October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

Categories

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

Remove APF Firewall

How to Remove APF Firewall

# ser­vice ipt­a­bles stop

# chk­con­fig apf off

# /bin/rm –rfv /etc/apf

# /bin/rm –fv /etc/cron.daily/fw

# /bin/rm –fv /etc/init.d/apf

# ipt­a­bles –L –n

June 18th, 2012 | Category: IPTABLES | One comment

Tomcat listen on Server IP Address

Tomcat listen on Server IP Address

Connector Connector address=”192.168.1.10″ port=”8080″ protocol=”HTTP/1.1″ maxHttpHeaderSize=”8192″
maxThreads=”300″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” redirectPort=”8443″ acceptCount=”100″
connectionTimeout=”20000″ disableUploadTimeout=”true”

Connector executor=”tomcatThreadPool”
port=”80″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”8443″
address=”192.168.2.15″

June 18th, 2012 | Category: tomcat | Leave a comment

Change Tomcat default port to 80 and 443

Change Tomcat default port to 80 and 443

Tomcat by default runs on port number 8080, However there is high chance get a port conflict with others program. Sometime we just need to change the Tomcat port number.
Steps of changing the Tomcat Port

1) Locate server.xml in {Tomcat installation folder}\ conf \

2) Find following similar statement

Define a non-SSL HTTP/1.1 Connector on port 8180
Connector port=”8080″ maxHttpHeaderSize=”8192″
maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” redirectPort=”8443″ acceptCount=”100″
connectionTimeout=”20000″ disableUploadTimeout=”true”

or

A “Connector” represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080

Connector port=”8080″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”8443″

3) About Tomcat’s server.xml file cites it’s runs on port 8080. Change the Connector port=”8080? port to any other port number.

For example

Connector port=”80″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”8443″

Above statement instruct Tomcat server runs on port 80 and 443.

4) Edit and save the server.xml file. Restart Tomcat. Done

June 18th, 2012 | Category: tomcat | Leave a comment

LMD (Linux Malware Detect) on centos server

LMD (Linux Malware Detect) on centos server

Homepage: http://www.rfxn.com/projects/linux-malware-detect/
Description: Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

Step 1: Downloading, Installing LMD

cd /usr/local/src
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -zxvf maldetect-current.tar.gz
cd maldetect-*
./install.sh

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet

June 15th, 2012 | Category: Security on Centos | Leave a comment

Creating a self-signed SSL Certificate

Creating a self-signed SSL Certificate

How to Enable SSL FOR YOUR OWN WEBSITE.

For this you will need the openssl package. First we want to start by generating a private key.

root@localhost# openssl genrsa -out www.rmohan.com.key 1024
Generating RSA private key, 1024 bit long modulus
………….++++++
………………..++++++
e is 65537 (0×10001)

Then, we need to generate the certificate request and fill in the appropriate information. Make sure that the “Common Name” matches the domain you want to protect via SSL, so if you domain was www.rmohan.com, use that. If you wanted to protect rmohan.com (without the www.) then use that.

root@localhost# openssl req -new -key www.rmohan.com.key -out www.rmohan.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:www.rmohan.com
Email Address []:email@rmohan.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Next, generate the self-signed certificate. You can specify the number of days the cert is valid for.

root@localhost# openssl x509 -req -days 365 -in www.rmohan.com.csr -signkey www.rmohan.com.key -out www.rmohan.com.crt
Signature ok
subject=/C=/ST=/L=/O=/CN=www.rmohan.com/emailAddress=email@rmohan.com
Getting Private key

Next, move the certificate and keyfile into apache’s SSL directory.

mv www.rmohan.com.key /etc/httpd/conf/ssl.key/
mv www.rmohan.com.crt /etc/httpd/conf/ssl.crt/


SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.key/www.rmohan.com.key
SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/www.rmohan.com.crt

June 15th, 2012 | Category: SSL | 2 comments

JBOSS operations script

JBOSS operations script

The scripts are tested on RHEL 5

start_jboss.sh (for clustered environment)
————————————————————————–
JAVA_OPTS=”-Xms1303m -Xmx1303m -XX:MaxPermSize=256m
-Dorg.jboss.resolver.warning=true
-Dsun.rmi.dgc.client.gcInterval=3600000
-Dsun.rmi.dgc.server.gcInterval=3600000
-Dsun.lang.ClassLoader.allowArraySyntax=true”
JAVA_OPTS=”$JAVA_OPTS {you can add your custom JVM / application properties here}”

MULTICAST_ADDR={specify multicast addr}
BIND_ADDR=`getip.sh`
PARTITION=appname-partition1
SERVER={specify profile name}
SERVER_PEER_ID=`getserverpeerid.sh`

$JBOSS_HOME/bin/run.sh -b $BIND_ADDR -c $SERVER -g $PARTITION -u $MULTICAST_ADDR -Djboss.messaging.ServerPeerID=$SERVER_PEER_ID $JAVA_OPTS
echo “JBOSS start operation completed”
————————————————————————–
Note: One of the reasons to pass JVM arguments in the startup script is because the same startup script can be used for all servers in the cluster. Any parameter change can be made in this single file. You can also specify it in run.conf but you might want to sync run.conf in all servers.

getip.sh
————————————————————————–
grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 |awk -F= ‘{print $2}’
————————————————————————–

getserverpeerid.sh
————————————————————————–
HOST=`cat /proc/sys/kernel/hostname`
echo ${HOST:(-2)}
————————————————————————–
Note: you can customize the script to provide a numeral server peer id. This script gets the last two digits of host name.

June 15th, 2012 | Category: JBOSS | Leave a comment

Logging on Jboss

Logging on Jboss

Make your logging choices in the file
/opt/jboss5.0/jboss-as/server/default/conf/jboss-log4j.xml

App logs location can be defined in

For example, rollover can be done for each hour by uncommenting

June 15th, 2012 | Category: JBOSS | One comment

JBOSS Admin Console urls

JBOSS Admin Console urls

JBOSS
http://{ip_address}:8080/admin-console
http://{ip_address}:8080/jmx-console
http://{ip_address}:8080/web-console
http://{ip_address}:8080/web-console/status

June 15th, 2012 | Category: JBOSS | Leave a comment

SSL ON JBOSS

SSL ON JBOSS

SSL Setup is same as Tomcat Procedure

1) Create a keystore using keytool utility

#keytool can be found from Java runtime – /opt/jre1.6.0_18/bin/keytool
# Enter values as required

mkdir $JBOSS_HOME/ssl
cd $JBOSS_HOME/ssl

$ keytool -genkey -alias jboss -keyalg RSA -keystore jboss.keystore -validity 3650
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]: US
Is valuescorrect?
[no]: yes

Enter key password for
(RETURN if same as keystore password):
Re-enter new password:

A .keystore file will be created in the current directory.

2) Update /opt/jboss-eap-5.0/jboss-as/server/default/deploy/jbossweb.sar/server.xml with correct keystore values.

3) Restart the server. Test using https://{ip_address}:8443/context-root/filename.jsp

June 15th, 2012 | Category: JBOSS | One comment

Apache commands

Apache commands

#!/bin/sh
echo “————————”
echo “Verify Configuration”
echo “————————”
/opt/apache/bin/httpd -f /opt/apacheconf/httpd.conf -t -S

echo “————————”
echo “Start Apache”
echo “————————”

/opt/apache/bin/httpd -f /opt/apacheconf/httpd.conf -k start

echo “————————”
echo “List HTTP Processes”
echo “————————”
sleep 3
ps -ef | grep http

Custom script to stop Apache (stop_apache.sh)
#!/bin/sh

echo “————————”
echo “Stop Apache”
echo “————————”
/opt/apache/bin/httpd -f /opt/apacheconf/httpd.conf -k stop

echo “————————”
echo ” List HTTP Processes”
echo “————————”
sleep 3
ps -ef | grep http

rm /opt/apachelogs/*

List statically compiled modules
/opt/apache/bin/httpd -l or /opt/apache/bin/apachectl -l

Which mpm is used by apache?
/opt/apache/bin/apachectl -l

List all loaded modules
/opt/apache/bin/httpd -t -D DUMP_MODULES

June 15th, 2012 | Category: Apache | Leave a comment
« Newer Entries  
  Older Entries »