Showing posts with label installation. Show all posts
Showing posts with label installation. Show all posts

Wednesday, March 19, 2014

Installing OSSIM community edition in QEMU

Since OSSIM is based on Debian and it is a nightmare to compile it for something else (ehm, CentOS) I decided to use it in a headless QEMU virtual machine. To test cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole process, I first decided to do a regular installation of OSSIM, with display. But, I had a lot of obstacles while trying install OSSIM community edition in QEMU. It is even more interesting that when you google for ossim and qemu, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are almost no posts.

In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end, everything worked flawlessly but when using text based installation. To access text based installation edit boot command line (pressing TAB at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 initial boot screen) and at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end add cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:
DEBIAN_FRONTEND=text
And that gave me text based installation. Basically, AlienVault uses Debian's installer so anything that can be configured for Debian, can be for OSSIM too. Take a look into manual for furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r information.

Few things to be aware of when doing this:
  1. Don't use too small disk because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation will stuck without any notification what happened.
  2. I had problems with GUI based installation, and its fallback ncurses. The installation would stuck somewhere (e.g. in GUI after entering IP address, something would go wrong in package installation process, MySQL wasn't properly installed and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re were errors that starting failed, apache wasn't properly installed and Web console wasn't accessible, etc.)

CentOS 6

On CentOS cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no qemu-kvm like in Fedora. Instead, you have to use libvirtd. Be sure that libvirt is installed, before continuing. That means packages virt-install and libvirt are installed. Additionally, libvirtd daemon must bi started.

So, first create file for disk image. You can do this using dd, but even better is to use fallocate(1) command. Also, fetch OSSIM ISO image file. Now, to start installation process use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
virt-install -r 2560 --accelerate -n OSSIM \
        --cdrom /tmp/AlienVault_OSSIM_64Bits_4.3.4.iso \
        --os-variant=debiansqueeze --disk path=./sda.img \
        -w bridge --graphics vnc,password=replaceme
In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous command I'm giving to OSSIM 2.5G RAM (option -r), cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 name will be OSSIM, disk image is in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current directory (with respect to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command virt-install) and I'm using bridged networking. Finally, console will be available via VNC and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 password for access is replaceme.

There are several error messages you might receive when trying to start installation process:
ERROR    Error with storage parameters: size is required for non-existent disk '/etc/sysconfig/network-scripts/sda.img'
Well, this error message occured because I was trying to start installation process in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 wrong directory, i.e. cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one that didn't contain file for hard disk image.

The following error:
ERROR    Failed to connect socket to '/var/run/libvirt/libvirt-sock': No such file or directory
means that libvirtd daemon isn't started. Start it using:
service libvirtd on
and don't forget to make it start every time you boot your machine:
chkconfig libvirtd on
The next error:
Starting install...
ERROR    internal error Process exited while reading console log output: char device redirected to /dev/pts/1
qemu-kvm: -drive file=/root/AlienVault_OSSIM_64Bits_4.3.4.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw: could not open disk image /root/AlienVault_OSSIM_64Bits_4.3.4.iso: Permission denied
means that I placed ISO image in a directory where libvirt can not access it. Move image to, e.g. /tmp directory and try again.

After you managed to start installation process, connect to it using vncviewer application. libvirt-install binds vnc to localhost so you won't be able to access it directly from some remote host. This is actually OK, so you shouldn't change it, unless you know very well what you are doing. So, to connect to console, open terminal window and execute cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
ssh -L 5900:127.0.0.1:5900 host_where_installation_is_started
Now, in anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r terminal on local machine (i.e. cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one where you started previous ssh command) run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
vnc localhost
And that should be it. What happened is that with ssh you created a tunnel between your local machine and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 remote where virtual machine is being installed. So, don't stop ssh until you vnc session is running!

Thursday, March 13, 2014

Installing Snort 2.9.6.0 on CentOS 6.5 64-bit

Some time ago I wrote a post about installing Snort 2.9.1 on CentOS 6. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mean time I decided it's time to upgrade so cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 idea of this post is to document what changed with respect to that older post. In short, binary packages for CentOS 6 are now provided on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Snort's download page. So, you only need to download cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m and install (or install using URL). Yet, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a problem with a libdnet dependency (I don't know which one was used during compilation, but it certainly wasn't cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 one in EPEL).

Compiling and installing

In case you want to rebuild cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process is now almost without any problems. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following text I'll assume that you started with a minimal CentOS installation with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following packages installed (and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir dependencies, of course): gcc, make, bison, flex, autoconf, automake, rpmbuild.

First, download daq source rpm file. Before rebuilding it, you should install pcap-devel. This is actually something rpmbuild tool will warn you that you have to install. When you installed it, rebuild daq:
rpmbuild --rebuild daq
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n, install it:
yum localinstall ~/rpmbuild/RPMS/x86_64/daq-2.0.2-1.x86_64.rpm
Next, for snort you'll need libdnet library which is in EPEL. So, first install EPEL:
yum install http://mirrors.neterra.net/epel/6/i386/epel-release-6-8.noarch.rpm
Then, install necessary packages:
yum install libdnet-devel zlib-devel
Those two aren't listed as dependencies in Snort's SRPM file, so you'll get some cryptic error message. Now, download Snort's srpm file and rebuild it using:
rpmbuild --rebuild snort-2.9.6.0-1.src.rpm
Now, install it using:
yum localinstall ~/rpmbuild/RPMS/x86_64/snort-2.9.6.0-1.x86_64.rpm
That's all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is for installation.

Configuring and running

I'll assume that you are installing a fresh instance, i.e. no previous configuration. In case cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is previous installation be careful not to overwrite existing configuration. To configure snort you'll have to download snortrules archive. Then, unpack it:
mkdir ~/snort
tar xzf snortrules-snapshot-2960.tar.gz -C ~/snort
chown root.root ~/snort
Next you have to move files in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir place. First, move basic configuration file:
mv -f snort/etc/* /etc/snort/
Note that I'm using force option of move command to overwrite existing files. Next, move rules to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir place:
mv -i snort/rules snort/preproc_rules snort/so_rules /etc/snort/
Now, if you are using SELinux you should change context of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 files you moved to /etc/snort directory. Do it using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following commands:
chcon -R system_u:object_r:snort_etc_t:s0 /etc/snort
chcon -R system_u:object_r:lib_t:s0 /etc/snort/so_rules/precompiled/RHEL-6-0/
You should now modify configuration file. Here is a diff of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 changes I made:
--- snort.conf.orig 2014-03-13 11:25:53.889609831 +0100
+++ snort.conf 2014-03-13 11:37:32.419292894 +0100
@@ -42,16 +42,16 @@
 ###################################################

 # Setup cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network addresses you are protecting
-ipvar HOME_NET any
+ipvar HOME_NET 192.168.1.0/24

 # Set up cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 external network addresses. Leave as "any" in most situations
 ipvar EXTERNAL_NET any

 # List of DNS servers on your network
-ipvar DNS_SERVERS $HOME_NET
+ipvar DNS_SERVERS 192.168.1.8,192.168.1.9

 # List of SMTP servers on your network
-ipvar SMTP_SERVERS $HOME_NET
+ipvar SMTP_SERVERS 192.168.1.20

 # List of web servers on your network
 ipvar HTTP_SERVERS $HOME_NET
@@ -101,13 +101,13 @@
 # Path to your rules files (this can be a relative path)
 # Note for Windows users:  You are advised to make this an absolute path,
 # such as:  c:\snort\rules
-var RULE_PATH ../rules
-var SO_RULE_PATH ../so_rules
-var PREPROC_RULE_PATH ../preproc_rules
+var RULE_PATH rules
+var SO_RULE_PATH so_rules
+var PREPROC_RULE_PATH preproc_rules

 # If you are using reputation preprocessor set cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se
-var WHITE_LIST_PATH ../rules
-var BLACK_LIST_PATH ../rules
+var WHITE_LIST_PATH rules
+var BLACK_LIST_PATH rules

 ###################################################
 # Step #2: Configure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 decoder.  For more information, see README.decode
@@ -240,13 +240,13 @@
 ###################################################

 # path to dynamic preprocessor libraries
-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
+dynamicpreprocessor directory /usr/lib64/snort-2.9.6.0_dynamicpreprocessor/

 # path to base preprocessor engine
-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
+dynamicengine /usr/lib64/snort-2.9.6.0_dynamicengine/libsf_engine.so.0

 # path to dynamic rules libraries
-dynamicdetection directory /usr/local/lib/snort_dynamicrules
+dynamicdetection directory /etc/snort/so_rules/precompiled/RHEL-6-0/x86-64/2.9.6.0/

 ###################################################
 # Step #5: Configure preprocessors
And you can download cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 complete snort.conf file that worked for me. Be careful, you need to change IP addresses in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 configuration file to match your environment.

Finally, create two empty files, /etc/snort/rules/white_list.rules and /etc/snort/rules/black_list.rules.

Now, you should be able to start Snort, i.e.
# /etc/init.d/snortd start
Starting snort: Spawning daemon child...
My daemon child 1904 lives...
Daemon parent exiting (0)                         [  OK  ]

Tuesday, June 18, 2013

Upgrading Alfresco

This is a short note on how I upgraded Alfresco. The basic idea was to just replace WAR files while keeping configuration files with local modifications intact. To be able to do that, I'll unpack WAR archive, integrate changes I made to running instance of Alfresco, create new WAR archives and place cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m in tomcat webapps folder so that he unpacks and deploys cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m.

Preparation

So, I downloaded Alfresco 4.2.c. More specifically, I downloaded file alfresco-community-4.2.c.zip. The version I had was 4.0.d.

To find out what configuration files are changed in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 running instance I unpacked alfresco.war archive (that file is in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 downloaded archive) into a separate directory using unzip command. I suggest that you create directory alfresco, enter that directory and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n run unzip command. There, I run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following script:
#!/bin/bash
OLDPATH=/var/lib/tomcat6/webapps/alfresco/
for i in `find . -path ./WEB-INF/classes/alfresco/messages -prune -o -name \*properties -print`
do
        # If file doesn't exist we don't need to check it, go to next one
        [ -f $OLDPATH/$i ] || continue
        # If cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old and new files are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n skip it also
        cmp -s $OLDPATH/$i $i && continue
        # diff -uN $OLDPATH/$i $i | less
        echo $i
done
The script showed me what files have changed:
./WEB-INF/classes/test/alfresco/test-hibernate-cfg.properties./WEB-INF/classes/alfresco/model/dataTypeAnalyzers_en.properties./WEB-INF/classes/alfresco/workflow/invitation-nominated-workflow-messages_ja.properties./WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/move.post_it.properties./WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/move.post_de.properties./WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/move.post_nl.properties./WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/move.post_es.properties./WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/move.post_fr.properties./WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/move.post_ja.properties./WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/slingshot/wiki/move.post.properties./WEB-INF/classes/alfresco/domain/hibernate-cfg.properties./WEB-INF/classes/alfresco/repository.properties./WEB-INF/classes/alfresco/subsystems/email/OutboundSMTP/outboundSMTP.properties./WEB-INF/classes/alfresco/subsystems/thirdparty/default/swf-transform.properties./WEB-INF/classes/alfresco/subsystems/thirdparty/default/imagemagick-transform.properties./WEB-INF/classes/alfresco/subsystems/fileServers/default/file-servers.properties./WEB-INF/classes/alfresco/subsystems/Synchronization/default/default-synchronization.properties./WEB-INF/classes/alfresco/subsystems/Search/solr/solr-search.properties./WEB-INF/classes/alfresco/subsystems/Search/solr/solr-backup.properties./WEB-INF/classes/alfresco/subsystems/Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication/ldap-ad/ldap-ad-aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication.properties./WEB-INF/classes/alfresco/subsystems/Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication/ldap/ldap-aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication.properties./WEB-INF/classes/alfresco/subsystems/Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication/kerberos/kerberos-aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication.properties./WEB-INF/classes/alfresco/subsystems/Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication/alfrescoNtlm/alfresco-aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication.properties./WEB-INF/classes/alfresco/subsystems/Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication/passthru/passthru-aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication-context.properties./WEB-INF/classes/alfresco/subsystems/OOoDirect/default/openoffice-transform.properties./WEB-INF/classes/alfresco/version.properties./WEB-INF/classes/log4j.properties
Of those, localization files are not important (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ones ending in _[a-z][a-z].properties). If you uncomment a line containing less cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script will compare each file and show you difference in less. Based on that, I factored out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following configuration files that were changed:
./WEB-INF/classes/alfresco/repository.properties
./WEB-INF/classes/alfresco/subsystems/Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication/ldap/ldap-aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication.properties
./WEB-INF/classes/alfresco/subsystems/Aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication/kerberos/kerberos-aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication.properties
./WEB-INF/classes/log4j.properties
I also found that I didn't change mail configuration data in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file:
./WEB-INF/classes/alfresco/subsystems/email/OutboundSMTP/outboundSMTP.properties
The next step was to find what changes are due to local configuration, and which ones are due to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 changes in upstream. Namely, I'll take old configuration files but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 changes in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new version have to be propagated. It turned out that repository.properties doesn't have any changes, while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r three have. So, I started to change files in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new version of Alfresco, that I unpacked. Finally, when all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 changes are done, create new archive:
cd ..
mv alfresco.war alfresco.war.OLD
cd alfresco
zip -9rv ../alfresco .
cd ..
mv alfresco.zip alfresco.war
The first two commands rename old archive, next two create a new archive, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 final command changes name to have extension WAR. I assumed here that you unpacked original WAR archive into directory called alfresco.

All this has to be done with share.war archive too. In my case, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 script showed that only log4j.properties has been changed so I incorporated changes and created a modified share.war archive.

Update

Finally, I stopped tomcat, and alfresco using:
service tomcat6 stop
created a copy of existing alfresco and share directories in tomcat's webapp directory. I also renamed old alfresco.war and share.war, and moved cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ones I prepared in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir place. Take care about permissions, tomcat has to be owner of everything! Then, I started tomcat with:
service tomcat6 start
and also started to pray that it works. Well, almost, I watched logs (/var/log/tomcat6/catalina.out) because I doubt that praying would help. ;)

Everything was OK, i.e. errors that I received (openoffice, pdf2swf) were expected because I didn't inistalled cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. But, two errors were not expected:
java.io.FileNotFoundException: alfresco.log (Permission denied)
well, that one was cause by share.war not being able to reopen log file already being used by alfresco.war. So, I changed in appropriate log4j.properties that it uses its own separate log file. Except that it turned that I forgot to change log4j.properties. Anyway, I gave separate log to share.war just to be on a safe side and to finish this finally. The second error was:
java.net.BindException: Permission denied
That one was caused by FTP server not being able to bind to a low numbered port. This is OK, because I'm not running tomcat as a root. So, I'm safe to ignore it.

Tuesday, January 1, 2013

Fedora 18 installation

The first day of 2013. I switched to a new laptop, Lenovo W530, and Fedora 18. In this post I'll document what works and what doesn't work. Note that because of that this will be live post. Basically, this post originates from somewhere around Fedora 16 time and I never got it into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 state I thought it was good enough to be published. But, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n, I realized that it will never be finished, so I decided to turn it to published post. Note that I reworked this post to be exclusively about Fedora 18 on Lenovo W530. At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time this installation was performed Fedora 18 was still in beta stage, so, things might differ after Fedora 18 final is released. I decided to publish this post in unfinished state and to use it to document cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 progress I'm having with transition to a new laptop.

As usual, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r resources on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet about Linux on W530, and here are some more interesting I managed to find:
Also, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are some pages with information (somewhat) relevant to this combination (Fedora 18 and W530):

Hardware

I bought cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 W530 with 1T internal disk and 8GB RAM. And this was pretty good deal for this laptop. Additionally, on eBay I bought 512GB SSD disk and 32GB of RAM (4x8GB). The monitor has resolution of 1920x1600 and NVidia Card. The resolution was one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 things I wasn't particularly happy with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous laptop, which has 1600x1080.

Installation and first boot

I decided to use PXEBOOT to boot cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 machine and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n to install it over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network. It turned out that I had some problems with DHCP on my work network. Additionally, I had problems with Fedora's new installer which cause many errors during disk partitioning time. Everything boiled down to BTRFS selection being completely broken. LVM was much better, but it also had some quirks (like embedding host name in logical volume names). This host embedding was removed later. It should be noted that this was constantly worked on so if I tried cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same thing some ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r day, it could work. But, I didn't want to wait for some ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r day and in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end, I decided to mirror Fedora 18 development repository on my previous laptop and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n to install it from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re. The setup was basically cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following one: old and new laptops connected with crossover Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet cable, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old laptop was connected to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet with wireless Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet. On old laptop I mirrored cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole Fedora 18 directory tree. I also configured DHCP/TFTP and Apache to be able to do installation. I won't go into details how to do that because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a manual on Fedora pages which is quite good.

First boot

First boot is as usual except one tiny annoyance. Namely, for my UID and GID I use a specific values for a long time and first boot configuration screen doesn't allow me to proceed without defining new user while in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same time it

Customizations

Customization consists of tweaks to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system and adding external repositories in order for me to be able to install mplayer and similar software not distributed within Fedora, at least not in a usable way.

System customizations

One thing I change is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following line in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 /etc/nsswitch.conf file:
hosts:     files mdns4_minimal [NOTFOUND=return] dns
to be
hosts:     files dns
The reason is that in some local networks I'm using .local domain suffix and by default such names are resolved using mDNS (mdns4_minimal option). Since I'm using regular DNS for those names too, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are unresolvable unless I make this change.

RPM Fusion

RPM Fusion has some packages that are not shipped with Fedora. For example, different audio and video codecs are not in Fedora due to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 patent or some ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r issues. In that case you need RPM Fusion. RPMFusion supports different versions of Fedora, you can find a list here. You have to select one free and one non-free repository, copy link and paste it to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 terminal as an argument to 'rpm -i' command, or 'yum localinstall' command. This will add necessary yum configuration files. Now, you can install, for example, mplayer and vlc:
yum install mplayer vlc
There are ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r interesting packages, but I'll let you explore those for yourself.

Adobe Flash and Acroread

YouTube works without Flash thanks to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 HTML5 support in Firefox. But, not all videos on YouTube can work in HTML5 and also, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are sites on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet that can not live without Flash, so it has to be installed too.

On cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 download page cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is an option to retrieve YUM configuration files. So, chose YUM and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n you'll be offered to download file, about 4K in size. After you download it somewhere to your disk, install it using 'yum localinstall' command. Now, you can install flash using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
yum install flash-plugin
As for Acrobat Reader, you have to download rpm file and install it "manually". But, I think that it isn't so necessary because Evince works very well. There are sporadic cases when Evince has problems, mainly due to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 fonts, but ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise it's very good replacement.

Google Chrome

To install Google Chrome you'll need first to install Google Chrome manually and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n it'll add Google Chrome repositories. But, you can skip "manual" installation, i.e. add yum repository and install Chrome using yum. To do so create file /etc/yum.repos.d/google-chrome.repo and copy cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following content into that file:
[google-chrome]
name=google-chrome
baseurl=http://dl.google.com/linux/chrome/rpm/stable/x86_64
enabled=1
gpgcheck=1
Additionally, you have to install Google's signing key (or set gpgcheck in yum configuration file to 0, which is not advisable). Anyway, use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following two commands to import Google's rpm signing key:
wget https://dl-ssl.google.com/linux/linux_signing_key.pub
rpm --import linux_signing_key.pub
Now, just run yum install google-chrome-beta.x86_64, or google-chrome-stable.x86_64 or google-chrome-unstable.x86_64; depending on which version you want to run. Note that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are some ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r packages in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Google's Chrome repository. Use 'yum list google\*' command to get a list of those.

Virtualization

Fedora has a lot of virtualization options to choose from.

VirtualBox is part of RPMFusion free repository. So, you don't need to add anything extra to be able to install it, just run:
yum install VirtualBox
and that's it. Alternatively, you might want to install "official" Oracle's version. Oracle has yum repositories for Fedora (though not for Fedora 18 at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time this post was written) which you can find here, along with instructions on how to install those repositories.

In case you are using VMWare Workstation, you'll have to download it from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 VMWare's Web pages. I downloaded 64-bit trial version of VMWare 9.0.1 and installed it. It works, even though during installation process it created a file named ~ (tilde). It had exactly 1K, but I don't know what it is. Could be some problem in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation script. Apart from that, seems that VMWare works without any problems.

Note that on January 6th, kernel was updated to version 3.7.1 (to be precise 3.7.1-2). VMWare, as of 9.0.1, isn't compatible with that version of kernel and it doesn't work! But, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 solution is simple and easy to find on a net, execute cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following commands (as root) and everything should work again:
cd /usr/src/kernels/3.7.1-2.fc18.x86_64/include/linux
ln -sf /usr/src/kernels/3.7.1-2.fc18.x86_64/include/generated/uapi/linux/version.h .
That are two lines,but ln command is broken on a dash sign so when copying it join cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 two parts togecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r without any spaces in between. Also, if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 kernel version is different just change appropriate substrings.

In case you have version 3.7.1-5 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n version.h is removed and when you start VMWare Workstation it says it needs to rebuild drivers and after you confirm that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n it complains that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are no kernel headers. To fix this problem, execute cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following two lines:
cd /usr/src/kernels/3.7.1-5.fc18.x86_64/include/linuxln -sf /usr/src/kernels/3.7.1-5.fc18.x86_64/include/generated/uapi/linux/version.h .

Removing unnecessary software

This is something I did very thoroughly before, but as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time passes I do it less and less. The disk space cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se days is very cheap and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a plenty of it, also inter dependencies between packages are complex, so cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se days I do only few adjustments.

Removing Asian and Arabic fonts

I decided to remove those simply because it annoys me to have such a large number of options in dialogs where I need to select font to use, many of which I simply don't understand! So, I removed cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 packages that start with paktype and lohit using yum (i.e. issue yum remove paktype\*, lohit\*), wqy-zenhei-fonts, thai-scalable-waree-fonts, cjkuni-uming-fonts, jomolhari-fonts, vlgothic-fonts vlgothic-fonts-common un-core-dotum-fonts smc-meera-fonts sil-padauk-fonts sil-abyssinica-fonts paratype-pt-sans-fonts lklug-fonts khmeros-base-fonts.

UI Tweaks

I installed gnome-tweak-toolgcond-editor and dconf-editor packages to be able to tweak UI. Basically, a lot of things can be done from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Gnome's Tweak tool. But many can not. For example, modal windows by default are attached to a windows that opened cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, like it is done on MacOS X. But, I prefer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to be detached so that I can move cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m and access content behind cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. So, to change this behavior you should set /desktop/gnome/shell/windows/attach_modal_dialogs to true, e.g. like this (note that this should be a single line):
gconftool-2 --toggle /desktop/gnome/shell/windows/attach_modal_dialogs
This will toggle cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 value, if it was true it will become false and vice versa. To query current state use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following form:
gconftool-2 --get /desktop/gnome/shell/windows/attach_modal_dialogs
If you want to disable Fedora package search in Gnome, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a boolean key that controls that: org.fedoraproject.fedorapackages.search. Also, when you install Fedora fedmsg is enabled by default. You can disable it by toggling its key org.fedoraproject.fedmsg.notify.enabled.
 For cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last two keys you should use dconf, not gconf. Also note that I had some problems using command line client (probably my fault), so I suggest you use editor to inspect and change those values.

Successes and Problems

Failed login problem

For some unknown reason I'm unable to login in GNOME if SELinux is enabled. So, when I boot machine I have to first switch to some virtual console, login cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re as a root and issue 'setenforce 0'. I could do that accross boots (by modifying /etc/sysconfig/selinux file) but I want SELinux to be enabled so I'm waiting for this issue to be fixed.

 Audio problem

I had problems trying to play audio. Can't remember if that was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beginning or only after some update I did. Anyway, it turns out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem is with permissions. Namely, I, as an ordinary user, don't have permission to access devices and so PulseAudio is using dummy device. I searched a bit, but couldn't find. Temporary fix is to switch to root user and change ownership of /dev/snd directory to my username (chown -R username /dev/snd). Basically, PulseAudio immediatelly notices this and activates sound.

Video problems

Because of permissions I also had problems with gnome-shell and video. Namely, gnome-shell was taking 400% CPU (well, 4 CPUs actually) but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem was that it was doing software rendering. Running gnome-shell from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command line I got cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following error:
libGL error: failed to load driver: i965
libGL error: Try again with LIBGL_DEBUG=verbose for more details.
Two things confused me here. First, is X11 using NVidia or Intel? And second, why it was failing? So, I rerun gnome-shell with LIBGL_DEBUG set to verbose (and exported) and it was a bit more informative:
libGL: OpenDriver: trying /usr/lib64/dri/i965_dri.so
libGL error: failed to open drm device: Permission denied
libGL error: failed to load driver: i965
libGL: OpenDriver: trying /usr/lib64/dri/swrast_dri.so
libGL: Can't open configuration file /home/sgros/.drirc: No such file or directory.
libGL: Can't open configuration file /home/sgros/.drirc: No such file or directory.
When I saw permission errors I immediately knew that this was cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same bug as for audio. So, I did again chown -R username /dev/dri and restarted gnome-shell. Now, gnome-shell wasn't even on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process list.

As for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 question Intel or NVidia, glxinfo shows that it is using Intel. When I rebooted and looked into BIOS settings it turned out that NVIDIA Optimus dispaly setting was selected. What that setting does is that it activates both cards, but Intel is used by default and NVidia only when requested. To be able to use such configuration you'll need to install Bumblebee program.

Conclusion

As of this writing, to have working GNOME and to be able to login, after boot finishes and GDM presents you with a login screen you should switch to second virtual console (Alt+F2), login as root and execute cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following commands:
setenforce 0
chown username /dev/dri /dev/snd
This isn't necessary any more, at least not on fully patched Fedora 18 as of March 4th.

Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r notes

After working on W510 for two years I have to say that I'll need for some things time to get used to. First, keyboard is a bit different. Esc key is much smaller, PgUp and PgDn are with arrow keys instead in top left part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 keyboard. Actually, I'll have to get used to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 placement of all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r navigation keys as well.

Also interesting is that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no Caps Lock keyboard indicator, also, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are no Num Lock and Scroll Lock keys. It is problematic when you turn on Caps Lock without knowing it and suddenly things don't work and you don't know why until you realize that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem is in Caps Lock. I think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re should be led indicator on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 keyboard, but since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re isn't I found gnome shell extension that adds indicator to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 panel. Since I don't have Num Lock I turned out its indication.

Thursday, November 8, 2012

Installing certificate for Alfresco...

This post is continuation of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 post about installing Alfresco using native Tomcat6 installation (on CentOS6). If you followed steps given in that post, you have running Alfresco installation but Tomcat uses self-signed certificate.

To install your own certificate first obtain it (you can use your own, self managed, CA or you can buy commercial one), cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n install it on your Tomcat instance. You'll find a lot of information about this in SSL Howto on Tomcat's Web pages, but that page assumes that everything you do, you are doing using keytool.

Here is a quick Howto with an assumption that you have files newcert.pem (containing certificate), newkey.pem (containing private key) and cacert.pem (your CA certificate). By default, tomcat's keystore is in its home (/usr/share/tomcat6) and it is named .keystore. Keystore file is password protected and default password for it is changeit. Note that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 period isn't part of password! I suggest that you copy this file to root's home under cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 name keystore (note no leading dot!) or whatever else you wish so that you can restore old copy in case something goes wrong with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following steps.

The installation is two step process. First, you create keystore containing you certificate, private key and CA's certificate. In second step, you import that information to Tomcat's keystore.

First step is to pack certificate for Alfresco, its private key and CA's certificate into PKCS12 store using openssl tool as follows:
$ openssl pkcs12 -export \
        -in newcert.pem -inkey newkey.pem \
        -out mycert.p12 -name tomcat \
        -CAfile cacert.pem -caname root -chain
Enter Export Password:
Verifying - Enter Export Password:
This command assumes that all necessary files (newcert.pem, newkey.pem and cacert.pem) are in you current directory. Output of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 command is also stored into current directory. Note that you are asked for password that will protect all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data. Enter something or later you'll see cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following warning:
*****************  WARNING WARNING WARNING  *****************
* The integrity of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information stored in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 srckeystore*
* has NOT been verified!  In order to verify its integrity, *
* you must provide cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 srckeystore password.                *
*****************  WARNING WARNING WARNING  *****************
And cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n you'll receive cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following error:
keytool error: java.security.UnrecoverableKeyException: Get Key failed: / by zero
Second step is to import this pkcs12 file to tomcat's keystore using keytool as follows:
$ keytool -importkeystore -srckeystore mycert.p12 \
        -srcstoretype pkcs12 -destkeystore /usr/share/tomcat6/.keystore
Enter destination keystore password:
Enter source keystore password:
Existing entry alias tomcat exists, overwrite? [no]:  yes
Entry for alias tomcat successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
Again, input file is in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current directory and you are importing directly into tomcat's keystore. Note that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 existing certificate with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 alias tomcat will be removed and you are asked to confirm that! The default alias Tomcat searches when it start is called tomcat.

Third step is to change private key's password that has to be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same as for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 keystore. Do that using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
keytool -keypasswd -alias tomcat -new -keystore /usr/share/tomcat6/.keystore
You'll be asked for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 keystore's password and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 password for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 key will be set to keypassword.

And that's it. Restart tomcat and check if it is using new certificate.

Thursday, June 28, 2012

Installing Alfresco Community Edition on minimal CentOS...

In this post I'm going to describe how to install Alfresco Community Edition 4.0d starting with a minimal CentOS 6 installation. This will be a two part post after which I'm going to describe how to integrate Alfresco with FreeIPA for aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication and authorization purposes. The goal of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation is to use as much as possible software available in CentOS. The reason for doing so is that update process is easier, i.e. you only have to do yum update instead of manually downloading and installing updated software.

Environment and Configuration Parameters


I assume that you have CentOS installation ready. If not, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n install it, and if you need some info on how to do it, look at this post. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, I assume that Alfresco should reside within Intranet, i.e. local network. The reason is that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no need for Alfresco to be accessible from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet and thus it doesn't have to be in DMZ. I'll assign IP address 172.16.1.3 to this host. The FQDN of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host will be alfresco.example-domain.local. Now, if you have working DNS you should put this name into DNS, but it's not necessary, i.e. you can put it into /etc/hosts file of any host that will access Alfresco (including Alfresco itself) and that will do for now.

Alfresco needs a relational database. I'm going to use MySQL database. Furhtermore, I'll assume that this database is on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same host as Alfresco. This will allow me to restrict access to database. Unfortunately, standard JDBC driver for MySQL doesn't support access to database via Unix socket, so database has to be accessible via network stack. I'm going to restrict it to loopback interface.

Note that I started with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following state of disk usage:
# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1             7,0G  944M  5,7G  15% /

Prerequisite software installation


As for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 prerequsite software you have to install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following packages (all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m shipped with CentOS):
  • java-1.6.0-openjdk - unless you explicitly specify which java you want to be installed, gcc's version will be used and that one won't work with Alfresco.
  • tomcat6 - servlet container that will run Alfresco. It is mandatory to install this package. This, along with dependencies, will be 129M to download and will take about 382M disk space.
  • mysql-server - this is a package that holds server part of MySQL database.
  • mysql-connector-java - JDBC connector that will allow Alfresco to access MySQL database.
  • unzip - so that you can unpack Alfresco archive (which is distributed as a zip file)
So, install it using yum. This will download 168M which will expand into 503M. Afterwards, this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 state of disk usage:
# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1             7,0G  1,6G  5,1G  24% /

Configure MySQL database


We also have to prepare MySQL database, i.e. you have to do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following steps:
  1. Configure database to use UTF-8 by default.
  2. Configure it to listen only on loopback interface.
  3. Start database and set root password.
  4. Create alfresco database.
  5. Create alfresco user and assign it a password.
  6. Configure system to start MySQL database during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 boot process.
The first two steps are done by editing /etc/my.cnf file. Integrate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following lines with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 already existing content (i.e. to existing sections add missing lines, if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 section doesn't exist in my.cnf file add it along with all its lines):
[client]
default-character-set=utf8

[mysql]
default-character-set=utf8

[mysqld]
bind-address=127.0.0.1
character-set-server = utf8
collation-server = utf8_unicode_ci
init-connect='SET NAMES utf8'
character-set-server = utf8
Note that MySQL has to listen on loopback because JDBC doesn't allow connection via Unix socket, at least not without tweaks to Alfresco code itself.

Step 3 (i.e. set root password) is done by starting MySQL server and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n setting password:
/etc/init.d/mysqld start
/usr/bin/mysqladmin -u root password 'new-password'
String 'new-password' replace with your password (and keep quotes, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y prevent shell from interpreting any special character in password you might have!). You should be careful with this password as it is very critical peace of information!

Step 4 and 5 (create alfresco database and user) are done using mysql tool. So, first start this tool:
# mysql -u root -p
Enter password:
Welcome to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.1.61 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r names may be trademarks of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 current input statement.

mysql>
and now create database:
mysql> create database alfresco;
Query OK, 1 row affected (0.00 sec)
and grant alfresco user all permissions on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 database:
mysql> grant all privileges on alfresco.* to alfresco@localhost identified by 'PASSWORD';
Query OK, 0 rows affected (0.00 sec)
The word PASSWORD should be replaced with a password. Again, this one is critical since all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 data will be accessible if someone gets hold on that password. And, while you are at that, remove test database as it is not necessary and might even present security threat:
mysql> drop database test;
Query OK, 0 rows affected (0.00 sec)
That's it as far as mysql client is concerned. So, leave it using exit keyword.

Finally, we should configure system to start MySQL database on each boot. This is easily done with:
chkconfig mysqld on
OK, so much about database. One more thing before going to Alfresco installation. You have to configure tomcat so that it loads MySQL connector when starting, ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise Alfresco won't be able to connect to database! To to that, open file /etc/tomcat6/catalina.properties and search for line "shared.loader=". Add to that line string /usr/share/java/mysql-connector-java.jar, i.e. it shoud look now like this:
shared.loader=/usr/share/java/mysql-connector-java.jar
Save cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file and exit and that's it. Now on to Alfresco itself.

Alfresco Installation


First, go to Alfresco download site and download Community edition, i.e. download file alfresco-community-4.0.d.zip. Then, unpack it (using unzip tool) into a temporary directory:
mkdir tmp
cd tmp
unzip ../alfresco-community-4.0.d.zip
You'll have now few new directories. From directory web-server/webapps move files alfresco.war and share.war into tomcat webapps directory, i.e. into /var/lib/tomcat6/webapps. From now on, I'm going to reference that directory as $WEBAPPS, to shorten a bit typing. Now, start wait a minute and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n stop tomcat server. This is so that it unpacks alfresco and share war archives:
/etc/init.d/tomcat6 start
/etc/init.d/tomcat6 stop
In case you receive ERROR message trying to stop tomcat, wait a bit more and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n try again. Namely, until tomcat finishes initialization you can not stop it.

Note also that tomcat writes its logs into /var/log/tomcat6. You should monitor that directory when starting tomcat. More specifically, watch catalina.out file. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tip, I remove all log files before starting tomcat again so that it doesn't clutter new log messages with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old ones. Of course, I'm doing that only during installation phase. Later, it is very good idea to keep cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 logs around!

Go now into directory  $WEBAPPS/alfresco/WEB-INF/classes. There, you'll see file alfresco-global.properties.sample. Copy this file into alfresco-global.properties and change permissions to a more restrictive values:
cp alfresco-global.properties.sample alfresco-global.properties
chmod 600 alfresco-global.properties
and open it in editor. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following:
  1. Immediately at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beginning uncomment lines  dir.root and dir.keystore. Set dir.root to a directory where Alfresco will store data. I used /var/lib/alf_data (which of course, should be created manually!) but any value with enough storage will do. Also, change cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 owner of that directory to tomcat and restrict access permissions so that only user tomcat can enter into that directory (use permissions 700). dir.keystore should be set to $WEBAPPS/alfresco/WEB-INF/classes/alfresco/keystore.
  2. Uncomment lines db.username and db.password and set correct value for password (username is alfresco so that shouldn't be necessary to change). This password in plain text is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reason you had to change permissions of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 file.
  3. Find MySQL section, and in particular lines cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re db.driver and db.url and uncomment cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. Change cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 value of db.driver to com.mysql.jdbc.Driver.
Now, open file log4j.properties that is in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same directory as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous file, i.e. $WEBAPPS/alfresco/WEB-INF/classes. Find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following line:
log4j.appender.File.File=alfresco.log
And change it to:
log4j.appender.File.File=/var/log/tomcat6/alfresco.log
This line specifies where Alfresco will do its logging. The obvious place is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same directory where tomcat places its logs. Do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same change in file $WEBAPPS/share/WEB-INF/classes/log4j.properties.

Now, start tomcat again and try to open cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following URL in a Web browser: http://alfresco.example-domain.com:8080/alfresco. After a bit of wait you should be presented with a guest Alfresco home page. You can cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n logout and login as admin (U: admin/P: admin). Note that if you can not connect, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reason is firewall on Alfresco server. Temporarily turn off cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 firewall with:
/etc/init.d/iptables stop
and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n try again.

Don't forget to configure system so that tomcat is started after each reboot. Anyway, this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first part of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation. There are some more tweaks you should do that I'm going to describe in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following post. For cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of this post let me show cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 disk usage:
# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1             7,0G  2,1G  4,6G  31% /

Snort with MySQL support on 64-bit CentOS 6...

In one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous posts I wrote about compiling Snort 2.9.2.1 on 64-bit CentOS. The newest stable version of Snort now is 2.9.2.3 and I'll use that version from now on. But, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 old post is still valid for compiling that new one, so cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no need for anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r post.

But, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a problem. If  you tried to build Snort package with MySQL support like this:
rpmbuild --rebuild --with mysql snort-2.9.2.3-1.src.rpm
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n you certainly got cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following message:
checking for mysql...

**********************************************
  ERROR: unable to find mysqlclient library (libmysqlclient.*)
  checked in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following places
        /usr
        /usr/lib
        /usr/mysql
        /usr/mysql/lib
        /usr/lib/mysql
        /usr/local
        /usr/local/lib
        /usr/local/mysql
        /usr/local/mysql/lib
        /usr/local/lib/mysql
**********************************************

error: Bad exit status from /var/tmp/rpm-tmp.R2KI5J (%build)


RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.R2KI5J (%build)
Well, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem is that on 64-bit CentOS (and RHEL derivatives, including Fedora) 64-bit libraries are in /lib64 and /usr/lib64 directories. The easiest way to circumvent that problem is to do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following.

First, install SRPMS file so that it is unpacked:
rpm -ivh snort-2.9.2.3-1.src.rpm
Then, go to ~/rpmbuild/SPEC directory, and open file snort.spec in some text editor. Search for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following block:
   if [ "$1" = "mysql" ]; cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n
        ./configure $SNORT_BASE_CONFIG \
        --with-mysql \
        --without-postgresql \
        --without-oracle \
        --without-odbc \
        %{?EnableFlexresp} %{?EnableFlexresp2} \
        %{?EnableInline}
   fi
It's somewhere around line 231. Modify it to include line         --with-mysql-libraries=/usr/lib64, i.e. it should now look like follows:
    if [ "$1" = "mysql" ]; cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n
        ./configure $SNORT_BASE_CONFIG \
        --with-mysql \
        --with-mysql-libraries=/usr/lib64 \
        --without-postgresql \
        --without-oracle \
        --without-odbc \
        %{?EnableFlexresp} %{?EnableFlexresp2} \
        %{?EnableInline}
   fi
Save and close file. Then, start snort build using cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
rpmbuild -bb --with mysql snort-2.9.2.3-1.src.rpm
And that should be it...

Friday, October 28, 2011

Installing minimal CentOS 6.0 distribution

This post starts a three part series in which I'll describe in detail how to install Zimbra Open Source mail server on 64-bit CentOS distribution. The first part deals with CentOS installation itself. The second part talks about setting up split DNS server, and finally, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 third part will talk about setting up Zimbra server itself.

Before describing installation, I'm going to define cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 environment, and some basic parameters, in which this server is going to be deployed. Note that you can implement this network topology using VMWare or some similar product and in that way you can test that everything is working before doing actual installation.

So, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 network topology I'm going to assume is given in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following figure:

Network topology for Zimbra Mail server
What you can see in this figure is a future Zimbra server (on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right) with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IP address 10.0.0.2/24. This is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 server I'm going to describe how to install. We'll also assume domain example-domain.com. For cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment no additional parameters are needed, and in later post I'll introduce all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 necessary parameters on an as needed base.

Preinstallation considerations

When I perform CentOS installation I usually do minimal install because in that way I'm getting more secure system. Then, as need arises, I add additional packages. Sometimes it happens that even minimal installation (as defined by CentOS installer) has some packages I don't need and so I remove cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. But this state changes from release to release. For example, at one time minimal installation included isdn4k-tools which I didn't need as I was connecting my servers to Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rnet LAN. Apart from security concerns for such behavior, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re used to be additional reason to make minimal installation. Namely, to save disk space. But because of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 abundance of available disks space today, that reason is not valid any more, at least not for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 majority of cases.
 
Performing base system installation is in principle very easy. The potential problem is that you need to anticipate some parameters, three of which we are going to discuss in some detail. Those are file systems (and disks), network configuration and 32 or 64-bit installation.

For file systems cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following details have to be considered: partitions sizes, use of logical volume management and RAID. There is also question of exact file system type to use, but I won't discuss that one here. ext4 suffices in majority of cases.

When we talk about sizes of different directories, specially problematic ones in general could be /var and /home. But also, for example, /opt, or any ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r directory with application data and/or logs. Directories like /etc, /usr, /lib, and some ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs are in general constant in size during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system's deployment. What I would suggest is that you start with a minimum disk space required and when some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 aforementioned partitions has to have more space, you just create new partition, move content of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory this partition will replace, and finally mount cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 partition. Additionally, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 application you intend to install could significantly influence how your partitions are laid out. In any case, I don't allow installer to do manual partitioning by itself.

I try to avoid logical volume management if I can, if nothing else, just to remove one additional layer of complexity. But, in certain scenarios you'll have no choice but to use it, unless of course you want to have some nightmares later. When, for example, you are installing a production system that is going to be used for a long time and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re will be a large quantity of data (but you are uncertain how much exactly), in that case I would suggest that you use logical volume management. So, we have two extremes, on one side cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is a static system that wouldn't grow much in size with a simple file layout, and on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r side cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is heavily loaded server with lots of recorded data and/or very complex file system layout. Note that for small systems, maybe medium ones too, where you can have few hours of downtime any decision you made can later be changed. For example, you start without LVM, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n decide that you need to implement it so you add LVM partition under a single directory only, or you change everything apart from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 boot partition. It is relatively easy to do so and I'll describe that process in some future post.

Finally, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is also question about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 use of RAID, should you use it or not. There are several different possibilities:
  1. You are installing system on a local disk subsystem, with or without hardware RAID support.
  2. You are using remote disk storage.
  3. Installation is performed within virtualized environment (e.g. VMware, Citrix Xen, KVM)
In case you are using virtualized environment cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n you don't have to use RAID, actually, it is an overkill. The assumption is that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host itself has RAID to protect all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hosted virtual machines. Still, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is one exemption, and that is a production server running within ESXi. In case you are using ESXi with local storage and you don't have hardware RAID, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n you have to implement RAID in virtual machine. But I suppose that this case will be rare as it signals that you are using some poor hardware for production environment. Nevercá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365less, it is possible to do so, and maybe I'll describe that scenario in some future post too.

Next, if you are installing test server or something not particularity important, RAID is definitely an overkill. And finally, if you are using remote storage, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n also it is not necessary to use RAID because remote storage takes care of that (or at least it should).

This leaves us with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scenario of using local storage, installing an important server and a question should we use software and hardware RAID (if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no hardware RAID, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is obviously no dilemma). I personally prefer software RAID for a simple reason that I'm allowed to access individual disks using smartctl tool to monitor cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir health status. This is also a better solution for a number of low cost RAID solutions because those are, in essence, software RAIDs. Still, when you have some high end hardware that has very good hardware RAID and/or you need high performance cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n your route to go is definitely hardware RAID.

So, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last thing to consider is how to combine software RAID and LVM? I personally prefer using md RAID, and on top of that I install LVM.

While we are at disks we have to also consider swap partition size too. I doubt that more than few gigs of swap is of any use. It used to be a rule to have twice as much of swap as you have RAM. But in case you have 64G of RAM, to have 128G of swap is exaggeration. I usually put 2G, maybe 4G at most. Simply, this can be considered as a space for dormant applications. But if you have so many dormant applications that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y fill so much of a swap, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n you should probably tune your applications. And yes, if swap is used as a short term space for applications (i.e. cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are swapped out, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n shortly after that swapped in) that is also not good as it severely impacts cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 performance of a server. Finally, RAM is cheap, buy more RAM, not larger disk.

Second consideration, after file systems, we also have to consider network. Basically, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are only two options: dynamic or static addresses. That choice is relatively easy. If you are installing some sort of a server, machine that will be accessed by anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r machines/people, than it's better to assign static IP address. With dynamic address it could happen that DHCP server is unreachable for some reason and that server loses its IP address and stops functioning. On cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r hand, if you are installing workstation, that is, a machine that will access ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r machines, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n better option in majority of cases is to use dynamic assignment of addresses, i.e. DHCP. It brings some flexibility into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 system, with a price in lower security (which also can be adequately solved).

Finally, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 third consideration is whecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r to install 32 or 64 bit system. I strongly suggest that you install 64 bit system. Only in case you are running some application that requires 32 bit operating system and it is only supported on 32 bit operating system, you should use 32-bit system. In all ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r cases, as I said, use 64 bit. Here I implicitly assume that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 hardware you use is 64 bit. If it is not, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n that's also cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 case when you'll use 32-bit operating system. Note that it is possible to run 32-bit application on a 64-bit operating system! That is, it is not mandatory to install 32-bit installation to use 32 bit applications!

So, that's all about preinstallation considerations. Let us proceed to base system installation.

Installing base system

After all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 preinstallation considerations, I'll assume that we are going to install 64-bit system in a virtualized environment and that we don't expect this system to grow much in terms of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installed size and recorded data. So, I won't use RAID and neicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r I'm going to use LVM. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, it's definitely a server, so we'll use static IP address. Also, we'll assume that you have 8G of RAM in server, and we'll also allocate 2G of swap and 4G for a single root partition (no special /var, /home, etc.). Actually, minimal installation takes about 600MB, but this will grow for about 200M after first update. So, you have to have at least 1G for base system install.

Start by putting CD and booting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 machine (or attaching ISO image and starting virtual machine).

After cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation starts, it asks you cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following series of questions:
  1. Should cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installer check CD/DVD? In case you are using ISO image cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is certainly no need to do that. If you are using real DVD media, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n decide for yourself. I usually skip this step. After this question, graphical installation starts. Note that if you don't have enough RAM, you'll be forced into text based installation which has severely restricted number of options, e.g. you can not manually partition hard disk! Take a look into this post in case you did installation in text mode and want to switch to RAID.
  2. After you select Next you are first asked for language to be used during installation as well as for keyboard layout. The two are used only during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation process. Select cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ones that suite you, and select Next.
  3. Storage types used for installation. There are two options: Basic Storage Devices and Specialized Storage Devices. The first one you use when you are performing installation on local disks, while cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second one is for a shared storage. Just select Basic Storage Devices.
  4. Then, if this is a new computer, or a new disk, you are presented with a warning that disk(s) need to be reinitialized. Select button 'Re-initalize all'.
  5. You are asked to provide computer name. Enter here mail.example-domain.com. Then, click on button Configure Network. A new dialog will open.
  6. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newly opened dialog select tab Wired (if it isn't already selected) and in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re select option 'Auto eth0' and click on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 button Edit. New dialog will open.
  7. It is not necessary, but I change cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 name to be only eth0. Then, I select checkbox Connect automatically. This is mandatory because ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise your server will be unavailable until someone logs into it and connects it to network. This isn't something you want. :)
  8. Clik on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 tab IPv4 Settings. You'll see under Method option Automatic (DHCP). Change that into Manual and click on Add button. Then, add cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 address 10.0.0.2, change network mask to 24 (you'll be automatically offered 8) and enter gateway 10.0.0.1. Also, enter cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 IP address of public DNS server you are using until we configure our own DNS server. Finally, click Apply. Click Close to close network connections editor.
  9. Select cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 zone you are in and click Next.
  10. Next, you have to enter root password. Note that this is a vary important password so you should pick a strong one, or be certain in what you are doing! Anyway, after entering root password (twice) click Next. If you entered a weak password you'll be warned about it. Decide for yourself what you'll do, ignore it or change it to better one. In any case, eventually you'll proceed to next step.
  11. Now we came to partitioning step. Select Create Custom Layout and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n Next. You'll be transferred to disk editor. In disk editor create swap partition (2G) and root (6G) partition. Both are standard partition so when asked about partition type (after clicking Create button) just confirm default value (i.e. Standard Partition). When you click Next, you'll be asked if you are certain that changes should be written to a disk. To confirm, press button Write Changes to Disk.
  12. When asked about grub loader, just select Next.
  13. Now you are presented with a screen to select package selection to be installed. Select Minimal and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n Next.
Installation now starts so you should wait. Because it is minimal install it is finished quite soon. When all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 packages are installed press Reboot. At this moment, on CentOS 6.2 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 disk usage is:
# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1             7,4G  759M  6,3G  11% /

As a final step of a base system installation you should do update. But, in order to do so you'll have to add additional repository that isn't include by default, see some details here. In short, you should run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command as a root (this is one line, but it could be broken because of formatting in your browser!):
rpm -ivh ftp://ftp.funet.fi/pub/mirrors/centos.org/6/cr/i386/RPMS/centos-release-cr-6-0.el6.centos.i686.rpm
After that command successfully finishes, run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command to pick up all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 updates:

This additional repository isn't used any more, as far as I know. So just use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command to update installation:
yum update
When asked, confirm update. You'll also be asked to import CentOS signing key into RPM database. Check that this is a valid key, and confirm import process. That's all, base system is installed! Don't forget to reboot machine after upgrade since probably many important packages replaced with newer versions and to activate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m in already running processes you should reboot machine.

After update finished my disk usage was:

# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda1             7,4G  986M  6,1G  14% /
But cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exact values heavily depend on number of updates, so take this only as a rough guideline.

Adding some useful packages

As a final step of base system installation I'll list some additional packages you might want to install. I find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m very useful for debugging problems and checking system's correctness. Those packages are:
  • tcpdump - this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 packet sniffer. If something is wrong with a network you'll use this tool to see what's going on (or not, depending on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem :)).
  • strace - sometimes process behave oddly and in those cases you can use this tool to trace cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to see what's going on. It's not exactly dtrace, but in many cases is very hapeful.
  • telnet - when some server is apparently listening on some port and you can not access it for whatever reason this simple telnet client can help you try to connect, and using tcpdump see what's going on. It will even allow you to interact with server, e.g. mail server to send test email message.
  • lsof - swiss army knife that allows many thing to be queried from processes. For example, which ports are opened by a process, of to which process particular port belongs. Then what files are opened, etc. Very usefull tool, indeed.
  • ntpdate - this is a network time protocol that allows you to synchronize you machine's time clock with some accurate time server (e.g. zg1.ntp.carnet.hr).
  • rsync - for more efficiently copying data from and to server.
  • openssh-clients - to allow rsync to work and also to allow you to connect to remote machines from this server.
All those packages can be installed using yum followed by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 package name (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 name in bold).

Saturday, October 1, 2011

Installing Snort 2.9.1 on 64-bit CentOS 6...

I just installed Snort 2.9.1 on CentOS 6, and since that wasn't straightforward process, I decided to document all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 steps I did for a later reference. Also, maybe someone will find this useful so I placed it here.

The process of setting up Snort is divided into three phases, compilation, installation and configuration. Compilation phase is done entirely on auxiliary host, while installation and configuration phases are done on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 target host, i.e. on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 host where you wish to install snort.
Binary Snort packages from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 download pages are all for 32 bit machines. Furcá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rmore, SPEC file within provided SRPM has two bugs. The first one is that it wrongly links with libdnet.1 library that doesn't exist. I circumvented that problem as described below. The second problem is that not all pretprocessors are included into cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 final binary package. If you try to start snort and it fails with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following message in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 log file:
FATAL ERROR: /etc/snort/snort.conf(463) Unknown preprocessor: "sip".
cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n this is manifestation of that problem. Apart from sip; imap, pop and reputation pretprocessors are also missing. I have fixed spec file, and made cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new Snort SRPM package. If you trust me enough (but don't! :)), you can skip cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 compilation phase and obtain directly binary packages for daq and snort from my homepage. In that case, go to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation phase and continue from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re.

Compilation

As I said, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first problem with Snort is that on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 download page cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are no precompiled binaries for 64-bit versions of Linux distributions. Still cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re are SRPMS packages of Snort (extension src.rpm) and its prerequisite Daq so it isn't so bad. Download those packages, and rebuild cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, first daq and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n, after installing daq, snort itself. For rebuild process development environment is mandatory, i.e. compiler, development libraries, etc. Since probably you are going to run snort on firewall, or some machine close to firewall, it isn't good security practice to install development environment on target machine (i.e. firewall). So, find anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r machine with CentOS 6 and all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest updates (or install one) and perform build process cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re. You'll need at minimum to have package rpm-build-4.8.0-16.el6.x86_64, afterwards, any missing package will be reported and you can install it using yum. So, install rpm-build package, and try to start build process (do this as ordinary user!):
rpmbuild --rebuild daq-0.6.1-1.src.rpm
If missing packages are reported cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m (as superuser) and try to start build process again. Note that libdnet you can find in EPEL repository. Repeat this until build process is successful. Binary package you'll find in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory ~/rpmbuild/RPMS/x86_64/. Go cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re and install daq package:
yum localinstall --nogpgcheck daq-0.6.1-1.x86_64.rpm
Option nogpgcheck is necessary since we didn't sign binary package. Then, go back to directory where you downloaded daq and snort, and start snort build process:
rpmbuild --rebuild snort-2.9.1-1.src.rpm
This too can stop due to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 missing packages, so install any required package and restart build process. Do this until build process is successful.
Now you have daq and snort packages ready in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 build output directory ~/rpmbuild/RPMS/x86_64/. There are files daq-0.6.1-1.x86_64.rpm and snort-2.9.1-1.x86_64.rpm.

Installation

Transfer binary packages of snort and daq to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 target machine and install cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re:
yum localinstall --nogpgcheck daq-0.6.1-1.x86_64.rpm \
            snort-2.9.1-1.x86_64.rpm
It could happen also that you'll need additional packages, but any dependencies will be automatically retrieved and installed by yum. So, that's for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 installation phase.

Build process, for whatever reason, wrongly got dependency on libdnet library, it looks for libdnet.1 instead of libdnet.so.1. To check if this is problem in your case, just try to start snort:
# /etc/init.d/snortd start
Starting snort: /usr/sbin/snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory
                                                           [FAILED]
In case cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 output looks like that one, you have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 problem with libdnet.1 too. To solve it, to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory /usr/lib64 and run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
# ln -s libdnet.so.1 libdnet.1
This is actually a hack, since build process has a bug, but as I didn't want to look or modify build process, this was easier to do and I did it that way.

The error with library libdnet was caused by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 manually installed libdnet in /usr/local/ which had name libdnet.1 for whatever reason and that was picked by configure script. In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words, if you compile snort manually you'll not have that problem, only if you used old binary that I provided (now that is fixed!).
You'll also need to obtain snort rules and that requires you to register on Snort Web page. After registering, and downloading rules, unpack cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 archive you obtained in some directory. In cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following text I'm using package snortrules-snapshot-2910.tar.gz from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 September 1st, 2011 (and which was obtained on October 1st, 2011).

What you'll get is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following structure:
$ ls -1
etc
preproc_rules
rules
so_rules
Move directories preproc_rules, rules and so_rules into /etc/snort directory. Also, move cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of etc directory to /etc/snort directory overwriting any files cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re.

In case you have SELinux enabled snort will be prevented from starting because of wrongly labeled preprocessor plugins. This manifests itself with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following line in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 log files:
FATAL ERROR: Failed to load /etc/snort/so_rules/precompiled/RHEL-6-0/x86-64/2.9.1.0//smtp.so: /etc/snort/so_rules/precompiled/RHEL-6-0/x86-64/2.9.1.0//smtp.so: failed to map segment from shared object: Permission denied
Of course, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exact paths will differ depending on your exact installation. Note that snort runs as unconfined process and until I find a way to confine it this can be solved by running cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory /etc/snort/so_rules/precompiled/RHEL-6-0/x86-64/2.9.1.0 (note that this is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 directory reported in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 log file!):
# chcon system_u:object_r:lib_t:s0 *
Configuration

The final step is snort configuration prior to running it. Master configuration is stored in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 /etc/snort/snort.conf file, so open it with your favorite text editor and modify cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following lines:
  1. Line that reads ipvar HOME_NET any (cca. 45th line). Replace any with you network address. In my case that was 192.168.1.0/24.
  2. Line that starts with dynamicpreprocessor directory words (cca. 234th line). Parameter is directory and change this parameter to /usr/lib64/snort-2.9.1_dynamicpreprocessor/.
  3. Immediately following cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous line is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 line that starts with dynamicengine. Change cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 parameter of that line with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 value /usr/lib64/snort-2.9.1_dynamicengine/libsf_engine.so.
  4. And, immediately following cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 previous line is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 line that starts with words dynamicdetection directory whose parameter should be /etc/snort/so_rules/precompiled/RHEL-6-0/x86-64/2.9.1.0/.
  5. Also, you have to create two empty files, /etc/snort/rules/white_list.rules and /etc/snort/rules/black_list.rules. Alternatively, you can disable reputation pretprocessor (find line that begins with preprocessor reputation and comment out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole block.
Additionally, open /etc/sysconfig/snort file and look if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is something you need to change. For example, in case you have multiple interfaces on which you would like to run snort, you'll have to configure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m in that file.

Finally, start snort with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
# /etc/init.d/snortd stop
and, if snort should be started during cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 boot process, also run cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following command:
# chkconfig snortd on
And, that's it! :)

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive