experience of Mandriva Linux , C++, MPICH, and linux application software: 2010

2010/8/27

security for sshd server

Recently, I suffer a lot attack from china IP.

I set some security rules for sshd server

1. edit sshd_configure

PermitRootLogin no

MaxAuthTries 2

PermitEmptyPasswords no

PasswordAuthentication yes

UsePAM yes

2. edit /etc/hosts.deny

ALL: {IP from fuck damn China}

sshd: {IP from fuck damn China}

The IP can check from http://www.ipdeny.com/ipblocks/

3. apply pam

auth required pam_stack.so service=system-auth

auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/sshd_user_deny_list onerr=succeed

account required pam_nologin.so

account required pam_stack.so service=system-auth

password required pam_stack.so service=system-auth

session required pam_stack.so service=system-auth

session required pam_loginuid.so

Touch directories recursively

Some linux or unix workstation may clean your files that you do work for a long after a period.

But sometime some file we do not expect the system to clean like as file of lib.

The solution is write a script to touch them.

Actually, "touch" can not touch recursively in linux system.

However, I find a solution in web. could solve this problem.

find ~/lib -exec touch {} \;

2010/7/22

PC-clusters on Fedora 13 by using MPICH2

Recently, Due to some reason, I have to wake up my memory on setting pc-clusters on redhat long time age and then doing it again on Fedora 13.

PC-cluster:
NFS + NIS + (SSH or RSH) + intel compiler + MPICH2

1. update your system
* Set up your network to make it work well
* yum update OR yum upgrade
* Shut down the firewall and SELinux
=>System => Administration => Firewall=> disable
=>System => Administration => SELinux management => disable
=> vim /etc/selinux/config => SELINUX=disabled
=> vim /boot/grub/menu.lst => add "selinux=0" in back of kernel
* Shut down the service you do not need because we don't have firewall
=> sendmail, iptables, ip6tables, httpd, cup and etc.

2. hosts
* The inner computer must can be checked each others
=> 192.168.10.1 n1
=> 192.168.10.2 n2
=> 127.0.0.1 n1 localhost
* This is very important step. If you have the message as using mpd later like that
=> conn error in connect_rhs: Connection refused
(connect_rhs 979): failed to connect to rhs at 127.0.0.1 48503
(enter_ring 886): rhs connect failed
failed to enter ring
* This due to the n2 always connect to itself as checking the hosts file
* You have to change the localhost to the last line, and put 192.168.10.2 n2 in first line

3. NFS
rpm: nfs , nfs-utils, rpcbind (before fedora 7 is portmap)
on n1
* I want to share the /home and /opt to n2
* vim /etc/exports
=> /home 192.168.10.0/24(rw,async,no_root_squash)
=> /opt 192.168.10.0/24(ro,async)
* restart the nfs and rpcbind
* observe whether it work
=> check /var/log/messages
=> showmount -e n1
=> netstat -utln
=> rpcinfo -p n1
On n2
* restart rpcbind
* Can it find the n1 share
=> showmount -e n1
* Mount n1 share to n2
=> mount -t nfs n1:/home /home
=> mount -t nfs n1:/opt /opt
* edit the /etc/fstab
=> n1:/home /home nfs defaults 1 2
=> n1:/opt /opt nfs async,auto,ro,exec,nouser

4. NIS
rpm: yp-tools,ypbind,ypserv,rpcbind
on n1 (NIS server):
**set nis domainname
=>nisdomainname aaa

=>vim /etc/rc.d/rc.local

=>/bin/nisdomainname aaa

=> add "NISDOMAIN=vbirdnis" in /etc/sysconfig/network

**edit main configure file

=>vim /etc/ypserv.conf

127.0.0.0/255.255.255.0 : * : * : none

192.168.10.0/255.255.255.0 : * : * : none

* : * : * : deny

**edit the trust group

=>touch /etc/netgroup

**restart the service: rpcbind, ypserv, yppasswdd

**set the user and password to database for ypserver

=>/usr/lib/yp/ypinit -m

***If the error message says miss some file, just touch it

=>touch /etc/aliases

=>/usr/lib/yp/ypinit -m

**restart the service: rpcbind, ypserv, yppasswdd

on n2 (NIS client):

rpm: ypbind, yp-tools

**set nis domainname as same as n1 server
=>nisdomainname aaa

=>vim /etc/rc.d/rc.local

=>/bin/nisdomainname aaa

=> add "NISDOMAIN=vbirdnis" in /etc/sysconfig/network

**change user and password in authentication

=>vim /etc/nsswitch.conf

passwd: files nis

shadow: files nis

group: files nis

hosts: files nis dns

**edit authconfig

=>vi /etc/sysconfig/authconfig

USENIS=yes <- change no to yes

**edit pam

=>vi /etc/pam.d/system-auth

"password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow"

change to

"password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis"

**set which server to look up

=>vi /etc/yp.conf

domain aaa

server n1

**restart ypbind and rpcbind

**test

=>yptest

5. SSH

rpm: sshd

server: n2

client: n1

**Actually, n1 and n2 always turn on ssh server as the operating system installing

**restart sshd

**no password log in n2 (MPICH2 user-manual suggest)

on n1 (client):

=>ssh-keygen -t rsa

=>cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

on n2 (server):

**switch on sshd to RSA Authentication

=>vim /etc/ssh/sshd_config

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile .ssh/authorized_keys

**restart sshd

6. intel compiler

7.MPICH

To be continued

2010/7/4

Linux Code Editor, programming editor, Syntax Highlight

* cooledit

It's my preferred edit. I like it's style, background color, fonts. However, It only support by Mandriva not work for other linux-like OS.

* SciTE

SCIntilla &SciTE

SciTE is a SCIntilla based Text Editor. Originally built to demonstrate Scintilla, it has grown to be a generally useful editor with facilities for building and running programs. It is best used for jobs with simple configurations - I use it for building test and demonstration programs as well as SciTE and Scintilla, themselves.

*Bluefish

Bluefish is a powerful editor targeted towards programmers and webdesigners, with many options to write websites, scripts and programming code. Bluefish supports many programming and markup languages, and it focuses on editing dynamic and interactive websites. See features for an extensive overview, take a look at the screenshots, or download it right away. Bluefish is an open source development project, released under the GNU GPL licence.

Bluefish: Home

* Scribes

Scribes: Home

2010/6/22

Usage of sed II: insert a line into files

You can insert a new line before the pattern with the "i" command:

insert "testtest" into 100 line in a.txt

sed -i '100i testtest' a.txt

Append a line with 'a'

The "a" command appends a line after the range or pattern. This example will add a line after every line with "WORD:"

exchange insert 'i' to 'a'

insert "testtest" into 100 line in a.txt, you can also rewrite with a in

sed -i '99a testtest' a.txt

To fin any number in file, and then replace to "asdf"

sed -n '/EXPORTFNAME/s/[0-9][0-9]*/asdf/p' FILE

2010/5/7

VirtualBox on Mandriva 2010

Due to playing game, I need to set up a virtual windows XP.

The virtualbox is a good choice.

1. urpmf --name virtualbox (root)

To find the package you want to install

suggestion: virtualbox, dkms-virtualbox, dkms, virtualbox-guest-additions

2. urpmi dkms; urpmi virtualbox, urpmi dkms-virtualbox, urpmi virtualbox-guest-additions

3. run virtualbox from menu: Toos-> Emulator -> VirtualBox OSE (normal user)

4. install win XP

5. This step is very important.

As win XP installing down, please press right-ctrl to out of virtualbox.

Press device, then choose install Guest Addition to make sure having VGA driver, DirectX

6. reboot XP

7. Down

reference:

http://forum.sabayonlinux.org/viewtopic.php?f=5&t=8280

http://wiki.mandriva.com/en/2010.0_RC_1

2010/5/6

Using VNC to login from other OS to linux

1. install tightvnc-server

type as root "urpmi tightvnc-server"

2. install vncviewer

type as root "urpmi tightvnc"

3. Edit the file /etc/sysconfig/vncservers and add a line like this: Code:

VNCSERVERS="1:yourusername"

4. Logged in as yourself

type "vncserver :1 -geometry 1024x768 -depth 24" to start vncserver

set password as logging "'vncpasswd"

kill vncserver please type "vncserver -kill :1"

5. Create the file .wmrc in your home directory and add a single line with either KDE or GNOME

vi .wmrc => KDE

Note:

a) If you log as root, then command as "vncserver :1 .........". The external logged user will log as root

b) When you log form other machine, the command like IP:1 (port please refer to ~/.vnc/*:1.log)

reference:

English=>

http://www.aerospacesoftware.com/vnc-howto.html

http://wiki.linuxquestions.org/wiki/VNC

Han's character =>

http://jimmy.med93.org/debian/TightVNC_遠端桌面

http://linux.vbird.org/linux_server/0310telnetssh.php#vnc

http://www.l-penguin.idv.tw/article/vnc_server.htm

http://horse.nchc.org.tw/IPv6/VNC

2010/4/7

Content Management System

content management system (CMS) enables you to build Web sites and powerful online applications.
A content management system is software that keeps track of every piece of content on your Web site, much like your local public library keeps track of books and stores them. Content can be simple text, photos, music, video, documents, or just about anything you can think of. A major advantage of using a CMS is that it requires almost no technical skill or knowledge to manage. Since the CMS manages all your content, you don't have to.

More popular CMSs are on http://php.opensourcecms.com/
For example: