Category Archives: Redhat

PHP: How do I install phpsh, interactive shell prompt for php under CentOS or Fedora?

4 Replies

phpsh requires readline support built into python. It also requires python version 2.4+. You can check which version of python you have installed by typing:

python -V

Let us download and install readline:

wget ftp://ftp.cwru.edu/pub/bash/readline-5.2.tar.gz
tar zxf readline-5.2.tar.gz
cd readline-5.2
./configure
make install

Now let us install python with readline support:

wget http://www.python.org/ftp/python/2.5.1/Python-2.5.1.tgz
tar zxf Python-2.5.1.tgz
cd Python-2.5.1

I had some problems on one of the servers where it would not compile readline support in to python. I was able to compile reading support in to python by:

echo "readline readline.c -lreadline -ltermcap" >> Modules/Setup.local

Now let us continue with python installation.

./configure --prefix=/usr/local/python-2.5.1 --enable-readline
make -i install

If you do not do “make -i install”, install may fail with following error (-i means ignore any errors):
Compiling /usr/lib/python2.5/zipfile.py ...
make: *** [libinstall] Error 1

If you scroll up, you will find following error which seems to be the root cause:

Compiling /usr/lib/python2.5/test/test_multibytecodec.py ...
Sorry: UnicodeError: ("\\N escapes not supported (can't load unicodedata module)",)

Once you do python install with make -i install, that library (unicodedata.so which is not built until later stage of build process) gets installed. If you want, you can type make install once again (without ignoring errors) and it will complete without errors.

Once you have python installed, you would want to use the new version. I like to keep a backup of old files in case I have to use older version for any reason. Run following which creates symbolic links and makes backups of current files:

for binaries in `find /usr/local/python-2.5.1/bin/*` ; do
mv /usr/bin/`basename ${binaries}` /usr/bin/`basename ${binaries}`.bak
ln -s ${binaries} /usr/bin/`basename ${binaries}`
done

Now let us get phpsh and try it out:

wget http://www.phpsh.org/phpsh-latest.tgz
tar zxf phpsh-latest.tgz
cd ../phpsh
chmod +x phpsh
./phpsh

At this point you should be at the shell: php>

Following is a snippet from README file which comes with phpsh. You should take a look since it has more details on how to use phpsh:

Type php commands and they will be evaluated each time you hit enter. Ex:
php> $msg = "hello world"
Put = at the beginning of a line as syntactic sugar for return. Ex:
php> = 2 + 2
If you end a line with a backlash (\), you can enter multi-line input.
For example,
php> print "like \
... this"
like this
php>

There we go. Now you have a great interactive php shell prompt. Note that there is interactive mode built into php as well. I personally do not like it as much but you can try it out for yourself by typing:

php -a
Interactive mode enabled
echo "Hello world";
Hello world

————————————-
DISCLAIMER: Please be smart and use code found on internet carefully. Make backups often. And yeah.. last but not least.. I am not responsible for any damage caused by this posting. Use at your own risk.

MySQL: How do I import individual table dump files in to MySQL using shell script?

12 Replies

After I wrote the post: How do I dump all tables in a database into separate files? I got emails from couple people asking how to import the individual table files back in to MySQL. First way to import each sql file created by the post is to import each file individually by typing:mysql db_name < table1.sql This will work as long as you are only importing few files. But if you need to import all of the files in the directory, which could be in 100’s, this method does not scale well. To achieve this I wrote a shell script which does the work for me. Of course, there are other ways to do this and I am only showing you one way of doing it. This works for me so here it is:

#!/bin/bash
db=$1
if [ "$db" = "" ]; then
echo "Usage: $0 db_name"
exit 1
fi
mkdir done
clear
for sql_file in *.sql; do
echo "Importing $sql_file";
mysql $db< $sql_file;
mv $sql_file done;
done

Related posts:

————————————-
DISCLAIMER: Please be smart and use code found on internet carefully. Make backups often. And yeah.. last but not least.. I am not responsible for any damage caused by this posting. Use at your own risk.

Subversion (SVN): How do you set up backup for your Subversion repositories?

18 Replies

Subversion is becoming more and more popular every day. To get quick installation guide, see my post on installing Subversion. Once you have Subversion set up, make sure you have backups of repository setup! This is one of those things most people forget to do. If you followed the installation guide and did source install, you already have a tool available to you. You can find hot-backup.py tool in the tools/backup/ directory of the Subversion source distribution. One thing about this script is that it doesn’t backup all your repositories. Which might be an issue if you create more repositories but forget to create a script to backup that particular repository. Here is a very simple shell script to help you backup all of your subversion repositories. You can edit it to point to different /svn location if you didn’t install to default location. Make sure you copy hot-backup.py to a location which is included in your path so your scripts will work.

mkdir /backups/repos -p
for repostobackup in `ls /svn/` ; do
filename=`basename ${repostobackup}`
if [ ! $filename = "" ]; then
hot-backup.py --archive-type=bz2 /svn/${filename} /backups/repos
fi
done

This will create your backup files and compress them using bzip2. You can also use zip or gz if you prefer. Another thing you should do is to edit the hot-backup.py script and change num_backups to be whatever you think is a good number. I personally use: num_backups = 10

That’s all there is to it. Just add this script to your crons and your backups will be automated. You may want to consider moving your backups to another server by adding ftp, scp or rsync at the end of the script.

SSH: Setting up public key authentication over SSH (CentOS, Redhat, Linux, Fedora)

25 Replies

Before we go in to details on how to set up public key authentication, I would like to talk about pros and cons about doing this. After you know the pros and cons, you can make an educated decision. First, let us talk about biggest benefit about setting up public key authentication over ssh. Once you set up the keys correctly, you will not need to enter password to access the other server. For example, you can just type ssh example.com and you will be logged in. This is the method you must use if you want to set up scripts which are run from crontab. For example, you may have rsync script running which does backups from one server to another every night. With every good thing, comes a bad thing. So let us say “somebody” has access to server1 as root. This somebody could be designated user or it could be a hacker who has gain root access to server1. Now since we have public key authentication over ssh setup between server1 and server2, this “somebody” now can access server2. As you can see, this can be a problematic. Now you know number one pro and con about setting up public key authentication over ssh. Let us now go on and actually go through process to setup keys.

On server1, you type: ssh-keygen -t rsa (just press enter to keep accepting defaults). You should see something like this:

ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a2:b2:aw:w2:63:25:2a:62:fs:d5:ff:fd:11:f1:aa:60 root@server1

Fingerprint for your server will be different. Now cat /root/.ssh/id_rsa.pub Copy the contents it displays. You will need this for server2. Paste it into notepad or any other text editor and make sure it pastes as one line. This is very crucial you check this.

Now login to server2. Create the public key by typing: ssh-keygen -t rsa (this is same thing we did on server1). Once you are done, type vi /root/.ssh/authorized_keys2

Paste the content you copied earlier on server1. Make sure it is all on one line. Save/exit.  At this point, we should change the permissions on the file to make sure sshd likes it:  chmod 600 /root/.ssh/authorized_keys2

Go back to server1 and type ssh server2 You should be logged in with out having to put in a password. If you are prompted for password still, check server2 /root/.ssh/authorized_keys2 file and make sure everything you pasted is one line.

That is all you have to do set up public key authentication over ssh!

————————————-
DISCLAIMER: Please be smart and use code found on internet carefully. Make backups often. And yeah.. last but not least.. I am not responsible for any damage caused by this posting. Use at your own risk.

Bind: Quick install guide to install and setup Bind (DNS server) in secure (chroot) environment in Linux (CentOS, Redhat Enterprise (RHEL), Fedora).

21 Replies

There are a lot of great articles on setting up Bind and some of them even go in great details on setting up secure DNS server using Bind. I have used one them time after time called: Linux Howto: Chroot Bind How To. One of the things I do not like about it is that I had to read over things which I really do not need to know or already know. So I have put together this quick wow To based on this great how to. Setting up secure DNS server using bind is not very complicated.

Let us dive into this. First we create user and set up directory structure.

echo "named:x:200:200:Nameserver:/chroot/named:/bin/false" >> /etc/passwd
echo "named:x:200:" >> /etc/group
mkdir -p /chroot/named
cd /chroot/named
mkdir -p dev etc/namedb/slave var/run
chown -R named:named /chroot/named/etc/namedb/slave
chown named:named /chroot/named/var/run
mknod /chroot/named/dev/null c 1 3
mknod /chroot/named/dev/random c 1 8
chmod 666 /chroot/named/dev/{null,random}
cp /etc/localtime /chroot/named/etc/

vi /etc/sysconfig/syslog
edit the line which starts with SYSLOGD_OPTIONS and edit it to look like: SYSLOGD_OPTIONS=”-m 0 -a /chroot/named/dev/log”
Let us restart syslog to use new settings and let us secure the physical files on the server.

/etc/rc.d/init.d/syslog stop
/etc/rc.d/init.d/syslog start
chown root /chroot
chmod 700 /chroot
chown named:named /chroot/named
chmod 700 /chroot/named
cd /chroot/named
chattr +i etc/localtime var

Let us clean up previous bind install since most linux installations have named (bind) pre-installed.

rpm -qa |grep bind
rpm -e --nodeps <copy-paste-all-the-packages-separated-by-space>

Let us get the source files for bind and install it. At time of writing, bind 9.4.1 is the latest.

wget http://ftp.isc.org/isc/bind9/9.4.1/bind-9.4.1.tar.gz
tar zxpfv bind-*.gz
cd bind*
./configure
make && make install

copy following content to /etc/init.d/named

#!/bin/sh
#
# named This shell script takes care of starting and stopping
# named (BIND DNS server).
#
# chkconfig: 345 55 45
# description: named (BIND) is a Domain Name Server (DNS) \
# that is used to resolve host names to IP addresses.
# probe: true
#
# Source function library.
. /etc/rc.d/init.d/functions
#
# Source networking configuration.
. /etc/sysconfig/network
#
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
#
[ -f /usr/local/sbin/named ] || exit 0
[ -f /chroot/named/etc/named.conf ] || exit 0
#
# See how we were called.
case "$1" in
start)
# Start daemons.
echo -n "Starting named: "
daemon /usr/local/sbin/named -u named -t /chroot/named -c /etc/named.conf
echo
touch /var/lock/subsys/named
;;
stop)
# Stop daemons.
echo -n "Shutting down named: "
kill `pidof named`
echo
rm -f /var/lock/subsys/named
;;
status)
status named
exit $?
;;
restart)
$0 stop
$0 start
exit $?
;;
reload)
/usr/local/sbin/rndc reload
exit $?
;;
probe)
# named knows how to reload intelligently; we don't want linuxconf
# to offer to restart every time
/usr/local/sbin/rndc reload >/dev/null 2>&1 || echo start
exit 0
;;
#
*)
echo "Usage: named {start|stop|status|restart|reload}"
exit 1
esac
#
exit 0

Make it executable: chmod +x /etc/init.d/named
Let us set it so “named” will automatically start at boot up: chkconfig --add named

Save follow code into /chroot/named/etc/named.conf
options {
recursion no; // this will disable lookups against our server recursion no;
directory "/etc/namedb"; // Working directory
pid-file "/var/run/named.pid"; // Put pid file in working dir
forwarders {
10.10.10.10; //ip of dns server to forward requests to
};
statistics-file "/var/run/named.stats";
query-source address * port 53;
version "Bind 10";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
// Root server hints
zone "." {
type hint;
file "root.hint";
};
// Provide a reverse mapping for the loopback address 127.0.0.1
zone "0.0.127.in-addr.arpa" {
type master;
file "db.127.0.0";
notify no;
};

Save following in /chroot/named/etc/namedb/root.hint

; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
;
; last update: Nov 5, 2002
; related version of root zone: 2002110501
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by IANA
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File

This should get you started. Now just create appropriate zone files and you are good to go.

————————————-
DISCLAIMER: Please be smart and use code found on internet carefully. Make backups often. And yeah.. last but not least.. I am not responsible for any damage caused by this posting. Use at your own risk.