If you use the command 
svn checkout <svn folder path> 
then it creates a directory of the last level of the path...in case you do not want that directory to be created and use the command 


svn checkout <snv_folder_path> <public_html_path> 

Find the total number of httpd processes running at a particular instance on your server

ps -ef | grep http | wc -l

How to check if ports have got open after IPTables rules

Verify that port is open

Run following command:
netstat -tulpn | less
Make sure iptables is allowing port 80 / 110 / 143 connections:
iptables -L -n

Refer to iptables man page for more information about iptables usage and syntax:
man iptables

IPTables CentOS5.6 - port 80, 143, 443 allowed or open

I had my webserver setup perfectly and it was working fine but it was not accessible from outside. It was IPtables blocking the same. I read on internet about the rules for IpTables to allow access to port 80,443,143. below mentioned are the rules.

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT

But even after applying these rules things were not working because I was appending these rules after the rule

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited


-------------------------------------------------------------------------------
I think (I don't know for sure) the rule for icmp shall always be at the last. Any rule after that to allow access to network resources will not get effective.

If I am wrong please correct.

You can refer to http://www.cyberciti.biz/faq/howto-rhel-linux-open-port-using-iptables/ for more information on IPTables.

Create WebServer CentOS5.x - PHP, MySQL, Apache2 installation

Now we install Apache with PHP (this is PHP):

yum install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

Then edit /etc/httpd/conf/httpd.conf:

vi /etc/httpd/conf/httpd.conf

and change DirectoryIndex to

[...]
DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl
[...]

Now configure your system to start Apache at boot time:
chkconfig --levels 235 httpd on
Start Apache:
/etc/init.d/httpd start

INSTALL MYSQL:

yum1 install mysql mysql-devel mysql-server

MySQL Change root Password

mysqladmin command to change root password

If you have never set a root password for MySQL server, the server does not require a password at all for connecting as root. To setup root password for first time, use mysqladmin command at shell prompt as follows:
$ mysqladmin -u root password NEWPASSWORD

However, if you want to change (or update) a root password, then you need to use the following command:
$ mysqladmin -u root -p'oldpassword' password newpass
For example, If the old password is abc, you can set the new password to 123456, enter:

$ mysqladmin -u root -p'abc' password '123456'

Change MySQL password for other users
To change a normal user password you need to type (let us assume you would like to change password for user vivek) the following command:
$ mysqladmin -u vivek -p oldpassword password newpass


Changing MySQL root user password using MySQL sql command
This is another method. MySQL stores username and passwords in user table inside MySQL database. You can directly update password using the following method to update or change password for user vivek:
1) Login to mysql server, type the following command at shell prompt:
$ mysql -u root -p
2) Use mysql database (type command at mysql> prompt):
mysql> use mysql;
3) Change password for user vivek, enter:
mysql> update user set password=PASSWORD("NEWPASSWORD") where User='vivek';
4) Finally, reload the privileges:
mysql> flush privileges;
mysql> quit
Copied from: http://www.cyberciti.biz/faq/mysql-change-root-password/

How to Enable .htaccess in Apache2

http://ubuntuforums.org/showthread.php?t=47669

Re: Enable .htaccess in Apache2

---

Found the solution!! Apache2 in general, or it might be specifically to Ubuntu, is configured slightly differently than Apache1.x.. at least from what I've seen in the default installs in RH, FC, Mandrake, etc (I'm not Linux or Apache expert).

I went to /etc/apache2/sites-available and edited the file default
There you'll find:

Code:

NameVirtualHost *
<VirtualHost *>
        ServerAdmin admin@site.com

        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                # Commented out for Ubuntu
                #RedirectMatch ^/$ /apache2-default/
        </Directory>

Default for AllowOverride is none, should be all

How to find the Linux Distro Name and version

Some distros put a '*-release' or '*-version' file 
in /etc. Here are some examples: 

/etc/redhat-release 
/etc/debian_version 
/etc/SuSE-release 
/etc/slackware-version 
/etc/gentoo-release 

You could do 'cat /etc/*-release' or 'cat /etc/*-version'. 

IPtables the play is dangerous and frustrating...yet find the way how to enable outbound traffic for port 3306 mysql

1. vi /etc/sysconfig/iptables 
To allow inbound traffic add this rule:  -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
To allow outbound traffic add this rule:  -A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT 

Now restart IPtables:  /etc/init.d/iptables restart

Command to check apache access log to see if some malicious redirection happening

Sometimes because of some virus activities your system may start redirecting the users coming from Google or Bing or any other search engine to some other website. The redirection is so clean that the end user does not realise the the same. This is done by fishing websites. 


grep '] "\GET / HTTP/1.1"\ 302'  /var/log/httpd/access_log.1 > /home/user1/velmisc/302redirect.txt

tail command to see the access log details created by a particular IP

tail -f /var/log/httpd/access_log | grep "122.176.44.144"

How to send alert message for SWAP Usage

here is a shell script which will Alert by send mail if the system started to use more than 20% of swap area and 80% of hard disk space.

$ vim swap-use.sh

#!/bin/sh
free -m | grep Swap | while read output;
do
  swap=$(echo $output | awk '{print $2}' )
  used=$(echo $output | awk '{ print $3 }' )
  freed=$(echo $output | awk '{ print $4 }' )
  echo "Swap : $swap"
  echo "Used : $used"
  echo "Free : $freed"
  usep=`expr $used \* 100 / $swap`
  echo $usep
  if [ $usep -ge 20 ]; then
    echo "Swap Usage Alert Total Swap: \"$swap\" Used: \"$used ($usep%)\" Free:
\"$freed\" on $(hostname) as on $(date)" |
     mail -s "Alert: Swap Usage space $usep%" mail1@example.com,mail2@example.com
  fi
done

Then schedule it in cron

--

How to rotate an image in browser via CSS

http://www.kavoir.com/2009/08/css-rotate-text-image-elements-by-90-180-or-270-degrees.html

How not to allow Google to crawl your under maintenance page

I have just read this on www.seomoz.org blog and thought it might be useful if we experience problems in future.

 

----

 

Should Webmasters Use 503 Status Codes for Downtime?

503s can help avoid getting a page that's under construction or experiencing problems crawled and indexed, which can be a big problem especially for large, popular sites (watch the video for Rand's example of Disney running into this issue). Matt advocates using 503s in this case. You can't specify when you'd like Google to re-crawl, but they will come back and won't index the maintenance content of the page.

Xdebug Profiler Doc

Xdebug's Profiler

Xdebug's Profiler is a tool that gives you the ability to analyze your PHP code and determine bottlenecks or generally see which parts of your code are slow and could use a speed boost.

Installing Xdebug on windows:

Using WAMP:

1.       Go to the installation directory of WAMP

2.       Inside "bin/php/" you can see the actual PHP directory, named something similar to php5.2.8. The first two major versions are what is important to us, i.e., 5.2 in this case. Please make a note of this number.

Get a copy of XDebug library

1.       Click http://www.xdebug.org/ to go to XDebug homepage

2.       Once you're at XDebug homepage, click the link "Obtaining" on top and look for the release that matches with your PHP version. At the time of writing this tutorial, I have Xdebug 2.0.4 that works with my PHP version 5.2. You might see two variants, thread-safe and non-thread-safe. If thread-safe is available (usually it's not mentioned in the name if it's thread safe), download that one. I chose 5.2 VC6 (php_xdebug-2.0.4-5.2.8.dll) i.e. http://www.xdebug.org/files/php_xdebug-2.0.4-5.2.8.dll

3.       Save it to the "ext" directory inside your PHP directory. If you are not sure where "ext" comes, go to the PHP directory as per the steps mentioned above, and look for the "ext" directory inside it.

Or Download the latest version of wamp it already has the debug.

After following above steps or installing the new version of wamp, you need to configure it.

Just open the php.ini. If you have installed new version of wamp then you have already some configuration related to xdeug at the end of php.ini. Just comment those & add the following lines. For older version of wamp, you also need to add the followings lines at the end of php.ini

zend_extension = "c:/wamp/bin/php/php5.3.5/zend_ext/php_xdebug-2.1.0-5.3-vc6.dll"

[xdebug]

xdebug.remote_enable = on

xdebug.remote_handler = dbgp

xdebug.remote_host = localhost

xdebug.remote_port = 9001

xdebug.profiler_enable = on

xdebug.profiler_enable_trigger = off

xdebug.profiler_output_name = cachegrind.out.%t.%p

xdebug.profiler_output_dir = "c:/wamp/tmp"

Php.ini file preview

Please correct the path of zend_extesnion. & output dir. If you have installed the wamp in C drives then you don’t need to change the output dir path. Just change the zend_extension to correct path.

Now go the c:/wamp/tmp folder. Clear everything from there & run any page in the browser that you want to analyze. You will see a file in tmp folder something like cachegrind.out

Cachegrind generated file preview

Each request will generate the new file so you have to be aware which page you want to analyze & which files has generated for that request.

Now go to http://sourceforge.net/projects/wincachegrind/ & download the wincachegrind to analyze the page. After downloading the software just run file file.

Cachegrind Software Preview

Click on the file & click open. Select the cachegrind.out file to analyze.

After opening the file you will able so see the following screen.

Here you can see total file execution time, time taken by each function, included file execution time etc.

You can also search how many times a function has been called & how much time it has taken. If the below screen you can see I have search for get_temp & get_template_dir has been called 102 times & total run time is 5220milisec that means around 5sec. If you reduced the no fo calls then we can save 2-3 secs here.

How to add existing users in existing groups in linux and see which user is in which group

Add to group:

[root@288832-web3 ~]# usermod -a -G group1 user1
[root@288832-web3 ~]# usermod -a -G group2 user2

View which group which user belongs:
[root@288832-web3 ~]# groups user1
user1 : user1 apache group1

[root@288832-web3 ~]# groups user2
user2 : user2 apache group2

How to find non UTF-8 file causing issue with SVN Update

If Error is - 

[user1@288832-web3 public_html]$ svn update

svn: Error converting entry in directory 'images' to UTF-8

svn: Valid UTF-8 data

(hex: 46 65 6e 65 72 62 61 68)

followed by invalid UTF-8 sequence

(hex: e7 65 2b 46)

Then do this. 

[user1@288832-web3 public_html]$ printf "\x46\x65\x6e\x65\x72\x62\x61\x68\n"

Fenerbah

[user1@288832-web3 public_html]$ cd  images

[user1@288832-web3 images]$ rm -rf Fenerbahçe+Forma+2.jpg

Run a command in background example: wget

Run the command in background on Linux:
$> nohup wget URL


This is true for running any command in background. Also, the command
generates a file called nohup.out, which might grow as the command
proceeds. So if you are downloading something using wget in
background, you can see the status by

cd <download_folder>
tail -f nohup.out

Remove Keyring issue when rebooted for first time for VNC

Issue: 

I'm trying to use VNC on my headless desktop server that's running lucid, but I can only use SSH because a pop asking me to unlock the keyring shows up every time I try to use VNC. I don't have a monitor for that desktop, so I was wondering, is there any way to remove the keyring/to automatically unlock it during autologin?

Resolution:

I have found a workaround for this issue on 10.04.

Open up Applications->Accessories->Passwords and Encryption Keys

Right click Passwords:login and unlock it.

You should be able to expand the tree and find a listing for vino. Right click and delete it.

Close Passwords and Encryption Keys.

Open gconf-editor as and navigate to /desktop/gnome/remote_access

Enter in your BASE64 encoded password into the vnc_password key.

Save the config and close the editor.

Reboot and you can now use your VNC client to connect to your machine without being first prompted with the keyring.

you can generate the base64 password at the command line;

echo -n "your password" | base64

Find and delete files recursively

find ./ -name '*.html' -print0 | xargs -0 rm -rf

Setting up liferay/tomcat as service on suse linux

1. Copy the attached file to /etc/init.d
2. Modify the paths
3. Run the following command to add the script as service
chkconfig --add liferay
---------------------------------
Filename: liferay



#!/bin/sh
#
# /etc/init.d/tomcat
#
# This is the init script for starting up the
#  Jakarta Tomcat server
#
# description: Starts and stops the Tomcat daemon.
#


tomcat=/media/Resources/data/www/liferay-portal-6.0.6/tomcat-6.0.29
startup=$tomcat/bin/startup.sh
shutdown=$tomcat/bin/shutdown.sh


start() {
  echo -n $"Starting Tomcat service: "
  sh $startup
  echo $?
}


stop() {
  echo -n $"Stopping Tomcat service: "
  sh $shutdown
  echo $?
}


restart() {
  stop
  start
}


status() {
  #ps -aef | grep liferay | grep -v tomcat6 | grep -v grep
  numproc=`ps -ef | grep liferay | grep -v "grep liferay" | wc -l`
  if [ $numproc -gt 0 ]; then
    echo "Liferay is running..."
  else
    echo "Liferay is stopped..."
  fi
}


# Handle the different input options
case "$1" in
start)
  start
  ;;
stop)
  stop
  ;;
status)
  status
  ;;
restart)
  restart
  ;;
*)
  echo $"Usage: $0 {start|stop|restart|status}"
  exit 1
esac


exit 0

Add a new user to SVN for UKSS

Login as root via SSH on UKSS

Here we are adding a new user with the username: user1

Add new user: useradd user1

Add Password for the new user: passwd user1

Add user to groups: 

gpasswd -a user1 svn

gpasswd -a user1 apache

How to get list of files greater than 512MB in linux

find / -type f -size +512000k -exec du -hs {} \;

Good website to design buttons

Good website to design your own buttons as per your requirements.

http://www.uiparade.com/wp-content/themes/artiste/live-tools/index.html#

PCI Compliance crossdomain.xml files changes

Since it has been marked as a serious threat in PCI Compliance I am making the below mentioned changes. 

File location: /home/webadmin/public_html/crossdomain.xml

Old line:     <site-control permitted-cross-domain-policies="all"/>

New Line:     <site-control permitted-cross-domain-policies="trusted"/>

Details by McFee

The Internet browser security model, known as Same-Origin Policy, prevents one domain from accessing content from another domain.

McAfee has detected that your web application contains a crossdomain.xml file that has an allow-all policy. A crossdomain.xml file allows a third party web applications using Adobe flash player to access data from the domain hosting the crossdomain.xml file.

The correct way to configure a crossdomain.xml file is to setup the file to only allow access from "trusted" web applications. The crossdomain.xml file detected on this host has an allow-all policy, means that your web application allows any web application on the internet to Interact with your data. Thus, your web application "trusts" the entire internet.

An attacker could leverage this by embedding a malicious Adobe Flash Player file into a web site on the internet and have that file access sensitive content stored on your web application. Sensitive information includes items such as personally identifiable information (PII) and user credentials.

It becomes very difficult if you have a development team of 30-35 people and all of them are making changes on daily basis and committing the same into SVN. But then the problem is you need to have someone who keeps on updating the SVN whenever there is a need. This results in lot of wasted time. So you can refer to the steps below to setup the POST_COMMIT system such that everytime a developer commits the public_html folder gets updated automatically. 

Let me know in case of any query of problem. 

Create repository:

1. login as root

2. Goto the SVN folder /home/svn/mysvn

3. Run the command: svnadmin create mynewsvn This creates a repository svnadmin create /path/to/repository

4. Run CHMOD and CHOWN commands to make it 775, and user1:user1 (user1 should be in the apache group as well as svn group) 

Auto Update system Setup:

1. Checkout repository wth a user (say user1)

2. Copy update_svn.php to the website's root folder (public_html or htdocs). We have copied this file to production root /home/mysite/public_html

3. Copy the svn_update_step1.sh and svn_update_step2.sh to svn's hooks folder. (/home/svn/mysvn/mynewsvn/hooks)

4. edit update_svn.php. Change the path of svn_update_step1.sh

5. Create key for 'user1'. follow the steps below:

login as 'user1'

ssh-keygen

leave passphrase empty

the keys will be stored in the /home/user1/.ssh folder

cd /home/user1/.ssh

cat id_rsa.pub > id_key_svn

permissions for /home/user1/.ssh folder and files in it should be 600

6. copy the id_rsa file to a location where apache can access it (/home/user1/id_key_svn this is the location because apache is running with USER1)

7. edit svn_update_step1.sh. Change the key path, user name, and location of svn_update_step2.sh

8. edit svn_update_step2.sh. Change the path of hook folder, path of website folder.

9. edit/create the hooks/post-commit file. add the following lines:

#!/bin/sh

wget http://localhost/update_svn.php

10. edit .profile file in /home/velocity folder and add the following lines at the bottom of the file:

ssh-agent bash

ssh-add ~/.ssh/id_rsa

If things don't work,

1. check if the key file works.

ssh -luser1 -i <path_to_key> <host_name>

User should be able to login without and password

2. Open the http://<host_name>update_svn.php. Check the apache error logs

3. login as velocity and run the post-commit/svn_update_step1.sh/svn_update_step2.sh and check the errors

----------------------------------------------------
Filename: .profile


ssh-agent bash
ssh-add ~/.ssh/id_rsa

----------------------------------------------------

Filename: post-commit

#!/bin/sh

wget http://localhost/update_svn.php

----------------------------------------------------

Filename: svn_update_step1.sh

ssh -i /home/user1/id_key_svn user1@localhost /home/svn/mysvn/mynewsvn/hooks/svn_update_step2.sh

----------------------------------------------------

Filename: svn_update_step2.sh

#!/bin/sh

cd /home/svn/mysvn/mynewsvn/hooks

rm -f filelist

rm -f log

echo "user " >> log

whoami >> log

svnlook dirs-changed /home/svn/mysvn/mynewsvn >> /home/svn/mysvn/mynewsvn/hooks/filelist; sed -i -e 's#^#/home/webadmin/public_html/#' /home/svn/mysvn/mynewsvn/hooks/filelist; cat /home/svn/mysvn/mynewsvn/hooks/filelist | xargs /usr/bin/svn up -N >> /home/svn/mysvn/mynewsvn/hooks/log

----------------------------------------------------

Filename: update_svn.php

<?php

$output = shell_exec('/home/svn/mysvn/user1/hooks/svn_update_step1.sh');

echo "<pre>$output</pre>";

?>

----------------------------------------------------