Ran into another issue because of my recent upgrade to Lion. I use Coda for dev work and have grown used to the built-in source control. One of the features in Coda is a compare files function which uses the FileMerge.app to display the differences.
Knowing that FileMerge is part of the developer tools I proceeded to download the Xcode application from the Mac App Store. To my dismay FileMerge still did not want to compare the files.
After some digging I found Coda uses the `opendiff` command to launch FileMerge. Running the command manually brings up the following error message:
xcode-select: Error: No Xcode folder is set. Run xcode-select -switch <xcode_folder_path> to set the path to the Xcode folder.
So it seems like `opendiff` doesn’t know where your Xcode.app is by default. To fix it, run the following command:
sudo xcode-select -switch /Applications/Xcode.app
The compare files feature in Coda now works as expected.
When setting up a new OS X install, one of the settings I always set in the Terminal.app is the `Use option as meta key` option. This allows you to use the Option key instead of Esc as the meta modifier.
One of my Terminal uses is running IRSSI inside a screen session. To switch between windows in irssi I always use `option + left/right arrow` however in Lion this does not seem to work by default.
After some googling I didn’t find anything that offered a solution so I dug through the Terminal.app preferences and noticed some additional presets in the Keyboard tab that aren’t there is previous versions of OS X.
To fix it, in Terminal.app go to
Preferences -> Settings -> Keyboard
Locate the two settings
`option cursor left` and `option cursor right`
as named in the Key column and delete them by selecting one and click the - (Minus) button at the bottom of the window.
Download the latest beta release from the Downloads page.
Install from the RPM (if updating use ‘rpm -Uvh’ instead):
rpm -ivh sphinx-2.0.2-1.el5.x86_64.rpm
Enable auto-lauching of the search daemon on boot:
chkconfig --level 345 searchd on
Start the search daemon:
Having mysql/php/apache already setup I decided to install phpMyAdmin, however because the mysql is Percona there were some dependency checks that failed.
After a lot of trial and error the following did the trick:
#stop the services /etc/init.d/httpd stop /etc/init.d/mysql stop #remove mysql yum --enablerepo=remi remove Percona* mysql* #install everything in one shot yum --enablerepo=remi install Percona-Server-server-55 Percona-Server-client-55 phpMyAdmin #start the services /etc/init.d/httpd start /etc/init.d/mysql start #rerun the secure installation script /usr/bin/mysql_secure_installation
Once that has finished you’ll need to edit the apache config to allow you remote access to the phpMyAdmin site:
nano /etc/httpd/conf.d/phpMyAdmin.conf #add allow from your ip address allow from 123.456.789.101
You should now be able to access it at http://example.com/phpMyAdmin/
To change the default scheduler from cfq to deadline simply edit /etc/grub.conf and add elevator=deadline to the kernel that is being used:
$ nano -w /etc/grub.conf title CentOS (2.6.18-274.3.1.el5) root (hd0,0) kernel /vmlinuz-2.6.18-274.3.1.el5 ro root=LABEL=/ elevator=deadline initrd /initrd-2.6.18-274.3.1.el5.img
This entry tells the 2.6.18-274.3.1.el5 kernel to use the Deadline scheduler. Make sure to reboot the system to activate the new scheduler.
A handy tip I saw on IRC today. If you’ve ever wanted to see which packages were installed from where then the ‘keychecker’ program is for you.
Make sure you have the EPEL repository setup first, then install via yum:
yum install keychecker
Once installed simply run the ‘keychecker’ command and it will output all your installed packages sorted by reposity.
After posting a bunch of code it dawned on me that it should look a bit nicer than it does by default using <pre> tags.
When posting code, use a text editor to change all the angle brackets to < and > and enclose it in <pre><code></code></pre> tags. The <pre></pre> is necessary to keep the formatting.
MediaInfo supplies technical and tag information about a video or audio file.
First lets grab the rpms. From the download page download the rpms that are appropriate for your platform. My system is CentOS 5 x_64 in the following example:
mkdir /usr/local/src/mediainfo cd /usr/local/src/mediainfo #libzen0 wget http://downloads.sourceforge.net/zenlib/libzen0-0.4.22-1.x86_64.CentOS_5.rpm #libmediainfo0 wget http://downloads.sourceforge.net/mediainfo/libmediainfo0-0.7.50-1.x86_64.CentOS_5.rpm #CLI wget http://downloads.sourceforge.net/mediainfo/mediainfo-0.7.50-1.x86_64.CentOS_5.rpm
Once downloaded, install them via the following commands:
rpm -i libzen0-0.4.22-1.x86_64.CentOS_5.rpm rpm -i libmediainfo0-0.7.50-1.x86_64.CentOS_5.rpm rpm -i mediainfo-0.7.50-1.x86_64.CentOS_5.rpm
That’s it! You can test it by running the ‘mediainfo’ command.
Using the following resources helped setup my second hard drive:
Install the YUM priorities and denyhosts:
yum install yum-priorities denyhosts
Add denyhosts to startup and then start it up:
# chkconfig denyhosts on # service denyhosts start
Any further configuration can be done by editing the configuration file /etc/denyhosts.conf
Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of todays Internet deployed servers and the unique needs of custom deployed Linux installations.
Make sure iptables is installed:
yum install iptables*
Download, unpack, and install APF from source:
cd /usr/local/src wget http://www.rfxn.com/downloads/apf-current.tar.gz tar -zxf apf-current.tar.gz cd apf-9* ./install.sh
Backup the original APF config file:
cp /etc/apf/conf.apf /etc/apf/conf.apf.bak
Now edit the current APF config file:
nano -w /etc/apf/conf.apf
Change the following values:
* RAB="0" to RAB="1" * RAB_PSCAN_LEVEL="2" to RAB_PSCAN_LEVEL="3" * TCR_PASS="1" to TCR_PASS="0" * DLIST_PHP="0" to DLIST_PHP="1" * DLIST_SPAMHAUS="0" to DLIST_SPAMHAUS="1" * DLIST_DSHIELD="0" to DLIST_DSHIELD="1" * DLIST_RESERVED="0" to DLIST_RESERVED="1"
Find IFACE_IN= and IFACE_OUT= in /etc/apf/conf.apf and verify that they match your network interface.
Locate HELPER_SSH_PORT=”22″ and change it to your SSH port IF you changed it in your sshd_config.
Locate IG_TCP_CPORTS=”22″ and change it to your SSH port IF you changed it in your sshd_config.
Now restart the APF:
Now relogin though ssh again, to verify that you still can login into your server.
When your happy with your firewall and everything works fine, Edit /apf.conf find DEVEL_MODE=”1″ and change it to DEVEL_MODE=”0″.
Restart the APF again:
Make sure APF starts automatic after restart:
chkconfig --add apf chkconfig --level 345 apf on
The firewall should now be active!
Here are some common ports used by cpanel:
Cpanel: IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096″ IG_UDP_CPORTS=”21,53,873″ EGF=”1″ EG_TCP_CPORTS=”21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089″ EG_UDP_CPORTS=”20,21,37,53,873″
First of all we need to make a regular user, since we are disabling direct root login:
adduser admin && passwd admin
Backup the current sshd_config:
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Create a new sshd_config file:
nano -w /etc/ssh/sshd_config
Paste the following config into the new file but be sure to change the Port to something different:
## Change to other port is recommended, etc 2488 Port 22 ## Sets listening address on server. default=0.0.0.0 #ListenAddress 192.168.0.1 ## Enforcing SSH Protocol 2 only Protocol 2 ## Disable direct root login, with no you need to login with admin user, then "su -" you into root PermitRootLogin no ## UsePrivilegeSeparation yes ## AllowTcpForwarding no ## Disables X11Forwarding X11Forwarding no ## Checks users on their home directority and rhosts, that they arent world-writable StrictModes yes ## The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication IgnoreRhosts yes ## HostbasedAuthentication no ## RhostsAuthentication specifies whether sshd can try to use rhosts based authentication. RhostsRSAAuthentication no ## Adds a login banner that the user can see #Banner /etc/motd ## Enable / Disable sftp server Subsystem sftp /usr/libexec/openssh/sftp-server ## Add users that are allowed to log in AllowUsers admin
Restart the SSHD daemon:
service sshd restart
Start a NEW ssh session to ensure you can connect on the new port. Do not close your current session until you are sure the new config is working.
Let’s disable some unnecessary services using http://www.imminentweb.com/technologies/centos-disable-unneeded-services-boot-time and http://www.securecentos.com/system-prep/ as guides:
chkconfig anacron off chkconfig atd off chkconfig autofs off chkconfig avahi-daemon off chkconfig cpuspeed off chkconfig haldaemon off chkconfig ip6tables off chkconfig kudzu off chkconfig mcstrans off chkconfig messagebus off chkconfig netfs off chkconfig portmap off chkconfig xfs off chkconfig yum-updatesd off
…taken from http://www3.wiredgorilla.com/content/view/220/53/…
The sysctl.conf of a server is something that is seldom optimized for performance. You can get a tremendous boost in throughput by adjusting these settings. This configuration has been written by Steve from Rack911. I have applied this configuration to servers ranging from Celeron 1.7Ghz to Dual Xeon 2.8Ghz servers, and on the whole, the load on each lowered after making the changes.
First make a backup of your old /etc/sysctl.conf file by running the following command, logged in as root:
cp /etc/sysctl.conf /etc/sysctl.conf.bak
and replace the contents of the file with the following:
# Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Disables packet forwarding net.ipv4.ip_forward=0 # Disables IP source routing net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.lo.accept_source_route = 0 net.ipv4.conf.eth0.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 # Enable IP spoofing protection, turn on source route verification net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.lo.rp_filter = 1 net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # Disable ICMP Redirect Acceptance net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.lo.log_martians = 0 net.ipv4.conf.eth0.log_martians = 0 # Disables IP source routing net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.lo.accept_source_route = 0 net.ipv4.conf.eth0.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 # Enable IP spoofing protection, turn on source route verification net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.lo.rp_filter = 1 net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # Disable ICMP Redirect Acceptance net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.lo.accept_redirects = 0 net.ipv4.conf.eth0.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 # Disables the magic-sysrq key kernel.sysrq = 0 # Decrease the time default value for tcp_fin_timeout connection net.ipv4.tcp_fin_timeout = 15 # Decrease the time default value for tcp_keepalive_time connection net.ipv4.tcp_keepalive_time = 1800 # Turn off the tcp_window_scaling net.ipv4.tcp_window_scaling = 0 # Turn off the tcp_sack net.ipv4.tcp_sack = 0 # Turn off the tcp_timestamps net.ipv4.tcp_timestamps = 0 # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1 # Enable ignoring broadcasts request net.ipv4.icmp_echo_ignore_broadcasts = 1 # Enable bad error message Protection net.ipv4.icmp_ignore_bogus_error_responses = 1 # Log Spoofed Packets, Source Routed Packets, Redirect Packets net.ipv4.conf.all.log_martians = 1 # Increases the size of the socket queue (effectively, q0). net.ipv4.tcp_max_syn_backlog = 1024 # Increase the tcp-time-wait buckets pool size net.ipv4.tcp_max_tw_buckets = 1440000 # Allowed local port range net.ipv4.ip_local_port_range = 16384 65536
To make your changes take effect immediately, type this command:
Install some favorite tools:
yum install htop iftop iotop mytop mysqltuner sysstat yum-utils libxslt-devel