popular programs I found that resolve issues with authentication break in attempts are:

1. fail2ban
– Fail2Ban is an intrusion prevention framework written in the Python
Fail2ban is able to protect against intursion attempts over the protocols FTP, SSH, SFTP and POP3, HTTP (Apache), Kerberos, MTAs. Mailservers, VPN and probably even more.
Likewise fail2ban seems to be becoming the de-facto standard proram against brute force attacks

2. DenyHosts
– DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).
Though Denyhosts is a superb piece of software according to the user feedbacks I’ve red online, it has currently only support for the SSH protocol.

A good thorough article On how to use DenyHosts to prevent SSH Dictionary Login attacks is available here

3. Blockhosts
– Blockhosts is a script that checks how many failure attempts are available in your Linux Server log files and whenever a certain amount of failed attempts are reached, blockhosts is also able to: use /etc/hosts.allow file, set-up null-routing for the intruder source host address or by setting up iptables deny rules to drop packets from the intruder host
Blockhosts is written in Python so if you intend to use it make sure you have an installed and workable python interpreter version 2.3 or higher.
Blockhosts is also able to both block up brute force attacks to the SSH as well the FTP network services.
A good article on Brute Force Protection with BlockHosts on Debian Linux is found here

After I have reviewed all of the up three mentioned brute force authentication failure brute force prevention applications, I decided to go with fail2ban since it looked like the most promising and the most supported one.

A good quick and dirty article on How to setup fail2ban to refuse brute-force attacks is here – the article is described on how to set up fail2ban to ban brute force probers through /etc/hosts.deny

Another good worthy to take a look at article about Preventing Brute Force Attacks with Fail2ban on Debian Etch can be red here

Here is how to install fail2ban on Debian Lenny Linux, I issued:

debian-server:~# apt-get install fail2ban

Before you proceed further in order to configure fail2ban to properly work with your services of choice please edit:

/etc/fail2ban/jail.conf

Next I started the fail2ban daemon.

debian-server:~# /etc/init.d/fail2ban start

I also tried to include in fail2ban support for vpopmail as described in official fail2ban’s page wiki
Well it didn’t work out though I spend some time trying to figure out to figure out why it’s not working I eventually couldn’t, it would be my pleasure if some of my readers suggests a good article on how to enable vpopmail pop3 email logins to be checked for mass login failures with fail2ban.

In some cases the support for proftpd which is included by default with fail2ban also refused to work correctly and often times a completely legit FTP logged in users were banned by fail2ban which was pretty annoying. I didn’t really spend much time to look for what was causing the problem but anyways if somebody has stuck on the same issue, please share about the solution.

Since I couldn’t make fail2ban to work with proftpd because of the improper ip filtering of a completely regular FTP logged in users during some FTP file list operations, I decided to completely disable fail2ban’s proftpd support to do so I changed in /etc/fail2ban/jail.conf

[proftpd]

enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6

To:

[proftpd]

enabled = false
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6

Regardless the installation path taken, if you choose to install fail2ban, I suggest you remove the fail2ban POSSIBLE BREAK-IN ATTEMPT preventing
doing so would prevent a legitimate hosts which are lacking a correct PTR record (also called in sys-admin jargon back resolving) from being erroneously (wrongly) denied by fail2ban.

To disable the possible break in checks in fail2ban on Linux hosts open all files located in /etc/fail2ban/filter.d/ directory one by one and comment out anywhere you see the line:

^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPTs*$

To look like:

# ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPTs*$

On most of Fedora and CentOS (Redhat RPM based Linux distributions ), fail2ban is also really easy to install and should be directly available through yum package manager

In order to install fail2ban on CentOS release 5.5 (Final) all you need to execute is:

[root@centos-server: fail2ban]# yum install fail2ban

To install and configure fail2ban on FreeBSD 7.2 with pf (packet filter firewall):

freebsd# uname -a;
FreeBSD pcfreak 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Fri Oct 2 12:21:39 UTC 2009 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386

First you need to install the fail2ban FreeBSD port:

freebsd# cd /usr/ports/security/py-fail2ban
freebsd# make install clean

….

creating /var/run/fail2ban
running install_egg_info
Writing /usr/local/lib/python2.6/site-packages/fail2ban-0.8.4-py2.6.egg-info

Please do not forget to update your configuration files.
They are in /usr/local/etc/fail2ban/.

===> Installing rc.d startup script(s)
===> Registering installation for py26-fail2ban-0.8.4
===> Cleaning for py26-fail2ban-0.8.4

Furthermore it will be necessery to configure within your firewall filter rules a table where fail2ban would automatically include new rules if some of the failure logins events configured within fail2ban configuration files occurs.
For a users which prefer to use freebsd pf (packet filter) you will have to need few custom lines to fail2ban and to /etc/pf.conf files in order to have fail2ban up and running on your BSD.
In /usr/local/etc/fail2ban/jail.conf you will need to include the following fail2ban configuration options:

# PF jail

[ssh-pf]

enabled = true
filter = sshd
action = pf
sendmail-whois[name=SSH, dest=email at domain.com]
logpath = /var/log/auth.log

Likewise in /usr/local/etc/fail2ban/action.d/pf.conf it’s necessary to include:

[Definition]

actionstart =
actionstop =
actioncheck =
actionban = pfctl -t fail2ban -T add <ip>
actionunban = pfctl -t fail2ban -T delete `pfctl -t fail2ban -T show 2>/dev/null | grep <ip>`

[Init]

port = ssh
localhost = 127.0.0.1

Also you will have to include in your /etc/pf.conf the following rules which will create a new fail2ban table in firewall where fail2ban will insert it’s deny rules.

table <fail2ban> persistblock in on $ext_if from <fail2ban>

Thereafter to configure fail2ban on FreeBSD hosts, you should include in /usr/local/etc/fail2ban/jail.conf at least the following code:

[ssh-pf]
# this checks if fail2ban jail is switched on and it combines the filter.d/sshd.conf with action.d/pf.conf
enabled = true
filter = sshd
action = pf
logpath = /var/log/auth.log
maxretry = 5

[ssh-ddos]
# this check if fail2ban-jail is switched on and it combines the filter.d/sshd-ddos.conf with action.d/pf.conf
enabled = true
filter = sshd-ddos
action = pf
logpath = /var/log/auth.log
maxretry = 3

Inside /etc/pf.conf in the appropriate place you should add:

## FILTER RULES
table <fail2ban> persist
block in on $EXT_NIC from <fail2ban>

Where EXT_NIC or $ext_if should be your external interface variable defined in pf.conf
To test your new pf.conf definitions with included support for fail2ban issue the command:

freebsd# pfctl -nvf /etc/pf.conf

If you get a message like:

/etc/pf.conf:20: Rules must be in order: options, normalization, queueing, translation, filtering

while testing your integrity of pf rules. This is a sure sign that you have misplaced the <fail2ban> filter rules shown a bit upwards
Furthermore you will have to flush and reload the pf firewall rules (nat, filter, queue, state, info, table), before fail2ban is ready to go on BSD
To do so use the command:

pfctl -Fa -f /etc/pf.conf

Let us also not forget to set it to run automatically on system login via the /etc/rc.conf bsd boot system

freebsd# echo 'fail2ban_enable="YES"' >> /etc/rc.conf

Lastly we will also have to manually start up fail2ban

freebsd# /usr/local/etc/fail2ban start

Also I suggest you take a look on the down further nice articles on how to install and configure fail2ban on FreeBSD:

FreeBSD SSH port Security 1 wifh fail2ban
FreeBSD SSH port Security 2 with fail2ban
FreeBSD SSH port Security 3 with fail2ban

Until recently there are no publicly known security threats with fail2ban, however bear in mind that using fail2ban could also be a security hole if there are some errors in the program log parser.

Tags: ,
Posted in Computer Security, FreeBSD, Linux, System Administration | 3 Comments »

How to Install, Setup and Test GeOIP support in PHP on Apache2 in Debian Lenny Linux

Friday, July 9th, 2010

I’ve recently was required to install PHP GeOIP on one of the Linux servers I do maintain here is how I did it:

1. Install support for GeoIP
– Luckily though on Debian Linux there is a bundled deb package, so installation is trivial and clean.

debian-server:~# apt-get install php5-geoip

2. Furthermore it’s necessery to grasp geoip’s city database

debian-server:~# wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

Extract the gz file to prepare it for use by PHP GeoIP:

debian-server:~# /bin/gunzip GeoLiteCity.dat.gz

– Move the GeoLiteCity.dat file to /usr/share/GeoIP like so:

debian-server:~# mv GeoLiteCity.dat /usr/share/GeoIP

Now in order for the new geoip database to be red by PHP GeoIP we need to restart the Apache Webserver.

debian-server:~# /etc/init.d/apache2 restart

3. It’s also recommendable to update periodically the Geo IP GeoLiteCity.dat database in order to be always up-to-date with the latest IP location information provided out there, to do so I’ve created a 3 liner that does the job.

To start using the geoip_update.sh download it from here and set it to execute via cron.

debian-server:~# cd /usr/sbin;
debian-server:~# wget https://www.pc-freak.net/bshscr/geoip_update.sh
debian-server:~# echo "02 00 1 * * /usr/sbin/geoip_update.sh >/dev/null 2>&1" | crontab -

That’s all now PHP GeoIP database will be updated once a month on day 01 at 02:00 a.m.

Now in order to check if your PHP GeoIP is ready to go and used by php scripts.

Create a new sample script, let’s say check_php_geoip.php and put in it:

<php
print_r(geoip_record_by_name('php.net'));
>

Place the script somewhere under your Apache document root and invoke it via a browser, if it executes correctly you should get an output similar to:

Array ( [country_code] => BG [country_code3] => BGR [country_name] => Bulgaria [region] => 40 [city] => Dobric [postal_code] => [latitude] => 43.5666999817 [longitude] => 27.8332996368 [dma_code] => 0 [area_code] => 0 )

Tags:
Posted in Linux, System Administration | 5 Comments »

How to add a new user to Webmin from shell via (bash,sh)

Thursday, July 8th, 2010

You might search for a way to add a new user to your Webmin without bothering using the Webmin user interface or you simply prefer using shell for adding the new user to Webmin just like I do.

1.In order to manually add a new user to webmin you will have to edit webmin’s /etc/webmin/miniserv.users which is the default miniserv.uesrs location in many Linux distributions, however in FreeBSD or other BSDs the miniserv.users file location would probably be /usr/share/etc/webmin/ or /usr/share/webmin/etc , anyways if you are adding the new user manually open the file and copy paste the line:
root:12ZWQKVLjpihs:0
to a new line, where you will have to modify the line substituting root with newusername , like so:

newusername:12ZWQKVLjpihs:0

Afterwards you will have to also edit the file /etc/webmin/webmin.acl and likewise copy paste the definitions allowing access to all recources to the root user which in webmin.acl by default are:

root: acl adsl-client apache at backup-config bacula-backup bandwidth bind8 burner cfengine change-user cluster-copy cluster-cron cluster-passwd cluster-shell cluster-software cluster-useradmin cluster-usermin cluster-webmin cpan cron custom dfsadmin dhcpd dnsadmin dovecot exim exports fdisk fetchmail file filter firewall frox fsdump grub heartbeat htaccess-htpasswd idmapd inetd init inittab ipfilter ipfw ipsec jabber krb5 ldap-client ldap-server ldap-useradmin lilo logrotate lpadmin lvm mailboxes mailcap majordomo man mon mount mysql net nis openslp package-updates pam pap passwd phpini postfix postgresql ppp-client pptp-client pptp-server procmail proc proftpd pserver qmailadmin quota raid samba sarg sendmail sentry servers shell shorewall smart-status smf software spam squid sshd status stunnel syslog syslog-ng system-status tcpwrappers telnet time tunnel updown useradmin usermin vgetty webalizer webminlog webmin wuftpd xinetd

In my case I wanted to add to the newly created newuser only acl privileges for user crontab modification and htaccess-passwd creation thus I have included in the webmin.acl file only:

newuser: cron webmin htaccess-passwd

You will also be required to change the new user webmin password to some password of your choice, to attain that in Debian Linux execute:

debian:~# /usr/share/webmin/changepass.pl /etc/webmin newusername type_your_password

On Fedora and other RPM (Redhat based linux distros) the webmin changepass.pl user password change script is located in /usr/libexec/webmin/changepass.pl therefore if you’re about to change the password for the new user on Fedora and alike, type:

fedora:~# /usr/libexec/webmin/changepass.pl /etc/webmin/ newusername your_password

In the above change password exapmles you need to substitute newusername with the user chosen to be the new username as explained earlier in the post.
Finally in order for the newly added user with the respectively configured permissions to start working in Webmin, you will have to reload the webmdaemon. In most linux distributions (including Debian), to restart webmin you will have to issue:

linux-shell:~# /etc/init.d/webmin restart

However if you’re looking for a bit more automated way instead of manually editting the miniserv.users and webmin.acl files.
2. Herein is a tiny shell script I’ve written which facilitates the new webmin user creation under a console / terminal / shell

I have written webmin-new-user.sh just for fun, and it could be greatly improved, so don’t expect too much from it it doesn’t do any checks on the input given to the script, so be sure to pass a correct input as required from the dialogs in order to be able to use the script to add new users to your webmin from bash or any other unix shell.
The script is written to work with Debian on Fedora and other rpm based distributions as well as BSD a minor tunings within the script might be necessary to make the script work.
Please leave feedback on the script if it is of any use to you 🙂

Tags: ,
Posted in Linux, Programming, System Administration | 17 Comments »

How to fix / Resolve WordPress Blog /comments/feed/ redirect loop

Wednesday, July 7th, 2010

I have recently figured out that accessing https://www.pc-freak.net/blog/comments/feed/ would end up in a Redirect Loop I’m using feedburner to manage my blog feeds so I assume this redirect loop is probably caused by the use of feedburner

Since this kind of redirect loop is definitely not professional and has a negative influence on search engine indexing (the SEO), I have playeda bit until I finally found a way to resolve the /comments/feed/ redirect loop.
In order to resolve the redirect loop issue it appeared to be really easy.

To fix the issue Navigate to:

Tools -> Redirection

Therein add a Source URL to redirect to a Target URL:
For instance:

Source URL: https://www.pc-freak.net/blog/comments/feed/

Target URL: https://www.pc-freak.net/blog/feed/

Press the Add Redirection button to confirm the redirection.
That’s all your problems with feeds redirect loop while the /comments/feed/ url is accessed should be resolved.

Tags: , , , , , , , , , ,
Posted in Linux, SEO, System Administration, Various, Web and CMS | 2 Comments »

Recover/Restore unbootable GRUB boot loader on Debian Testing GNU/Linux using Linux LiveCD (Debian Install CD1)

Tuesday, July 6th, 2010

I’ve recently broke my grub untentianally while whiping out one of my disk partitions who was prepared to run a hackintosh.
Thus yesterday while switching on my notebook I was unpleasently surprised with an error Grub Error 17 and the boot process was hanging before it would even get to grub’s OS select menu.

That was nasty and gave me a big headache, since I wasn’t even sure if my partitions are still present.
What made things even worse that I haven’t created any backups preliminary to prepare for an emergency!
Thus restoring my system was absolutely compulsory at any cost.
In recovering the my grub boot manager I have used as a basis of my recovery an article called How to install Grub from a live Ubuntu cd
Though the article is quite comprehensive, it’s written a bit foolish, probably because it targets Ubuntu novice users 🙂
Another interesting article that gave me a hand during solving my issues was HOWTO: install grub with a chroot
Anyways, My first unsuccessful attempt was following a mix of the aforementioned articles and desperately trying to chroot to my mounted unbootable partition in order to be able to rewrite the grub loader in my MBR.
The error that slap me in my face during chroot was:

chroot: cannot execute /bin/sh : exec format error

Ghh Terrible … After reasoning on the shitty error I came to the conclusion that probably the livecd I’m trying to chroot to my debian linux partition is probably using a different incompatible version of glibc , if that kind of logic is true I concluded that it’s most likely that the glibc on my Linux system is newer (I came to that assumption because I was booting from livecds (Elive, Live CentOS as well Sabayon Linux, which were burnt about two years ago).

To proof my guesses I decided to try using Debian testing Squeeze/Sid install cd . That is the time to mention that I’m running Debian testing/unstable under the code name (Squeeze / Sid).
I downloaded the Debian testing amd64 last built image from here burnt it to a cd on another pc.
And booted it to my notebook, I wasn’t completely sure if the Install CD would have all the necessary recovery tools that I would need to rebuilt my grub but eventually it happened that the debian install cd1 has everything necessary for emergency situations like this one.

After I booted from the newly burned Debian install cd I followed the following recovery route to be able to recovery my system back to normal.It took me a while until I come with the steps described here, but I won’t get into details for brevity

1. Make new dir where you intend to mount your Linux partition and mount /proc, /dev, /dev/pts filesystems and the partition itself

noah:~# mkdir /mnt/root
noah:~# mount -t ext3 /dev/sda8 /mnt/root
noah:~# mount -o bind /dev /mnt/root/dev
noah:~# mount devpts /dev/pts -t devpts

Change /dev/sda8 in the above example commands with your partition name and number.
2. chroot to the mounted partition in order to be able to use your filesystem, exactly like you normally use it when you’re using your Linux partition

noah:~# chroot /mnt/root /bin/bash

Hopefully now you should be in locked in your filesystem and use your Linux non-bootable system as usual.

Being able to access your /boot/grub directory I suggest you first check that everything inside:

/boot/grub/menu.lst is well defined and there are no problems with the paths to the Linux partitions.

Next issue the following commands which will hopefully recover your broken grub boot loader.

noah:~# grub
noah:~# find /boot/grub/stage1

The second command find /boot/grub/stage1 should provide you with your partitions range e.g. it should return something like:

root (hd0,7)

Nevertheless in my case instead of the expected root (hd0,7) , I was returned

/boot/grub/stage1 not found

Useless to say this is uncool 🙂

As a normal reaction I tried experimenting in order to fix the mess. Logically enough I tried to reinstall grub using the

noah:~# grub-install --root-directory=/boot /dev/sda
noah:~# update-grub

To check if that would fix my grub issues I restarted my notebook. Well now grub menu appeared with some error generated by splashy
Trying to boot any of the setup Linux kernels was failing with some kind of error where the root file system was trying to be loaded from /root directory instead of the normal / because of that neither /proc /dev and /sys filesystems was unable to be mounted and the boot process was interrupting in some kind of rescue mode similar to busybox, though it was a was less flexible than a normal busybox shell.

To solve that shitty issue I once again booted with the Debian Testing (Sid / Squeeze ) Install CD1 and used the commands displayed above to mount my linux partition.

Next I reinstalled the following packages:

noah:~# apt-get update
noah:~# apt-get install --reinstall linux-image-amd64 uswsusp hibernate grub grub-common initramfs-tools

Here the grub reinstall actually required me to install the new grub generation 2 (version 2)
It was also necessary to remove the splashy

noah:~# apt-get remove splashy
As well as to grep through all my /etc/ and look for a /dev/sda6 and substitute it with my changed partition name /dev/sda8

One major thing where I substituted /dev/sda6 to my actual linux partition now with a name /dev/sda8 was in:

initramfs-tools/conf.d/resumeThe kernel reinstall and consequently (update) does offered me to substitute my normal /dev/sda* content in my /etc/fstab to some UUIDS like UUID=ba6058da-37f8-4065-854b-e3d0a874fb4e

Including this UUIDs and restarting now rendered my system completely unbootable … So I booted once again from the debian install cd .. arrgh 🙂 and removed the UUID new included lines in /etc/fstab and left the good old declarations.
After rebooting the system now my system booted once again! Hooray! All my data and everything is completely intact now Thanks God! 🙂

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Linux, Linux and FreeBSD Desktop, System Administration | 8 Comments »

Create SVN (Subversion) web statistics on Debian Lenny Linux with mpy-svn-stats and svnstats.sh

Monday, July 5th, 2010

I’ve recently desired to have a visualized statistics on how many commits, imports, people who commit into subversion’s repositories,graphs showing up the most active comitters, commits into the all subversion repositories grouped by month, week etc.
This kind of valuable information can give you insight, on a projects code life cycle. It can also help you to find out who takes most active participation into a certain project code development etc. and therefore could play a vital role in finding out about the work efficiency within your IT company or IT department.

There are plenty of softwares that can generate you some shiny statistics on how often and by whom are commits into your repositories as well as general statistics concerning your repositories accessibility.

Some of the projects suggested by most Linux users online, who had to resolve the same task e.g. (find some decent software to generate them good statistics on the svn use.) are:

1. statsvn

Here is a description on what statsvn is directly taken from its website:

StatSVN retrieves information from a Subversion repository and generates various tables and charts describing the project development, e.g.

StatSVN looks really promising, however what I find personally repulsive about it is that it depends on a Sun Java virtual machine
I have a bad taste for third party software that depends on java and therefore the software uses an XML dump generated from svn log –xml -v path/to/repos > svn-logfile.xml after which it’s necessary to pass the generated svn-logfile.xml file to statsvn, for instance:

statsvn [options] svn-logfile.xml path/to/repos

though a debian of statsvn is available and packaged for Debian in /usr/share/doc/statsvn/README.Debian we read:

Notes to Debian users:

* the jtreemap-based report has been disabled as jtreemap is currently
not packaged for Debian, and Debian cannot ship the applet without
its sources (not included in statsvn’s sources).

— Vincent Fourmond <fourmond@debian.org>, Tue, 4 Mar 2008 21:14:14 +0100

What I understood from statsvn documentation is that jtreemap is absolutely necessary in order to have a running statsvn, regardless if you have or you don’t have a java vm installed.

To take a general idea on what kind of Repo Roadmap does svnstat generates with jtreemap check out the following link

Since jtreemap is not available prepackaged for Debian I decided not to use svnstats though it looked quite superb.

Some further research on the kind of softwares available online able to generate me some statistics from cvs or subversion source repositories led me to,

2. svnplot

svnplot stroke me with it’s perfect looking many graphics generated on the Lines of Code commited, contribution of different authors to the repository, File count, avarage commit file sizes, common activity, author commit activity etc. etc.

I think tt’s worthy to check out some example statistics about a sample repository statistics generated by svnplot to get a better idea what to expect if you choose to install it on your server.

Even though svnplot looked also promising It wasn’t actually my choice because I think it’s not really mature enough as a software, the second reason which hold me back from installing it on my debian server was that I find it too much as a work in progress still.

Since neither svnstast nor svnplot didn’t well match my expectation and lacked a debian package I finally choose:

3. mpy svn stats as a solution to generate and graph information about svn usage

There are few reasons I finally took svn-mpy-stats to be the solution of choice.

1. It is available as a package in Debian Linux and easily installable via apt-get
2. It is written in Python and therefore doesn’t require a java virtual machine or some extra cosmetics to make it work3. It’s really simple and straight forward to configure and already tested and reported that it works well in Debian GNU/Linux

So here is the few simple steps I took to install mpy-svn-stats on Debian Lenny (in Debian Sid / Squeeze I suppose the procedure would be analogous.

– Install mpy-svn-stats via apt-get or aptitude

debian-server:~# apt-get install mpy-svn-stats

Run it for your svn repository with a command like:

debian-server:~# mkdir /var/www/svnstats
/usr/bin/mpy-svn-stats -o /var/www/svnstats/ file:///var/svn-repos/repository_name

In the above command substitute /var/www/svnstats/ and /var/svn-repos/repository_name with a directory of choice where you like to generate the html statistics for the svn usage as well as the full path and name of your repository.

Of course it’s a good idea to make mpy-svn-stats run periodically with for instance crontab or at or any other unix task cheduler available for your Linux system.

So far so good. You have probably already noticed that it’s rather inconvenient because you have to execute mpy-svn-stats command to each of your svn repositories individually.
This is absolute madness if your company is creating new svn source repository projects often, like let’s say everyday, because you will have to generate statistics for each of the repositories either manually or add new repositories manually to a script which will be later invoked by a crontab rule.

To get around this constrain, I’ve come up with a tiny shell script svnstats.sh which takes care for everything on it’s own.

It automatically will loop in your main subversion repositories directory through all the sub-repositories and generate individual html statistics in a separate automatically created directory by the script.

So to make your life easier and automate the process of generating stats with mpy-svn-stats consider downloading svnstats.sh and installing it as a separate rule like so:

debian-server:~# crontab -u root -e

Include therein the following:

# generate svn statistics everyday in 05:20 a.m.20 5 * * * /usr/sbin/svnstats.sh >/dev/null >>&1

Now everyday at 05:20 your mpy-svn-stats will generate a nice graphs and statistics for your subversion repository usage in /var/www/svstats, if you consider generating the data into a different location consider editting the head of mpy-svn-stats svnstats.sh script and change according to your likings.

Now let’s create an Alias in Apache to enable the (mpy-svn-stats generated by svnstats.sh) to be visualized via web:

– Edit VirtualHost configuration file of choice and put there, something like:

Alias /svnstats/ /var/www/svnstats/

Lastly it might be a good idea to use htaccess to protect your url with a password, afterwards you can enjoy your mpy svn statistics.

Tags: , , , , , , , , , ,
Posted in Linux, System Administration | 2 Comments »

Clean cache in eaccelerator on Linux

Monday, July 5th, 2010

I’ve recently had to clean the task to clean up some eaccelerator php cache.
To manage that directly frm php I had to use the eaccelerator_clean() function

There is also another function which could be directly invoked from within a php script called:
eaccelerator_info()

I suggest you also take a look at eaccelerator documentation which deals with cleaning and showing info about eaccelerator’s cache .

Bare in mind that you will be required to set the eaccelerator.allowed_admin_path = directive within your php.ini in order to start using:

eaccelerator_clean()
and
eaccelerator_info()
eaccelerator.allowed_admin_path should point to some path from wherein scripts will be allowed to include the aforementioned 2 functions.

Another possible way to cleanse your eaccelerator cache is directly via deleting the Eaccelerator stored files on the server hard disk

To do so you will have to issue a command similar to:

debian-server:~# rm -rf /var/cache/eaccelerator/*;

You might need to substitute /var/cache/eaccelerator to the directory where you have configured eaccelerator to store it’s cache.

In order to find out which directory is configured for eaccelerator cache dir on Debian Linux, issue the command:

debian-server:~# grep -i eaccelerator.cache.dir /etc/php5/apache2/php.ini
eaccelerator.cache_dir="/var/cache/eaccelerator"

On many other distributions it’s very probable that the php.ini file is located in /etc/php.ini so if you want to check the eacelerator.cache.dir location on other Linux distrubutions consider using:

linux:/root# grep -i eaccelerator.cache.dir /etc/php.ini

or

Tags:
Posted in Linux, System Administration, Various | 5 Comments »

Fix adobe flash player on Debian amd64 Squeeze/Sid (testing) to work again

Saturday, July 3rd, 2010

My adobe flash player 10.0 on my Debian running on top of amd64 suddenly stopped working. I have noticed the problem yesterday attempting to open youtube the youtube video player written in flash showed me a blank page and a message appeared that I should upgrade my flash player to adobe flash player 10.1

My firest try to fix it was through a reinstall of my current installed flashplugin-nonfree with:

noah:~# apt-get install --reinstall flashplugin-nonfree

This command returned an output like:

Check http://wiki.debian.org/FlashPlayer for instructions

So I followed the suggestion, directly to the Debian Testing ‘Squeeze’ amd64 section

Therein it’s explained that currently the pointed solution is not supported by Adobe but anyways it would work.
To make it work the necessary steps to be followed are:

1. Install fakeroot bintuils nspluginwrapper and ia32-libs

noah:~# apt-get install fakeroot binutils nspluginwrapper ia32-libs

2. Download and run this script with a non privileged user:

http://people.debian.org/~bartm/flashplugin-nonfree/ia32-libs-workaround-499043-squeeze.sh

noah:~# su hipo
noah:~$ sh ia32-libs-workaround-499043-squeeze.sh

3. Install the generated package ia32-libs-workaround-499043_0.0.1+squeeze1_amd64.deb by the previously executed ia32-libs-workaround-499043-squeeze.sh

noah:~# dpkg -i ia32-libs-workaround-499043_0.0.1+squeeze1_amd64.deb

4. Download and install the new version of flashplugin-nonfree

noah:~# wget http://people.debian.org/~bartm/flashplugin-nonfree/flashplugin-nonfree_10.1.53.64.1_amd64.deb
noah:~# dpkg -i flashplugin-nonfree_10.1.53.64.1_amd64.deb

That shoud resolve the issues with flash videos on Linux noah 2.6.32-5-amd64 #1 SMP Tue Jun 1 04:34:03 UTC 2010 x86_64 GNU/Linux and other Debian Squeeze / Sid GNU Linux amd64 work statations.
Enjoy your flash player working once again 🙂

Tags:
Posted in Linux, Linux and FreeBSD Desktop | 4 Comments »

July morning (1-st of July) on Bulgarian Krapets Beach

Friday, July 2nd, 2010

Krapec beach one of the best wild beaches in Bulgaria

I've spend the 30th of Jule night against 1 of July on Krapets (Krapec) beach which is located nearby the Krapets small Bulgarian village. The beach there is really wonderful, many people has been gathered together most of them my hometown Dobrich.
The occasion for the event is the cyclical "celebration" of the rising sun reoccuring every year on July the 1st.
It's really interesting fact that this hippy celebration is being celebrated only in Bulgaria. The initial beginning of the holiday probably originate to some ancient paganism or worship dedicated to the Sun God.
In modern times the celebration of 1-st of July has started its celebration somewhere during communism in Bulgaria and was probably a silent protest showing up the young people's negative attitude towards the communism's suppress on their freedom.
The July morning is also widely related to the famous rock / hippy band Uriah Heep band and to the hippies movements from the 1960s and 1970s.
On July morning many people take their close people or relatives and go to some of the numerous preferrably wild place located near the Black Sea to spend a night on a Tent.
Usually people pick up some music instruments: guitars, bongo drums wooden pipes etc. and go for a feast of heavy eating and drinking near the sea beach.
Most of the participants in the celebration spend the night "in vigil" waiting for the first rays of the Sun rejoicing with the Sunrise.
Most of the people attending the July Morning celebrities are from the underground music movements, rockers, rock fans, metal heads, punks, alternatives or people into heavy music.
However many other ordinary people like me who want to have a Tent night with friends on the beach also attend.

Though July morning is a nice occasion to get together with friends and meet new people, its really displeasing that many people who attend the sea beach on the "The July" do it with an intenting to finish the night blind drunk.
Some people who attend also act like real "barbarians", for instance they scream hysterically and act uncivillized after they get really drunk 🙂
You can further read about the celebration in Bulgaria of the rising Sun on July the 1st in wikipedia

As a Christian I do not adhere to the die hard July Mornings admirers, neither I like the idea of people greating each other on the July 1st Morning with a "Happy July Morning" greeting.
Anyways in below video you will see some pictures grasps from July Mornings fans and the Uriah's Heep July Morning so famous and attached song to the July Mornings celebrations with the notable name July Morning

For a better idea on how does July morning look like if you're going on a vacation to Bulgaria, I suggest you spend a July Morning Night near the sea shore and see for yourself 🙂

Tags: , , , , , , , , , ,
Posted in Entertainment, Everyday Life, Various | No Comments »

« Older Entries
Newer Entries »