|
|
TCP IP Port in SQL Server 2012
As an SQL Server Administrator you might need to find SQL Server TCP IP port configured for your SQL Server Instance. There are many reason to find it but most famous reasons is to give access to developer and set firewall exception if there is any. Generally 1433 is the default port but you may configure different ports if you have more than once SQL Server instance running or may be due to security reason you would like to change the default port of SQL Server.
There are few different ways to find the SQL Server 2012 TCP/IP port out of which I am going to mention few of the most used ways to reach TCP/IP port of SQL Server 2012.
1.) Read TCP IP Port of SQL Server 2012 from Registry:
This is one of the most used ways. Either go to registry to find TCP IP port or execute extended stored procedure in SQL Server itself to read registry.
DECLARE @tcp_port nvarchar(10)
EXEC XP_REGREAD
@rootkey = ‘HKEY_LOCAL_MACHINE’,
@key = ‘SOFTWARE\MICROSOFT\Microsoft SQL Server\MSSQL11.SQL2K12DEV\MSSQLServer\SUPERSOCKETNETLIB\TCP\IPAll’,
@value_name = ‘TcpPort’,
@value = @tcp_port OUTPUT
SELECT @tcp_port AS TCPIP_Port
GO
Read TCP IP Port From SQL Server 2012 Configuration Manager.
Open “SQL Server Configuration Manager” from Start Menu-> All Programs -> Microsoft SQL Server 2012 -> Configuration Tools -> SQL Server Configuration Manager. Refer following screen shot for more details:
Now move towards “SQL Server Network Configuration”-> Protocol for “SQLServerInstance”->TCP/IP property.
 
To assign a TCP/IP port number to the SQL Server Database Engine
-
In SQL Server Configuration Manager, in the console pane, expand SQL Server Network Configuration, expand Protocols for <instance name>, and then double-click TCP/IP.
-
In the TCP/IP Properties dialog box, on the IP Addresses tab, several IP addresses appear in the format IP1, IP2, up to IPAll. One of these is for the IP address of the loopback adapter, 127.0.0.1. Additional IP addresses appear for each IP Address on the computer. Right-click each address, and then click Properties to identify the IP address that you want to configure.
-
If the TCP Dynamic Ports dialog box contains 0, indicating the Database Engine is listening on dynamic ports, delete the 0.
-
In the IPn Properties area box, in the TCP Port box, type the port number you want this IP address to listen on, and then click OK.
-
In the console pane, click SQL Server Services.
-
In the details pane, right-click SQL Server (<instance name>) and then click Restart, to stop and restart SQL Server.
After you have configured SQL Server to listen on a specific port, there are three ways to connect to a specific port with a client application:
-
Run the SQL Server Browser service on the server to connect to the Database Engine instance by name.
-
Create an alias on the client, specifying the port number.
-
Program the client to connect using a custom connection string.
Firewall
To open a port in the Windows firewall for TCP access
-
On the Start menu, click Run, type WF.msc, and then click OK.
-
In the Windows Firewall with Advanced Security, in the left pane, right-click Inbound Rules, and then click New Rule in the action pane.
-
In the Rule Type dialog box, select Port, and then click Next.
-
In the Protocol and Ports dialog box, select TCP. Select Specific local ports, and then type the port number of the instance of the Database Engine, such as 1433 for the default instance. Click Next.
-
In the Action dialog box, select Allow the connection, and then click Next.
-
In the Profile dialog box, select any profiles that describe the computer connection environment when you want to connect to the Database Engine, and then click Next.
-
In the Name dialog box, type a name and description for this rule, and then click Finish.
To open access to SQL Server when using dynamic ports
-
On the Start menu, click Run, type WF.msc, and then click OK.
-
In the Windows Firewall with Advanced Security, in the left pane, right-click Inbound Rules, and then click New Rule in the action pane.
-
In the Rule Type dialog box, select Program, and then click Next.
-
In the Program dialog box, select This program path. Click Browse, and navigate to the instance of SQL Server that you want to access through the firewall, and then click Open. By default, SQL Server is at C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\Sqlservr.exe. Click Next.
-
In the Action dialog box, select Allow the connection, and then click Next.
-
In the Profile dialog box, select any profiles that describe the computer connection environment when you want to connect to the Database Engine, and then click Next.
-
In the Name dialog box, type a name and description for this rule, and then click Finish.
With Nagios using check_icmp is the way to go, it better and faster, below is an example configuration directive for setting the check-host-alive command which will be used by each host check.
# ‘check-host-alive’ command definition
define command{
command_name check-host-alive
command_line $USER1$/check_icmp -H $HOSTADDRESS$ -w 30,5% -c 100,20% -p 1
}
time ./check_icmp -H 10.60.48.244 -n 5
OK – 10.60.48.244: rta 0.519ms, lost 0%|rta=0.519ms;200.000;500.000;0;pl=0%;40;80;;
0.00u 0.01s 0:00.33 3.0%
time ./check_ping -w 100,100% -c 500,100% -H 10.60.48.244
PING OK – Packet loss = 0%, RTA = 0.00 ms
0.01u 0.00s 0:04.01 0.2%
time ./check_fping -H 10.60.48.244 -n 5
FPING OK – 10.60.48.244 (loss=0%, rta=0.640000 ms)|loss=0%;;;0;100 rta=0.000640s;;;0.000000
0.00u 0.01s 0:04.56 0.2%
Find and replace with VI on a pathname is a bit tricky you ned to use escape characters.
In this case /bin/mail should be replaced with /usr/bin/mail
The command below would do it:
:%s/\/bin\/mail/\/usr\/bin\/mail/g
Here is an example of find and replace with VI, this will replace every instance of the “findthistext” string in the file with “replacewithtext”. Neat saves lots of typing!
:%s/findthistext/replacewithtext/g
DDOS attacks are under the limelight (and the media) from the Wikileaks affair.
It is quite difficult to detect attack because unlike most “traditional” attacks, it is based on the fact that flood the target machine requests from a large number of zombie machines (ie infected a program that will launch an attack).
In this post we will see how to use Nagios to send alerts when it detects an attack type DDOS SYN Flood .
For that I developed (licnce under GPL v3) a Nagios plugin available at following address:
https://raw.github.com/nicolargo/nagiosautoinstall/master/check_ddos.pl
Installing the script
It requires a properly configured Nagios server.Then run the following commands:
cd /usr/local/nagios/libexec
sudo rm -f check_ddos.pl
wget https://raw.github.com/nicolargo/nagiosautoinstall/master/check_ddos.pl
chmod a+rx check_ddos.pl
sudo chown nagios:nagios check_ddos.pl
Test script:
./Check_ddos.pl -w 50 -c 60
No DDOS attack detected (5/50)
Nagios configuration
To add a service DDOS SYN Flood detection on the local machine (light to check DDOS attacks to the server hosting Nagios) must initially commands.cfg edit the file (by default in the / local / usr / nagios / etc / objects) to add the new control detection DDOS SYN Flood:
# check_ddos
define command{
command_name check_ddos
command_line $USER1$/check_ddos.pl -w $ARG1$ -c $ARG2$
}
Then you have to edit the file localhost.cfg (which is also found in the /usr/local/nagios/etc/objects)
# Warning: >50 SYN_RECV
# Critical: >70 SYN_RECV
define service{
use local-service
host_name bilbo
service_description DDOS SYN Flood detect
check_command check_ddos!50!70
}
So we just define a service that will send a Warning alert when the server has more than 50 connections SYN_RECV open type (more than 70 for a Critical alert ). These figures are of course tailored to the individual servers …
As a bonus, if an alert is generated, the plugin displays the top 10 IP addresses of zombie machines (useful for blocking with iptables firewall rules ).
If you want to monitor DDOS SYN Flood attacks on another machine, you must use the NRPE plugin that will make the interface between the Nagios server and the server to monitor.
Sometimes RPM databases become corrupt. You will no longer be able to install/upgrade/remove programs using YUM or RPM command. Even RPM quey simply gets hung.This is the case when you need to repair RPM databases.
To repair do the following:
cp -rp /var/lib/rpm{,`data +%F`.bk}
This command is to take a backup of ‘ /var/lib/rpm‘ directory
rm -f /var/lib/rpm/__db*
This command clears the RPM database. Then enter the following command,
rpm -vv –rebuilddb
This command rebuild database in in verbose mode so that you see the process. Now your RPM database is perfect.
You can just check following command to confirm this.
rpm -qa
irst locate the log file for your site. The generic log is generally at /var/log/httpd/access_log or/var/log/apache2/access_log (depending on your distro). For virtualhost-specific logs, check the conf files or (if you have one active site and others in the background) run ls -alt /var/log/httpd to see which file is most recently updated.
cat access.log| awk ‘{print $1}’ | sort | uniq -c |sort -n
Find out targets the last 5,000 hits:
tail -5000 access.log| awk '{print $1}' | sort | uniq -c |sort -n
Finally, if you have a ton of domains you may want to use this to aggregate them:
for k in `ls --color=none`; do echo "Top visitors by ip for: $k";awk '{print $1}' ~/logs/$k/http/access.log|sort|uniq -c|sort -n|tail;done
This command is great if you want to see what is being called the most (that can often show you that a specific script is being abused if it’s being called way more times than anything else in the site):
awk '{print $7}' access.log|cut -d? -f1|sort|uniq -c|sort -nk1|tail -n10
If you have multiple domains on and on a PS (PS only!) run this command to get all traffic for all domains on the PS:
for k in `ls -S /home/*/logs/*/http/access.log`; do wc -l $k | sort -r -n; done
Here is an alternative to the above command which does the same thing, this is for VPS only using an admin user:
sudo find /home/*/logs -type f -name "access.log" -exec wc -l "{}" \; | sort -r -n
If you’re on a shared server you can run this command which will do the same as the one above but just to the domains in your logs directory. You have to run this commands while your in your user’s logs directory:
for k in `ls -S */http/access.log`; do wc -l $k | sort -r -n; done
grep apache access.log and list IP’s by hits and date:-
grep Mar/2013 /var/log/apache2/access.log | awk '{ print $1 }' | sort -n | uniq -c | sort -rn | head
HOW TO CHECK WHETHER LINUX SERVER IS UNDER DDOS ATTACK
DDOS – Distributed Denial of service attack
DDOS or DOS (Denial of service ) is an attack in the server , where the server resources become unavailable to the users. It can be typically defined as the loss of network connectivity and services by consuming the bandwidth and resources of the victim network or overloading the victim server. Attempts to “flood” a network with bogus packets , there by preventing legitimate traffic is the common form of attack.
Display all active Internet connections to the server and only established connections are included.
#netstat -an | grep :80 | sort
Show only active Internet connections to the server on port 80 and sort the results. Useful in detecting a single flood by allowing you to recognize many connections coming from one IP.
#netstat -n -p|grep SYN_REC | wc -l
To find out how many active SYNC_REC are occurring on the server. The number should be pretty low, preferably less than 5. On DoS attack incidents or mail bombs, the number can jump to pretty high. However, the value always depends on system, so a high value may be average on another server.
#netstat -n -p | grep SYN_REC | sort -u
List all IP addresses involved.
#netstat -n -p | grep SYN_REC | awk ‘{print $5}’ | awk -F: ‘{print $1}’
List all the unique IP addresses of the nodes that are sending SYN_REC connection status.
#netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
Use netstat command to calculate and count the number of connections each IP address makes to the server.
#netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
List the number of connections the IPs are making to the server using TCP or UDP protocol.
#netstat -ntu | grep ESTAB | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr
Check on ESTABLISHED connections instead of all connections, and display the number of connections for each IP.
#netstat -plan|grep :80|awk {‘print $5?}|cut -d: -f 1|sort|uniq -c|sort -nk 1
Synchronizing data beetween two directories
# rsync -rv <src> <dst> –progress
Rsync two directories with filtered extensions
# rsync -rv –include ‘*/’ –include ‘*.txt’ –exclude ‘*’ srcDir/ desDir/
Rsync a directory excluding pesky .svn dirs
# rsync -rv –exclude .svn src/dir/ dest/dir/
Sync Source Directory to Destination Directory
# rsync -avzE -e –process /var/www/html/deploy root@X.X.X.X/backup/testing/project
# rsync -avzE /var/www/html/deploy root@X.X.X.X://backup/testing/project/
src :- source
dst :- destination
-v :- increase Verbosity
-a :- archive mode
-r :- recurse into directories
-e :- Specify remote shell to use
-r :- for recursive (if you want to copy entire directories)
–process :- to show a progress bar)
Add the following attributes to the <Connector> in Tomcat’s server.xml to hide web server version in Tomcat at line no- 73 :-
# vim apache-tomcat/conf/server.xml
<Connector port=”8080? protocol=”HTTP/1.1?
connectionTimeout=”20000?
redirectPort=”8443?
server=”Tomcat” />
|
|
Recent Comments