Thursday, November 12, 2015

[Linux] - tar and exclude certain files or folder

We have below table structure and we want to exclude certain folder(s) before we tar the file. Follow these steps:

  • demo
    • contents
    • videos
    • folder_a
    • folder_b
    • folder_c
    • file_a.php
    • file_b.php

Let say we want to exclude contents and videos folder. So the command would be like this:
tar -czf demo.tar.gz demo/ --exclude='videos' --exclude='contents'

Wednesday, September 9, 2015

Jasig CAS with LDAP

In this tutorial, we used Linux Centos 6 as our operating system. Below is the items required:
  • CAS server (you can download it from here - https://www.apereo.org/projects/cas/download-cas). But in this tutorial, we're using cas server version 3.5.2
  • Maven (for build CAS Server)
  • Tomcat (we used apache-tomcat-7.0.42)
* In this tutorial, we assumed that LDAP has been installed on your server. We are not going cover anything about LDAP here.
* One more thing, please make sure maven has been setup on your local machine.This will be used for build the CAS Server (See here for tutorial: http://thisismynota.blogspot.com/2014/02/install-maven-on-centos-65.html)

Steps:

  1. Download the CAS Server and extract it.
  2. Go to the extracted file using command line (Console) and edit file pom.xml
    cd cas-­server-­3.5.2/cas­-server­-webapp
    vi pom.xml


  3. Now add the following lines before </dependencies> tag
    <dependency>
    <groupid>org.jasig.cas</groupid>
    <artifactid>cas-­server­-support­-ldap</artifactid>
    <version>3.5.2</version>
    </dependency>


  4. Next, build the CAS Server
    cd cas-server-­3.5.2/cas­-server­-webapp
    mvn install package

    * wait until you see BUILD SUCCESSFUL


  5. Next, copy cas.war file on cas-server-3.5.2/cas-server-webapp/target folder and paste into tomcat webapps folder and start the tomcat server
    cp cas-server-3.5.2/cas-server-webapp/target/cas.war /apache-tomcat-7.0.42/webapps
    ./apache-tomcat-7.0.42/bin/startup.sh


  6. After startup complete, down the tomcat We need to edit deployerConfigContext.xml file
    ./apache-tomcat-7.0.42/bin/shutdown.sh
    vi /apache-tomcat-7.0.42/webapps/cas/WEB-INF/deployerConfigContext.xml


  7. Find the <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> words and comment it. Add BindLdapAuthenticationHandler tag under the commented line. You'll have something like below:
    <!­­--bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswo rdAuthenticationHandler" / --­­>
    <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" p:filter="cn=%u" p:searchBase="ou=user,dc=example,dc=com,dc=my" p:contextSource­ref="contextSource" />

    * note that, in this example the CAS will authenticate using cn (common name). If you like to using another options of authentication e.g mail or etc, change the red coloured text as per your environment configuration.


  8. On the same file (deployerConfigContext.xml), put the following lines before</beans> tag. (Again, please change all the red coloured text as per your environment configuration):
    <bean id="contextSource"
    class="org.springframework.ldap.core.support.LdapContextSource">
      <!­­ DO NOT enable JNDI pooling for context sources that perform LDAP bind operations. ­­>
      <property name="pooled" value="false"/>
    <!­­-- Although multiple URLs may defined, it's strongly recommended to avoid this configuration since the implementation attempts hosts in sequence and requires a connection timeout prior to attempting the next host, which incurs unacceptable latency on node failure. A proper HA setup for LDAP directories should use a single virtual host that maps to
    multiple real hosts using a hardware load balancer. -->
      <property name="url" value="ldap://your_ldap_server_address:389" />

      <!­­-- Manager credentials are only required if your directory does not support anonymous searches. Never provide these credentials for FastBindLdapAuthenticationHandler since the user's credentials are used for the bind operation. -->
      <property name="userDn" value="cn=Manager,dc=example,dc=com,dc=my"/>
      <property name="password" value="your_ldap_manager_password"/>

      <!­­-- Place JNDI environment properties here. ­­-->
      <property name="baseEnvironmentProperties">
        <map>
          <!--­­ Three seconds is an eternity to users. --­­>
          <entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />
          <entry key="com.sun.jndi.ldap.read.timeout" value="3000" />
    <!­­-- Explained at http://download.oracle.com/javase/1.3/docs/api/javax/naming/Context.html#SECURITY_AUTHENTICATION ­­-->
          <entry key="java.naming.security.authentication" value="simple" />
        </map>
      </property>
    </bean>


  9. In order tomake CAS work properly, we must enable SSL on tomcat. In this example we used self-signed certificate to make the CAS Server running on SSL protocol. Generate self-signed certificate.
    keytool ­-genkey ­-alias sso -­keyalg RSA -­keysize 2048 -­keystore sso.jks

    Enable SSL on tomcat
    vi /apache-tomcat-7.0.42/conf/server.xml

    <!­­-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 ­­-->
    <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="1000"
    minSpareThreads="25" protocol="HTTP/1.1" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/sso.jks"
    keystorePass="changeit" />
     
  10. Start the tomcat and access your CAS Server using https://localhost:8443

Monday, September 7, 2015

How to - Secure Socket Layer (SSL) Certificate for Apache Tomcat

  1. Create Certificate Signing Request (CSR)

    a) Create a keystore file :
    keytool -genkey -alias the_alias_name -keyalg RSA -keysize 2048 -keystore keystore_filename.jks

    b) Create CSR file (this file will be send to Certification Authority (CA) company e.g, digicert, entrust etc.) :
    keytool -certreq -alias the_alias_name -keystore keystore_filename.jks -file csr_file_name.csr

    * In this example, we used Entrust as CA company. You'll get 3 files from CA (Download from CA website). Those files are: root, chain, server certificate. Now, proceed to the below steps.

  2. Import the generated certificate into the keystore file

    a) Import root certificate :
    keytool -importcert -trustcacerts -file L1Croot.txt -keystore keystore_filename.jks -alias root

    b) Import chain certificate :
    keytool -importcert -trustcacerts -file L1Cchain.txt -keystore keystore_filename.jks -alias intermediateCA

    c) Import server certificate:
    keytool -importcert -trustcacerts -file entrustcert.crt -keystore keystore_filename.jks -alias the_alias_name
* Note: Please change the bold text with your own value

Bypass prompting username/password for OBIEE weblogic 11g

When starting/stopping the Managed Server or Admin Server (WebLogic), the user is prompted to enter username and password.


Both of these command will prompting the username and password.
./startManagedWebLogic.sh bi_server1 http://hostname:7001
./startWebLogic.sh


Instead, you can enable auto login using a boot identity file. A boot identity file contains user credentials for starting and stopping an instance of WebLogic  Server. An Administration Server can refer to this file for user credentials instead of prompting you to provide them. Because the credentials are encrypted, using a boot identity file is more secure than storing unencrypted credentials in a startup or shutdown script. If there is no boot identity file when
you start a server, the server instance prompts you to enter a username and password. The boot identity file can be different for each server instance in the domain.

To configure the boot.properties file for the Managed Server, perform the following steps:


Thursday, June 4, 2015

[MySQL] Show All Connections

Run this command:
show status like '%conn%';




* tips: add skip-name-resolve at my.cnf to speedup the database process

Monday, May 18, 2015

[Centos, Composer] Install Composer on Centos 6.6

Hello, today I would like to install composer on my Centos machine. Please go thru the steps to see how I manage to install it:


Thursday, May 14, 2015

[Centos] - Adding, Enabling and disabling repo in Centos

Adding repo

yum-config-manager --add-repo repository_url

* we also can add the repo by using rpm command. Here is the example.
Download the repo file. The repo file will be in .rpm, then install the repo files using this command:

rpm -ivh the_repo_filename.rpm

*The repo file will be installed at /etc/yum.repos.d


Disabling repo

yum-config-manager --disable repo_name

Enabling repo

yum-config-manager --enable repo_name

[Centos] How to install Broadcom BCM43142 wifi driver on Centos 6.6

Last night, I just installed Centos 6.6 on my Dell Inspirion 15R 5520. Everything works fine except the wireless device. So here is the steps:

Step 1

[root@blackhat /]# yum groupinstall "Development Tools" 

Step 2

[root@blackhat /]# yum install gcc* compact-* install kernel-devel-$(uname -r) kernel-headers redhat-lsb kernel-abi-whitelists
 

Step 3 : create new directory

[root@blackhat /]# mkdir bcm43142 
[root@blackhat /]# cd bcm43142 

Step 4 : Download the driver from Broadcom official website (https://www.broadcom.com/support/802.11/linux_sta.php) and untar the file


32 bit driver
wget https://www.broadcom.com/docs/linux_sta/hybrid-v35-nodebug-pcoem-6_30_223_248.tar.gz

64 bit driver
[root@blackhat bcm43142]# wget https://www.broadcom.com/docs/linux_sta/hybrid-v35_64-nodebug-pcoem-6_30_223_248.tar.gz

Untar the downloaded file
[root@blackhat bcm43142]# tar -xzvf hybrid-v35_64-nodebug-pcoem-6_30_223_248.tar.gz
 

Step 5 : Build the driver

[root@blackhat bcm43142]# make

* When the build completes, it will produce a wl.ko file in the top level directory.

Step 6 : Insmod the driver

[root@blackhat bcm43142]# modprobe lib80211
[root@blackhat bcm43142]# modprobe cfg80211
[root@blackhat bcm43142]# insmod wl.ko

Step 7 : load the wireless device at boot time

[root@blackhat bcm43142]# cp wl.ko /lib/modules/`uname -r`/kernel/drivers/net/wireless 
[root@blackhat bcm43142]# depmod -a

That's it, hope it'll help others

REFERENCE
https://www.broadcom.com/docs/linux_sta/README_6.30.223.248.txt

Sunday, February 1, 2015

[Centos] SDHC MMC slot not working on Centos 6

1) Enable ElRepo on your centos. Import the public key:     
    rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

2) Then install ElRepo:
    rpm -Uvh http://www.elrepo.org/elrepo-release-6-6.el6.elrepo.noarch.rpm 

    * see this (http://elrepo.org/tiki/tiki-index.php)  for more information

3) Then run below command:
    yum install kmod-rts5139

4) Reboot and you're done.

Hope this'll help. 

Sunday, January 25, 2015

[Linux] Install Apache 2.4.10 from source package

Requirements:
  1. Centos (any version, but in this case we use 6.3)
  2. APR
  3. APR-UTIL
  4. PCRE
  5. Apache 2.4.10 tarball

1) Create new folder:
       mkdir /etc/httpd-2.4.10

2) Then, install APR:
   download APR from https://apr.apache.org/download.cgi (* in this case we use apr-1.5.1)
   after download, untar the apr-<version>.tar.gz

  •     tar -xzvf apr-<version>.tar.gz <enter>
  •     cd apr-<version> <enter>
  •     ./configure --prefix=/etc/httpd-2.4.10/dep/apr <enter>
  •     make; make install <enter>

3) Install apr-util:
   download apr-util from https://apr.apache.org/download.cgi (* in this case we use apr-util-1.5.4)
   untar the apr-util-<version>.tar.gz

  •     tar -xzvf apr-util-<version>.tar.gz <enter>
  •     cd apr-util-<version> <enter>
  •     ./configure --prefix=/etc/httpd-2.4.10/dep/apr-util --with-apr=/etc/httpd-2.4.10/dep/apr <enter>
  •     make; make install <enter>

4) Install pcre:
   download pcre from http://www.pcre.org/ (* in this case we use pcre-8.36)
   untar the pcre-<version>.tar.gz

  •     tar -xzvf pcre-<version>.tar.gz <enter>
  •     cd pcre-<version> <enter>
  •     ./configure --prefix=/etc/httpd-2.4.10/dep/pcre --enable-utf8 --enable-unicode-properties <enter>
  •     make; make install <enter>

5) Now install httpd-2.4.10:
   download httpd from http://www.apache.org/dyn/closer.cgi
   untar the httpd-2.4.10.tar.gz

  •     tar -xzvf httpd-2.4.10.tar.gz <enter>
  •     cd httpd-2.4.10 <enter>
  •     ./configure --prefix=/etc/httpd-2.4.10 --enable-mods-shared="all" --enable-so --with-apr=/etc/httpd-2.4.10/dep/apr --with-apr-util=/etc/httpd-2.4.10/dep/apr-util --with-pcre=/etc/httpd-2.4.10/dep/pcre --enable-ssl <enter> (* ./configure --help   to see the option)
  •     make; make install <enter>

TQVM
MJMZ