November 2012
2 posts
Add the following repository to the Package Center and install the Bootstrap Installer from it:
Once it’s done reboot the DS413 and you should be able to use ipkg now:
$ipkg update
$ipkg install bash
March 2012
2 posts
Ran into another issue because of my recent upgrade to Lion. I use Coda for dev work and have grown used to the built-in source control. One of the features in Coda is a compare files function which uses the FileMerge.app to display the differences.
Knowing that FileMerge is part of the developer tools I proceeded to download the Xcode application from the Mac App Store. To my dismay FileMerge still did not want to compare the files.
After some digging I found Coda uses the `opendiff` command to launch FileMerge. Running the command manually brings up the following error message:
xcode-select: Error: No Xcode folder is set. Run xcode-select -switch <xcode_folder_path> to set the path to the Xcode folder.So it seems like `opendiff` doesn’t know where your Xcode.app is by default. To fix it, run the following command:
sudo xcode-select -switch /Applications/Xcode.appThe compare files feature in Coda now works as expected.
When setting up a new OS X install, one of the settings I always set in the Terminal.app is the `Use option as meta key` option. This allows you to use the Option key instead of Esc as the meta modifier.
One of my Terminal uses is running IRSSI inside a screen session. To switch between windows in irssi I always use `option + left/right arrow` however in Lion this does not seem to work by default.
After some googling I didn’t find anything that offered a solution so I dug through the Terminal.app preferences and noticed some additional presets in the Keyboard tab that aren’t there is previous versions of OS X.
To fix it, in Terminal.app go to
Preferences -> Settings -> Keyboard
Locate the two settings
`option cursor left` and `option cursor right`
as named in the Key column and delete them by selecting one and click the - (Minus) button at the bottom of the window.
November 2011
1 post
Download the latest beta release from the Downloads page.
wget http://sphinxsearch.com/files/sphinx-2.0.2-1.el5.x86_64.rpmInstall from the RPM (if updating use ‘rpm -Uvh’ instead):
rpm -ivh sphinx-2.0.2-1.el5.x86_64.rpmEnable auto-lauching of the search daemon on boot:
chkconfig --level 345 searchd onStart the search daemon:
/etc/init.d/searchd startOctober 2011
21 posts
Having mysql/php/apache already setup I decided to install phpMyAdmin, however because the mysql is Percona there were some dependency checks that failed.
After a lot of trial and error the following did the trick:
#stop the services
/etc/init.d/httpd stop
/etc/init.d/mysql stop
#remove mysql
yum --enablerepo=remi remove Percona* mysql*
#install everything in one shot
yum --enablerepo=remi install Percona-Server-server-55 Percona-Server-client-55 phpMyAdmin
#start the services
/etc/init.d/httpd start
/etc/init.d/mysql start
#rerun the secure installation script
/usr/bin/mysql_secure_installationOnce that has finished you’ll need to edit the apache config to allow you remote access to the phpMyAdmin site:
nano /etc/httpd/conf.d/phpMyAdmin.conf
#add allow from your ip address
allow from 123.456.789.101You should now be able to access it at http://example.com/phpMyAdmin/
To change the default scheduler from cfq to deadline simply edit /etc/grub.conf and add elevator=deadline to the kernel that is being used:
$ nano -w /etc/grub.conf
title CentOS (2.6.18-274.3.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-274.3.1.el5 ro root=LABEL=/ elevator=deadline
initrd /initrd-2.6.18-274.3.1.el5.imgThis entry tells the 2.6.18-274.3.1.el5 kernel to use the Deadline scheduler. Make sure to reboot the system to activate the new scheduler.
A handy tip I saw on IRC today. If you’ve ever wanted to see which packages were installed from where then the ‘keychecker’ program is for you.
Make sure you have the EPEL repository setup first, then install via yum:
yum install keycheckerOnce installed simply run the ‘keychecker’ command and it will output all your installed packages sorted by reposity.
After posting a bunch of code it dawned on me that it should look a bit nicer than it does by default using <pre> tags.
So after a bit of googling this is the solution I came with. It uses portions of http://snippets-of-code.tumblr.com/post/6027484416/adding-syntax-highlighting-into-tumblr and http://tomayko.com/writings/javascript-prettification.
<!-- For Syntax Highlighting -->
<script src="http://code.jquery.com/jquery-latest.min.js"></script>
<link rel="stylesheet" type="text/css" href="http://google-code-prettify.googlecode.com/svn/trunk/src/prettify.css"></link>
<script src="http://google-code-prettify.googlecode.com/svn/trunk/src/prettify.js"></script>
<script type="text/javascript">
<!--
$(document).ready(function() {
// add prettyprint class to all <pre><code></code></pre> blocks
var prettify = false;
$("pre code").parent().each(function() {
$(this).addClass('prettyprint');
prettify = true;
});
// if code blocks were found, bring in the prettifier ...
if ( prettify ) {
prettyPrint();
}
});
-->
</script>When posting code, use a text editor to change all the angle brackets to < and > and enclose it in <pre><code></code></pre> tags. The <pre></pre> is necessary to keep the formatting.
MediaInfo supplies technical and tag information about a video or audio file.
First lets grab the rpms. From the download page download the rpms that are appropriate for your platform. My system is CentOS 5 x_64 in the following example:
mkdir /usr/local/src/mediainfo
cd /usr/local/src/mediainfo
#libzen0
wget http://downloads.sourceforge.net/zenlib/libzen0-0.4.22-1.x86_64.CentOS_5.rpm
#libmediainfo0
wget http://downloads.sourceforge.net/mediainfo/libmediainfo0-0.7.50-1.x86_64.CentOS_5.rpm
#CLI
wget http://downloads.sourceforge.net/mediainfo/mediainfo-0.7.50-1.x86_64.CentOS_5.rpmOnce downloaded, install them via the following commands:
rpm -i libzen0-0.4.22-1.x86_64.CentOS_5.rpm
rpm -i libmediainfo0-0.7.50-1.x86_64.CentOS_5.rpm
rpm -i mediainfo-0.7.50-1.x86_64.CentOS_5.rpmThat’s it! You can test it by running the ‘mediainfo’ command.
Using the following resources helped setup my second hard drive:
Install the YUM priorities and denyhosts:
yum install yum-priorities denyhostsAdd denyhosts to startup and then start it up:
# chkconfig denyhosts on
# service denyhosts startAny further configuration can be done by editing the configuration file /etc/denyhosts.conf
Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of todays Internet deployed servers and the unique needs of custom deployed Linux installations.
Make sure iptables is installed:
yum install iptables*Download, unpack, and install APF from source:
cd /usr/local/src
wget http://www.rfxn.com/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-9*
./install.shBackup the original APF config file:
cp /etc/apf/conf.apf /etc/apf/conf.apf.bak
Now edit the current APF config file:
nano -w /etc/apf/conf.apf
Change the following values:
* RAB="0" to RAB="1"
* RAB_PSCAN_LEVEL="2" to RAB_PSCAN_LEVEL="3"
* TCR_PASS="1" to TCR_PASS="0"
* DLIST_PHP="0" to DLIST_PHP="1"
* DLIST_SPAMHAUS="0" to DLIST_SPAMHAUS="1"
* DLIST_DSHIELD="0" to DLIST_DSHIELD="1"
* DLIST_RESERVED="0" to DLIST_RESERVED="1"Find IFACE_IN= and IFACE_OUT= in /etc/apf/conf.apf and verify that they match your network interface.
Locate HELPER_SSH_PORT=”22″ and change it to your SSH port IF you changed it in your sshd_config.
Locate IG_TCP_CPORTS=”22″ and change it to your SSH port IF you changed it in your sshd_config.
Now restart the APF:
/usr/local/sbin/apf -rNow relogin though ssh again, to verify that you still can login into your server.
When your happy with your firewall and everything works fine, Edit /apf.conf find DEVEL_MODE=”1″ and change it to DEVEL_MODE=”0″.
Restart the APF again:
/usr/local/sbin/apf -rMake sure APF starts automatic after restart:
chkconfig --add apf
chkconfig --level 345 apf onThe firewall should now be active!
Here are some common ports used by cpanel:
Cpanel:
IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096″
IG_UDP_CPORTS=”21,53,873″
EGF=”1″
EG_TCP_CPORTS=”21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089″
EG_UDP_CPORTS=”20,21,37,53,873″First of all we need to make a regular user, since we are disabling direct root login:
adduser admin && passwd adminBackup the current sshd_config:
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bakCreate a new sshd_config file:
nano -w /etc/ssh/sshd_configPaste the following config into the new file but be sure to change the Port to something different:
## Change to other port is recommended, etc 2488
Port 22
## Sets listening address on server. default=0.0.0.0
#ListenAddress 192.168.0.1
## Enforcing SSH Protocol 2 only
Protocol 2
## Disable direct root login, with no you need to login with admin user, then "su -" you into root
PermitRootLogin no
##
UsePrivilegeSeparation yes
##
AllowTcpForwarding no
## Disables X11Forwarding
X11Forwarding no
## Checks users on their home directority and rhosts, that they arent world-writable
StrictModes yes
## The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication
IgnoreRhosts yes
##
HostbasedAuthentication no
## RhostsAuthentication specifies whether sshd can try to use rhosts based authentication.
RhostsRSAAuthentication no
## Adds a login banner that the user can see
#Banner /etc/motd
## Enable / Disable sftp server
Subsystem sftp /usr/libexec/openssh/sftp-server
## Add users that are allowed to log in
AllowUsers adminRestart the SSHD daemon:
service sshd restartStart a NEW ssh session to ensure you can connect on the new port. Do not close your current session until you are sure the new config is working.
Let’s disable some unnecessary services using http://www.imminentweb.com/technologies/centos-disable-unneeded-services-boot-time and http://www.securecentos.com/system-prep/ as guides:
chkconfig anacron off
chkconfig atd off
chkconfig autofs off
chkconfig avahi-daemon off
chkconfig cpuspeed off
chkconfig haldaemon off
chkconfig ip6tables off
chkconfig kudzu off
chkconfig mcstrans off
chkconfig messagebus off
chkconfig netfs off
chkconfig portmap off
chkconfig xfs off
chkconfig yum-updatesd off…taken from http://www3.wiredgorilla.com/content/view/220/53/…
The sysctl.conf of a server is something that is seldom optimized for performance. You can get a tremendous boost in throughput by adjusting these settings. This configuration has been written by Steve from Rack911. I have applied this configuration to servers ranging from Celeron 1.7Ghz to Dual Xeon 2.8Ghz servers, and on the whole, the load on each lowered after making the changes.
First make a backup of your old /etc/sysctl.conf file by running the following command, logged in as root:
cp /etc/sysctl.conf /etc/sysctl.conf.bakNow enter:
nano /etc/sysctl.confand replace the contents of the file with the following:
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disables packet forwarding
net.ipv4.ip_forward=0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Disables the magic-sysrq key
kernel.sysrq = 0
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000
# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536To make your changes take effect immediately, type this command:
/sbin/sysctl -pInstall some favorite tools:
yum install htop iftop iotop mytop mysqltuner sysstat yum-utils libxslt-devel