I just can’t remember these commands
mysql> create database mydb;
mysql> create user newuser@'192.168.1.2' identified by '-Pas$w0rd-';mysql> grant all privileges on mydb.* to newuser@'192.168.1.2';mysql> flush privileges How to chkconfig (OpenKM JBOSS init script)
It needs some steps to integrate OpenKM properly. Therefore, you basically need to engineer your start script yourself. The following notes should help to get JBOSS up quickly.
1) create a new user
# useradd jboss 2) copy script
# cp JBOSS_HOME/bin/jboss_init_redhat.sh /etc/init.d/jboss 3) add chkconfig properties to init file
# chkconfig: 345 65 35
# description: JBOSS AS init script
# pidfile: /var/run/jboss.pid4) adjust all other variables in the init file header
5) add script to chkconfig
# chkconfig --add jboss6) set jboss to be started at level 3
# chkconfig jboss --level 3 on 7) start now (# service jboss start)
Configuring alternatives in CentOS (e.g. Oracle Java SE)
The installation of Oracle Java SE (JDK) on some Linux distribution is still a fight. Probably the most staright forward way on Cent OS is downloading and installing the most current self-exctracting archive (.bin) and installing it to /opt.
Finally, ensure the Oracle Java SE binary ist called instead of the GNU ones.
#alternatives --install /usr/bin/java java /opt/jdk1.6.025/bin/java
#alternatives --config java
There are 2 programs which provide 'java'.
Selection Command
------------------------------------------------
*+ 1 /usr/lib/jvm/jre-1.4.2-gcj/bin/java
2 /opt/jdk1.6.025/bin/java
Enter to keep the current selection[+], or type selection number: 2
Forward mails to specific servers (Postfix transport)
I was struggling to efficiently forward the OpenVZ hosts local e-mails to an private VE (MTA) since that system is bound to an IP address from a private range (192.168.x.x). Basically, I just wanted to have all mail for example.com to be routed to that “internal” mail server. In the end, postfix manuals led me to a simple solution. Thus, add the following lines to the postfix configuration files.
/etc/postfix/main.cf
transport_maps = hash:/etc/postfix/transport
/etc/postfix/transport
example.com smtp:192.168.1.1
To make sure your changes are being applied, run the following commands
# postmap /etc/postfix/transport
# postfix reload
The above lines cause postfix to forward mail targeting example.com to the MTA with IP 192.168.1.1. Make sure, the recipient mail server does accept incoming connections (I had to adjust the postgrey whitelist)
Toolchain for ARM Cortex M3 on Ubuntu 10.04
This tutorial is based on a German article. Please note, that I had to install various packages on my Ubuntu workstation.
sudo apt-get install texi2html make-doc texinfo bison flex byacc libgmpada1-dev gnat-4.4 gnat-4.4-base libgmpada1 libgnat-4.4 libgnatprj4.4 libgnatvsn4.4 sudo apt-get install libmpfr-dev libmpc-dev libgmp3-dev libgmpxx4ldbl libmpc2
Get the latest binutils (password is anoncvs)
cd ~/repo/binutils
cvs -z 9 -d :pserver:anoncvs@sourceware.org:/cvs/src login
cvs -z 9 -d :pserver:anoncvs@sourceware.org:/cvs/src co binutils
Compile binutils
cd ~/repo/binutils/src
./configure --prefix=/usr/local/toolchain --target=arm-elf
make all
sudo make install
I ran into some errors “XY has changed since the previous run:” and was not able to fix it. Neither make clean nor make distclean were of any help. However, a clean checkout from the CVS did the trick. Looks like the Makefile is broken.
Get the latest gcc from the repository
cd ~/repo/gcc
svn checkout svn://gcc.gnu.org/svn/gcc/trunk
Get the latest newlib (password is anoncvs)
cd ~/repo/newlib
cvs -z 9 -d :pserver:anoncvs@sources.redhat.com:/cvs/src login
cvs -z 9 -d :pserver:anoncvs@sources.redhat.com:/cvs/src co newlib
Lets’ compile a bootstrap gcc. Please mind, we actually do not compile gcc within the src or trunk folder. It does not seem to like it.
cd ~/repo/gcc/trunk
ln -s ~/repo/newlib/src/newlib newlib
ln -s ~/repo/newlib/src/libgloss libgloss
mkdir -p ~/repo/gcc/build
cd ~/repo/gcc/build
../trunk/configure --target=arm-elf --enable-languages=c --disable-nls --disable-shared --disable-threads --with-newlib --prefix=/usr/local/toolchain --with-gnu-as --with-gnu-ld --disable-multilib --disable-libssp --disable-libmudflap --disable-libgomp --with-dwarf2 --with-newlib -v --disable-werror --with-cpu=cortex-m3 --with-tune=cortex-m3 --with-mode=thumb --enable-target-optspace --with-float=soft --enable-languages=c,c++ --without-headers --with-local-prefix=/usr/local/toolchain/arm-elf
make all-gcc
Go get a coffe… it will take some time. Afterwards, install gcc within the toolchain folder.
sudo make install-gcc
export PATH=$PATH:/usr/local/toolchain/bin
gcc-arm-elf --version
You hopefully got the version displayed. Let’s compile newlib
cd ~/repo/newlib/src
./configure --with-newlib --disable-newlib-io-float --disable-newlib-supplied-syscalls --prefix=/usr/local/toolchain --target=arm-elf
make all
sudo PATH=$PATH:/usr/local/toolchain/bin make install
Finally go back to gcc and continue make
cd ~/repo/gcc/build
make all
sudo make install
I ran into troubles during “make all”. The gcc trunk does have an issue with lib1funcs.asm which breaks the build process. However, the mail archive on gcc and the gcc bugzilla led me to the right patch
http://www.mail-archive.com/gcc-bugs@gcc.gnu.org/msg288759.html
http://gcc.gnu.org/bugzilla/attachment.cgi?id=21475&action=view
Hope, this would be of help for some other embedded freaks
A resume issue is chasing me since I upgraded to Ubuntu 10.04
The machine is not properly resuming since I upgraded to Ubuntu 10.04. Folks seem to have the same issue but it always takes me an hour to get the right fix from the Ubuntu forums. Therfore, my personal entry.
It looks like the new kernels have an issue with old Radeon or ATI graphics cards such as those built into the IBM Thinkpad R50 or R51. However, adding a simple “nomodeset” to /boot/grub/menu.lst does the trick.
title Ubuntu 10.04.1 LTS, kernel 2.6.32-25-generic root (hd0,0)
kernel /boot/vmlinuz-2.6.32-25-generic ... nomodeset
initrd /boot/initrd.img-2.6.32-25-generic quiet
Backup VE in OpenVZ on CentOS
Unfortunately, the CentOS 5.5 final release and repositories do not support vzdump out of the box. However, some research and hints in other blogs finally led me to a running solutions.
wget http://download.openvz.org/contrib/utils/vzdump/vzdump-1.2-4.noarch.rpm
wget http://dag.wieers.com/rpm/packages/cstream/cstream-2.7.4-3.el4.rf.x8664.rpm
wget http://dag.wieers.com/rpm/packages/perl-LockFile-Simple/perl-LockFile-Simple-0.206-1.el5.rf.noarch.rpm
rpm -i cstream-2.7.4-3.el4.rf.x8664.rpm
rpm -i perl-LockFile-Simple-0.206-1.el5.rf.noarch.rpm
rpm -i vzdump-1.2-4.noarch.rpm
export PERL5LIB=/usr/share/perl5/
That’s it.
vzdump --suspend --compress --all --mailto cybr@haite.ch
INFO: Starting Backup of VM 103 (openvz)
INFO: CTID 103 exist mounted running
INFO: status = CTID 103 exist mounted running
INFO: backup mode: suspend
INFO: bandwidth limit: 10240 KB/s
INFO: starting first sync /vz/private/103/ to /vz/dump/vzdump-openvz-103-20100906-211257.tmp
...
Convert a bunch of wav files into mp3 format
Use the following statement to convert a bunch of waveform audio format (wav) files within a folder into mp3 format. The script is based on the well known lame mp3 encoder.
bash# for line in $(ls .wav | perl -pe 's/(.).wav/$1/'); \
do lame -b 192 -h $line.wav $line.mp3 ; done;
Set timezone in Arch Linux
The following steps are required to set the timezone in Arch Linux
Adjust /etc/rc.conf
HARDWARECLOCK="UTC"
TIMEZONE="Europe/Zurich"
Export TZ local variable
# export TZ=:/usr/share/zoneinfo/Europe/Zurich
Check timzone
# date
Tue May 24 11:13:55 CEST 2011
OpenCMS OAMP Comments Module 1.0.0 XSS
####################################################################### # COMPASS SECURITY ADVISORY http://www.csnc.ch/ ####################################################################### # # CVE ID : CVE-2009-4505 # Product: OpenCMS OAMP Comments Module 1.0.0 # Vendor: Open Source, Alkacon GmbH (Cologne, Germany) # Subject: Cross-site scripting (XSS) # Risk: High # Effect: Remotely exploitable # Author: Cyrill Brunschwiler (cyrill.brunschwiler@csnc.ch) # Date: December 24th 2009 # ####################################################################### Introduction: ------------- Cyrill Brunschwiler of Compass Security discovered a web application security flaw in the OpenCMS OAMP comments module. Vulnerable: ----------- OAMP comments module version 1.0.0 Patches: -------- Get the latest version from the opencms cvs at http://cvs.opencms.org/ Fix: ---- All output must be encoded using HTML entities. For that purpose the escapeXml attribute must not being set false on all c:out tags. Moreover, all fmt:param outputs must be encoded as well. Example: Alternatively one could use the OWASP ESAPI (Enterprise Security API) to encode all output. For more details on the OWASP ESAPI consult the google code repository and see http://www.owasp.org/index.php/ESAPI Example: String clean = ESAPI.encoder().encodeForHTML(maliciousInput); Description: ------------ The OAMP comments module allows OpenCMS users to add comments to pages. However, the comment module reflects unfiltered user input. Following that, attackers could injected HTML code and JavaScript code which gets executed within all visitors web browsers. Exploiting the vulnerability will lead to so-called cross-site scripting (XSS) and allows the impersonation of logged-in OpenCMS web and workplace users. Attackers could also embbed arbitrary content such as faked login forms or redirect OpenCMS users to malware pages. Milestones: ----------- December 24th 2009, Vulnerability discovered January 6th 2010, Vendor notified March 13rd 2010, Fixed in CVS (m.jaeger) References: ----------- OpenCMS - http://www.opencms.org/en/ OpenCms from Alkacon Software is a professional, easy to use website content management system. OpenCms helps content managers worldwide to create and maintain beautiful websites fast and efficiently. OpenCMS OAMP Modules - http://www.alkacon.com/en/products/oamp/index.html The Alkacon OpenCms Add-On Module Package (also called OAMP) is a set of free, open source extension modules for OpenCms. Alkacon OAMP adds front- end related features to OpenCms that may be useful in case special functionalities are required. XSS - http://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page.
